Core Tip: The following procedure describes the time in JAVA in comparison, to obtain the time difference. For example, if you want to implement a function, can be submitted within 30 minutes, not more than 30 minutes after the submission. Then: calculate the time difference ** / SimpleDateFormat sdf = new SimpleDateFormat ('yyyy-MM-dd HH: mm: ss'); S. ..
The following procedure describes the time in JAVA in comparison, to obtain the time difference. For example, if you want to implement a function, can be submitted within 30 minutes, not more than 30 minutes after the submission. Then:
Calculate the time difference ** /
SimpleDateFormat sdf = new SimpleDateFormat ("yyyy-MM-dd HH: mm: ss");
String systemTime = sdf. Format (new Date ()). ToString ();
To the time of the interception time format string into a string ** /
Date begin = sdf.parse (2008-03-28 11:55:30);
Date end = sdf.parse (systemTime);
long between = (end.getTime ()-begin.getTime ()) / 1000; / / divide by 1000 to convert seconds
long day = between / (24 * 3600);
long hour = between% (24 * 3600) / 3600;
long minute = between% 3600/60;
long second = between% 60/60;
if ((hour == 0) & & (day == 0) & & (minute <= 30)) {/****/}
For example: It is now 2004-03-26 13:31:40
Past :2004-01-02 11:30:24
I now get two dates is poor, poor form: XX XX days XX hours XX minutes seconds
Method One:
DateFormat df = new SimpleDateFormat ("yyyy-MM-dd HH: mm: ss");
try
{
Date d1 = df.parse ("2004-03-26 13:31:40");
Date d2 = df.parse ("2004-01-02 11:30:24");
long diff = d1.getTime () - d2.getTime ();
long days = diff / (1000 * 60 * 60 * 24);
}
catch (Exception e)
{
}
Method Two:
SimpleDateFormat df = new SimpleDateFormat ("yyyy-MM-dd HH: mm: ss");
java.util.Date now = df.parse ("2004-03-26 13:31:40");
java.util.Date date = df.parse ("2004-01-02 11:30:24");
long l = now.getTime ()-date.getTime ();
long day = l / (24 * 60 * 60 * 1000);
long hour = (l / (60 * 60 * 1000)-day * 24);
long min = ((l / (60 * 1000))-day * 24 * 60-hour * 60);
long s = (l/1000-day * 24 * 60 * 60-hour * 60 * 60-min * 60);
System.out.println ("" + day + "days" + hour + "hours" + min + "minutes" + s + "seconds");
Method three:
SimpleDateFormat dfs = new SimpleDateFormat ("yyyy-MM-dd HH: mm: ss");
java.util.Date begin = dfs.parse ("2004-01-02 11:30:24");
java.util.Date end = dfs.parse ("2004-03-26 13:31:40");
long between = (end.getTime ()-begin.getTime ()) / 1000; / / divide by 1000 to convert seconds
long day1 = between / (24 * 3600);
long hour1 = between% (24 * 3600) / 3600;
long minute1 = between% 3600/60;
long second1 = between% 60/60;
System.out.println ("" + day1 + "days" + hour1 + "hours" + minute1 + "sub" + second1 + "seconds");
I am here out of a mistake, not the number of days to double check that the format of time
Here dateA, dateB format with the same yyyy-MM-dd! Remember!
/ **
* Based on the two dates, the number of days apart to obtain
* Method Name:
* @ Param dateA
* @ Param dateB
* @ Return
* /
public static int getBetweenDayNumber (String dateA, String dateB) {
long dayNumber = 0;
long DAY = 24L * 60L * 60L * 1000L;
SimpleDateFormat df = new SimpleDateFormat ("yyyy-MM-dd");
try {
java.util.Date d1 = df.parse (dateA);
java.util.Date d2 = df.parse (dateB);
dayNumber = (d2.getTime () - d1.getTime ()) / DAY;
} Catch (Exception e) {
e.printStackTrace ();
}
return (int) dayNumber;
}
Monday, November 1, 2010
Featured email transfer class for PHP
PHPMailer is a PHP useful to send the message class. It supports the use smtp server to send mail, also supports Sendmail, qmail, Postfix, Imail, Exchange, Mercury, Courier and other mail servers. If the server also supports SMTP authentication, multiple SMTP to send (but not quite sure what's the use.) Mail may include multiple TO, CC, BCC and REPLY-TO, supports both text and HTML mail format, you can wrap in support of attachments and images in various formats, custom e-mail first class basic mail functions. Because only contains a PHP mail function, so PHPMailer is greatly enhanced its is believed that meet the needs of many people, huh, huh.Which mainly include two types of documents: send mail function used to implement the class.phpmailer.php and smtp implementation class.smtp.php. Then there can achieve a variety of error output file, and a very detailed document. Software released under the LGPL agreement.
