Thu, 12 Feb 2009 16:34:00 GMTCode Life--Joy Codehttp://blog.csdn.net/applelure/写给那些ASP.NET程序员:网站中的安全问题http://blog.csdn.net/applelure/archive/2009/02/12/3882429.aspxhttp://blog.csdn.net/applelure/comments/3882429.aspx0http://blog.csdn.net/applelure/comments/commentRss/3882429.aspxhttp://tb.blog.csdn.net/TrackBack.aspx?PostId=3882429在网络经常看到网站被挂马、主页被修改的新闻,其实这些问题可能是多方面的,服务器,网站程序等等。。。但是现在溢出已经被人们重视和服务器的不断完善,服务器系统漏洞也不是那么容易发掘,当然也要保证第三方的软件安全。做项目也有一段时间了。在程序中也遇到很多安全方面的问题。也该总结一下了。这个项目是一个CMS系统。系统是用ASP.NET做的。开发的时候发现微软做了很多安全措施,只是有些新手程序员不知道怎么开启。下面我通过几个方面简单介绍:1:SQL 注入2:XSS3:CSRF4:文件上传1:SQL 注入引起原因:其实现在很多网站中都存在这种问题。就是程序中直接进行SQL语句拼接。可能有些读者不太明白。下面通过一个登录时对用户验证来说明:code: 验证时的sql语句: select * from where user='"+txtUsername.Text+"' and pwd='"+txtPwd.Text+"'这是一段从数据库中查询用户,对用户名,密码验证。看上去好象没有什么问题,但是实际这里面浅藏着问题,用户名:admin <img src ="http://blog.csdn.net/applelure/aggbug/3882429.aspx" width = "1" height = "1" />Fri, 13 Feb 2009 00:34:00 +0800applelurehttp://blog.csdn.net/applelure/archive/2009/02/12/3882429.aspx#Feedbackhttp://blog.csdn.net/applelure/archive/2009/02/12/3882429.aspxapplelurehttp://blog.csdn.net/applelure/archive/2009/02/12/3882429.aspxhttp://blog.csdn.net/applelure/rss.aspxcsdn.net/applelure/~1332844/206299043/1337546男人应该知道的.http://blog.csdn.net/applelure/archive/2007/10/18/1831420.aspxhttp://blog.csdn.net/applelure/comments/1831420.aspx0http://blog.csdn.net/applelure/comments/commentRss/1831420.aspxhttp://tb.blog.csdn.net/TrackBack.aspx?PostId=1831420男人应该知道的.<img src ="http://blog.csdn.net/applelure/aggbug/1831420.aspx" width = "1" height = "1" />Fri, 19 Oct 2007 01:27:00 +0800applelurehttp://blog.csdn.net/applelure/archive/2007/10/18/1831420.aspx#Feedbackhttp://blog.csdn.net/applelure/archive/2007/10/18/1831420.aspxapplelurehttp://blog.csdn.net/applelure/archive/2007/10/18/1831420.aspxhttp://blog.csdn.net/applelure/rss.aspxcsdn.net/applelure/~1332844/206299044/1337546Google body(谷歌人体探索),让我们更了解自己http://blog.csdn.net/applelure/archive/2007/10/09/1817497.aspxhttp://blog.csdn.net/applelure/comments/1817497.aspx0http://blog.csdn.net/applelure/comments/commentRss/1817497.aspxhttp://tb.blog.csdn.net/TrackBack.aspx?PostId=1817497谷歌人体探索<img src ="http://blog.csdn.net/applelure/aggbug/1817497.aspx" width = "1" height = "1" />Wed, 10 Oct 2007 06:16:00 +0800applelurehttp://blog.csdn.net/applelure/archive/2007/10/09/1817497.aspx#Feedbackhttp://blog.csdn.net/applelure/archive/2007/10/09/1817497.aspxapplelurehttp://blog.csdn.net/applelure/archive/2007/10/09/1817497.aspxhttp://blog.csdn.net/applelure/rss.aspxcsdn.net/applelure/~1332844/206299045/1337546Visual Studio 2008 Shell(翻译)http://blog.csdn.net/applelure/archive/2007/08/26/1759907.aspxhttp://blog.csdn.net/applelure/comments/1759907.aspx0http://blog.csdn.net/applelure/comments/commentRss/1759907.aspxhttp://tb.blog.csdn.net/TrackBack.aspx?PostId=1759907Visual Studio 2008 Shell(翻译)<img src ="http://blog.csdn.net/applelure/aggbug/1759907.aspx" width = "1" height = "1" />Mon, 27 Aug 2007 06:49:00 +0800applelurehttp://blog.csdn.net/applelure/archive/2007/08/26/1759907.aspx#Feedbackhttp://blog.csdn.net/applelure/archive/2007/08/26/1759907.aspxapplelurehttp://blog.csdn.net/applelure/archive/2007/08/26/1759907.aspxhttp://blog.csdn.net/applelure/rss.aspxcsdn.net/applelure/~1332844/206299046/1337546利用Excel剿灭DLL木马http://blog.csdn.net/applelure/archive/2007/08/26/1759775.aspxhttp://blog.csdn.net/applelure/comments/1759775.aspx0http://blog.csdn.net/applelure/comments/commentRss/1759775.aspxhttp://tb.blog.csdn.net/TrackBack.aspx?PostId=1759775利用Excel剿灭DLL木马 (来自:Ruery's Blog)<img src ="http://blog.csdn.net/applelure/aggbug/1759775.aspx" width = "1" height = "1" />Mon, 27 Aug 2007 04:39:00 +0800applelurehttp://blog.csdn.net/applelure/archive/2007/08/26/1759775.aspx#Feedbackhttp://blog.csdn.net/applelure/archive/2007/08/26/1759775.aspxapplelurehttp://blog.csdn.net/applelure/archive/2007/08/26/1759775.aspxhttp://blog.csdn.net/applelure/rss.aspxcsdn.net/applelure/~1332844/206299047/1337546三层交换机与路由器区别http://blog.csdn.net/applelure/archive/2007/08/18/1749952.aspxhttp://blog.csdn.net/applelure/comments/1749952.aspx0http://blog.csdn.net/applelure/comments/commentRss/1749952.aspxhttp://tb.blog.csdn.net/TrackBack.aspx?PostId=1749952三层交换机与路由器区别<img src ="http://blog.csdn.net/applelure/aggbug/1749952.aspx" width = "1" height = "1" />Sun, 19 Aug 2007 05:16:00 +0800applelurehttp://blog.csdn.net/applelure/archive/2007/08/18/1749952.aspx#Feedbackhttp://blog.csdn.net/applelure/archive/2007/08/18/1749952.aspxapplelurehttp://blog.csdn.net/applelure/archive/2007/08/18/1749952.aspxhttp://blog.csdn.net/applelure/rss.aspxcsdn.net/applelure/~1332844/206299048/1337546这里有关于VS 2008一些介绍http://blog.csdn.net/applelure/archive/2007/08/18/1749940.aspxhttp://blog.csdn.net/applelure/comments/1749940.aspx0http://blog.csdn.net/applelure/comments/commentRss/1749940.aspxhttp://tb.blog.csdn.net/TrackBack.aspx?PostId=1749940这里有关于VS 2008一些介绍<img src ="http://blog.csdn.net/applelure/aggbug/1749940.aspx" width = "1" height = "1" />Sun, 19 Aug 2007 04:55:00 +0800applelurehttp://blog.csdn.net/applelure/archive/2007/08/18/1749940.aspx#Feedbackhttp://blog.csdn.net/applelure/archive/2007/08/18/1749940.aspxapplelurehttp://blog.csdn.net/applelure/archive/2007/08/18/1749940.aspxhttp://blog.csdn.net/applelure/rss.aspxcsdn.net/applelure/~1332844/206299049/1337546Visual Studio 2008 Express Developer 下载http://blog.csdn.net/applelure/archive/2007/08/18/1749933.aspxhttp://blog.csdn.net/applelure/comments/1749933.aspx0http://blog.csdn.net/applelure/comments/commentRss/1749933.aspxhttp://tb.blog.csdn.net/TrackBack.aspx?PostId=1749933Visual Studio 2008 Express<img src ="http://blog.csdn.net/applelure/aggbug/1749933.aspx" width = "1" height = "1" />Sun, 19 Aug 2007 04:47:00 +0800applelurehttp://blog.csdn.net/applelure/archive/2007/08/18/1749933.aspx#Feedbackhttp://blog.csdn.net/applelure/archive/2007/08/18/1749933.aspxapplelurehttp://blog.csdn.net/applelure/archive/2007/08/18/1749933.aspxhttp://blog.csdn.net/applelure/rss.aspxcsdn.net/applelure/~1332844/206299050/1337546BHOhttp://blog.csdn.net/applelure/archive/2007/08/18/1749883.aspxhttp://blog.csdn.net/applelure/comments/1749883.aspx0http://blog.csdn.net/applelure/comments/commentRss/1749883.aspxhttp://tb.blog.csdn.net/TrackBack.aspx?PostId=1749883BHO<img src ="http://blog.csdn.net/applelure/aggbug/1749883.aspx" width = "1" height = "1" />Sun, 19 Aug 2007 03:31:00 +0800applelurehttp://blog.csdn.net/applelure/archive/2007/08/18/1749883.aspx#Feedbackhttp://blog.csdn.net/applelure/archive/2007/08/18/1749883.aspxapplelurehttp://blog.csdn.net/applelure/archive/2007/08/18/1749883.aspxhttp://blog.csdn.net/applelure/rss.aspxcsdn.net/applelure/~1332844/206299051/1337546DOS的攻击手法和解决办法(博客龙)http://blog.csdn.net/applelure/archive/2007/08/10/1737609.aspxhttp://blog.csdn.net/applelure/comments/1737609.aspx0http://blog.csdn.net/applelure/comments/commentRss/1737609.aspxhttp://tb.blog.csdn.net/TrackBack.aspx?PostId=1737609DOS的攻击手法和解决办法<img src ="http://blog.csdn.net/applelure/aggbug/1737609.aspx" width = "1" height = "1" />Sat, 11 Aug 2007 07:19:00 +0800applelurehttp://blog.csdn.net/applelure/archive/2007/08/10/1737609.aspx#Feedbackhttp://blog.csdn.net/applelure/archive/2007/08/10/1737609.aspxapplelurehttp://blog.csdn.net/applelure/archive/2007/08/10/1737609.aspxhttp://blog.csdn.net/applelure/rss.aspxcsdn.net/applelure/~1332844/206299052/1337546