site security is very important, if you need a license to access the content of your website, protect these contents is your responsibility, the safe use of database technology, the key to encrypt data, filter the user uploaded data is to ensure that the important way to website security. Site security follows the following rules:
uses secure database technology,
The current mainstream
database technology including MS SQL Server, Oracle IBM, DB2, MySQL, PostgreSQL, MySQL and PostgreSQL belong to the source database, the other three databases have different prices according to different license. Considering the safety, they are very safe database technology, need to pay attention to is that we do not recommend the use of Access, the first Access is a desktop database, is not suitable for may face massive access to corporate website, secondly, Access is a very insecure web database, if your database file to the Access path it is easy to be obtained, the database file download and see all the contents in the database, including the need to see the contents of authorization. If you choose Access because it’s free, you need to know that MSDE is free.
user password or other confidential data must be encrypted with mature encryption technology and then deposited in the database
used to store user passwords in clear text in the database, credit card numbers and other data is very dangerous, even if you are using a secure database technology, still have to be very careful, any confidential data should be encrypted, so that even if your database is compromised, the important confidential data is still safe.
password or other confidential data must be encrypted with mature encryption before passing the
through the form
if your site does not use HTTPS encryption technology, then all data between your web server and access clients are transmitted in plain text, these data easily in the routers and switches the position of the node is intercepted, if you are unable to deploy HTTPS, all confidential data encryption and then spread through the network is very effective the way of
password or other confidential data must be encrypted with mature encryption before it can be written to Cookie
many web sites write user account information to Cookie so that users can log in directly next time they visit. If user account information is written directly to Cookie without encryption, the data is easily accessible by looking at the Cookie file, especially if your user is sharing a computer with someone else.
for any data submitted by visitors, malicious code check