Is also very simple to use, see the following example to understand:
require ("class.phpmailer.php");
$ Mail = new PHPMailer ();
$ Mail-> IsSMTP (); / / send via SMTP
$ Mail-> Host = "smtp1.site.com; smtp2.site.com"; / / SMTP servers
$ Mail-> SMTPAuth = true; / / turn on SMTP authentication
$ Mail-> Username = "jswan"; / / SMTP username
$ Mail-> PassWord = "secret"; / / SMTP password
'Www.knowsky.com
$ Mail-> From = "from@email.com";
$ Mail-> FromName = "Mailer";
$ Mail-> AddAddress ("josh@site.com", "Josh Adams");
$ Mail-> AddAddress ("ellen@site.com"); / / optional name
$ Mail-> AddReplyTo ("info@site.com", "Information");
$ Mail-> Host = "smtp1.site.com; smtp2.site.com"; / / SMTP servers
$ Mail-> SMTPAuth = true; / / turn on SMTP authentication
$ Mail-> Username = "jswan"; / / SMTP username
$ Mail-> PassWord = "secret"; / / SMTP password
'Www.knowsky.com
$ Mail-> From = "from@email.com";
$ Mail-> FromName = "Mailer";
$ Mail-> AddAddress ("josh@site.com", "Josh Adams");
$ Mail-> AddAddress ("ellen@site.com"); / / optional name
$ Mail-> AddReplyTo ("info@site.com", "Information");
$ Mail-> WordWrap = 50; / / set word wrap
$ Mail-> AddAttachment ("/ var / tmp / file.tar.gz"); / / attachment
$ Mail-> AddAttachment ("/ tmp / image.jpg", "new.jpg");
$ Mail-> IsHTML (true); / / send as HTML
$ Mail-> AddAttachment ("/ var / tmp / file.tar.gz"); / / attachment
$ Mail-> AddAttachment ("/ tmp / image.jpg", "new.jpg");
$ Mail-> IsHTML (true); / / send as HTML
$ Mail-> Subject = "Here is the subject";
$ Mail-> Body = "This is the HTML body ";
$ Mail-> AltBody = "This is the text-only body";
$ Mail-> Body = "This is the HTML body ";
$ Mail-> AltBody = "This is the text-only body";
if (! $ mail-> Send ())
{
echo "Message was not sent ";
echo "Mailer Error:". $ mail-> ErrorInfo;
exit;
}
{
echo "Message was not sent ";
echo "Mailer Error:". $ mail-> ErrorInfo;
exit;
}
echo "Message has been sent";
See PHPMailer homepage: http://phpmailer.sourceforge.net/
The practical application of program resources, ASP.NET application security model visit
The second Internet Guide: Framework, generally did not result from the logical framework is divided into that layer, business logic and data visiting layer; client process to visit the actual use of resources, their authentication and authorization is bound to span multiple levels. This article discuss the practical application of procedures SP.NET application resources application security model visit 2. Resources WEB visiting the practical application of identification procedures of foreign assistance to the client's typical resources include: Web server resources, such as Web pages, Web services, and static resources (static Web pages and images). Database resources, such as the text for ...: Summary: This paper describes. NET WEB application of the practical application of procedures for application of the model species, compare their advantages and disadvantages of proposed selection mechanism.
KEYexpress: the trusted security model sub-model to imitate / ASP.NET application sub-model commissioned by the practical application of WEB application
1. Introduction
ASP.NET WEB Application Application is the practical application of procedures are usually multi-system framework, the general did not result from the logical framework is divided into that layer, business logic and data visiting layer; client process to visit the actual use of resources, their authentication and authorization necessarily span multiple levels. This article discuss the practical application of procedures SP.NET application application security model resource visit
2. Resources visiting logo
WEB practical use of foreign assistance program to the client's typical resources include:
Web resources such as Web pages, Web services, and static resources (static web pages and images).
Resources, such as the data for each user or the practical application of program-level data.
Internet resources, such as remote document resource.
Resources, such as, the event log and configuration documentation.
Resources, such as the data for each user or the practical application of program-level data.
Internet resources, such as remote document resource.
Resources, such as, the event log and configuration documentation.
The practical application of procedures across the client layer to visit this part of the resources, to have a logo through all layers. That the identity of visitors to resources, including:
Original identity of the caller identity of the caller is the original and subsequent access through each layer.
Process of identification of local resources is the application of visits and calls the downstream stop the current process ID. The feasibility of this approach relies on to cross the border, as the process identity must be the purpose of system identification. This needs to stop calling the following two methods:
Process of identification of local resources is the application of visits and calls the downstream stop the current process ID. The feasibility of this approach relies on to cross the border, as the process identity must be the purpose of system identification. This needs to stop calling the following two methods:
Interface with one win in the security domain
Cross-win interface security domain - application and domain trust accounts, or there is no link to the application of trust duplicate user name and password.
This method applies a service account the (fixed) service account. For example, the database's visit, the service account is estimated that by connecting to the database components that a regular SQL database user name and password.
When the demand for fixed win the interface ID should be the actual application of Enterprise Services server application program.
Custom logo does not win the interface when the account is available, the application did not score there Iprincipal and Iidentity construct their own identity, no results contain detailed information about the security context.
This method applies a service account the (fixed) service account. For example, the database's visit, the service account is estimated that by connecting to the database components that a regular SQL database user name and password.
When the demand for fixed win the interface ID should be the actual application of Enterprise Services server application program.
Custom logo does not win the interface when the account is available, the application did not score there Iprincipal and Iidentity construct their own identity, no results contain detailed information about the security context.
3. Resource visiting model
3.1 The trusted subsystem model
Figure 1 shows, in this model, the original caller's security context does not flow through the operating system level services, but application service layer in the middle of a fixed identity to visiting the downstream services and resources. Trusted subsystem model gets its name from the fact that a: the downstream services (estimated to be a database) Trust upstream services that allow the caller to stop authorization. The example in Figure 1, the database layer on the caller trust the authority to stop and allow only authorized caller ID visit the database of trusted applications.
3.1.1 Resource visiting model
In the trusted subsystem model, the resource visit the following pattern:
Authentication of users to stop the user mapping for the role authorization based on role membership to contact to stop applying a fixed trusted identity downstream resources visit
3.1.2 fixed identity
Together resources for visiting the control device downstream system of fixed identity, no results application process identity, application did not score a pre-set win interface account - service account to help. For the SQL database server resource control device, which means win on the SQL database server interface authentication.
Usually used when the application process ASP.NET application identity application process identity (ASPNET account for tacit knowledge). The actual practical application, we often need to change the ASPNET account to a more secure password, and the SQL database server MIRROR create an ASP.NET application with the account application process that matches the account interface on the match win. Specific tips are as follows:
Edit in% windr% / Microsoft.NET application application / Framework/v1.1.4322/CONFIG Machine.config under the list of documents, will element to reconfigure the password attribute, its default value to ; or through ASPNET_setreg.exe props, the user name and password saved to the registry, configure the following: < !-enable = "true" UserName = "Registry: HKLM / SOFTWARE / YourAPP / processsModel / ASPNET_SETREG, userName" passexpress = "Registry: HKLM / SOFTWARE / YourAPP / processsModel / ASPNET_SETREG, passexpress" ->
Another part of the application of the practical application of procedures specified SQL database account (char string in the connection name and password specified by the user) to visit SQL database server. In this case, the database must be configured for SQL database authentication. Saved in the configuration file needs the connection string encryption char.
3.2 Imitation / delegation model
Shown in Figure 2, the application copy / delegation model, a service or component (usually located in the business service layer logic) in the visit prior to the next downstream services, the application operating system copy function to mimic the client identity. If the service is on the same computer, the application of imitation is sufficient, if the downstream service is located on a remote computer applications also demand commission, the security context of the downstream resource is visiting the client's context.
3.3 Select resources to visit Model
Trial of two resources, such as visiting the model shown in Table I.
Trusted subsystem model to imitate / delegation model
The upper back-end services, trust audit function, if the infringement of the middle layer, the back-end resources vulnerable. Back-end service performance for each caller did not stop the authentication, authorization, security is good.
Scalability to support connection pooling, better scalability. Does not support connection pooling, scalability poor.
Control of the back-end ACL ACL configuration for a single entity to stop, control workers less.Each user must be granted the appropriate visit level, back-end resources and the number of users increases, the control of workers cumbersome.
Difficulties do not delegate the performance. Demand for commission. Most of the security services to help does not support delegates.
In most practical use of Internet programs and the practical application of a large intranet application process will be trusted subsystem model, mainly because this model can support scalability. Imitation / delegation model for small systems tend to. For this part of the practical application of procedures, scalability is not that the main planning factors, the main factor is the audit plan.
. Net engineers must understand the 20 question
The second Internet Guide: is overloaded? CTS, CLS and CLR, respectively, be interpreted?4. List know about your performance and the practical application of XML types and reference types 5.value the difference? Write a C # sample source code. 6.ADO.net in which everyday objects? Describe, respectively. 7. How to understand the commission? 8.C # interfaces and classes in what similarities and differences. 9 .. net in which classes are used to read and write database needs? Their connections and TCP connection function 10.UDP the similarities and differences. Body:
Want to become. Net engineer? Consider the following 20 questions you can answer how much road?
1. OO What are the main ideas?
2. What is. Net user control in the
3. What is the actual use of application domain? What is regulated? What is a strong category?What is boxing and unboxing? What is overloading? CTS, CLS and CLR, respectively, be interpreted?
4. List know about your performance and the practical application of XML
5.value categories and reference category is the difference? Write a C # sample source code.
6.ADO.net in which everyday objects? Describe, respectively.
7. How to understand the commission?
8.C # interfaces and classes in what similarities and differences.
9 .. net which classes are used in reading and writing needs? Their function
10.UDP connections and similarities and differences between TCP connections.
11.ASP.net authentication methods are there? What were thinking?
12. Processes and threads, respectively, how to understand?
13. What is the code-Behind performance.
14. Gathering the list of features.
15 .. net class to read and write XML, which all belong to the namespace?
16. Explain UDDI, WSDL meaning and function.
17. What is SOAP, what practical use.
18. How to deploy one ASP.netPAGE.
19. How to understand. Net recovery mechanism in the Junk.
20. Everyday tips for calling webservice What?
. Net environment based on the MVC Ajax solution
Introduction to the second Internet: cript extraordinary understanding, at least, its web development javascript web development appear competent enough to return to the contents of the PAGE of callbehind updates, so there is certainty DEV threshold increases when the Ajax-based mechanism to stop when DEV , under the original method based on postbehind time, asp.net source code from the backend logic (Model), aspxPAGE (View), aspx.cs (Controller) MVC framework consisting of failure in fact, when callbehind return data, either in the client end web development web development using javascript to return the content to appear updated analysis, or server-side configuration is necessary ... in the body: 1, difficult background
Currently, more and more people start trying to stop non-Based Ajax refresh WebDEV, however,. Net environments, the actual use of Ajax is not easy as unusual, mainly estimated by the following part of the reason is due to:
• Since the Ajax web development javascript-based nature of web development, making the need for javascript DEV Zhe development Feibixunchang understanding of network development network, at least, the javascript development web development network appear on the callbehind competent enough to return to the contents of the PAGE updates, so the DEV's determine the degree of increase in the threshold there is
* Ajax-based mechanism to stop the DEV when when under the original method based on postbehind when, / 'target =' _blank 'class =' infotextkey '> asp. Net from the back-end logic (Model), aspxPAGE (View), aspx.cs ( Controller) MVC framework consisting of failure in fact, when callbehind return data, either in the client-side javascript web development web development by parsing the content returned by an update, or server-side structure is necessary to better compete in the complete source code for static pages, and then directly from the web development javascript web development constructed to a good set of static pages PAGE object, it is clear that as a result, there should be a function of the easiest callbehind, should a lot of source code, and is relatively random contest source code, even in the difficult coming asp.net2.0 still not been effectively resolved
2 The purpose of this
This paper aims to fully conducive to the existing asp.net ajax own characteristics and features, made for a stop under the asp.net ajax the webDEV the MVC-based solutions to the following main objectives:
· Asp.Net Ajax environment for a clear MVC architecture
Reduced everyone too much javascript coding web development web development to reduce dependence on the threshold of English
• Flexible support of the daily DEV ajax mode method
3, difficulty planning
How to appear above the main purpose?
1) To xmlhttprequest for a better package, so call the method is more simple;
2) Try to update the data in the server side to stop the construction, but also to avoid the hand each time to return data structure, therefore, to expect did not score the full application of UserControl, the UserControl as the "View", corresponding to the document as by the ascx.cs " Controller ", consisting of MVC is also a contest as a clear;
4, difficult to solve
Based on the above ideas, a person to the group following a class library to simplify the process:
Source Code Analysis:
1) First in the client side, AjaxHelper.js encapsulates the xmlhttprequest, and will be available to help a
Sequence into the form param1 = v1 ¶ m2 = v2 & ... form for the post of parameters;
Update r (ajaxTemplate, output, params, onComplete) parameters for the call once callbehind
ajaxTemplate (required): Specifies the path UserControl run demand function
output (optional): Fill the prescribed label to return the data reference or IDvalue
params (optional): form param1 = v1 ¶ m2 = v2 & ... the post parameters
onComplete (optional): returns the data can be used to stop the special treatment of the callback parameter, the parameter formatting function (str), str for the returned data
SerializeForm (form) parameters for the sequence of
form: no result is specified reference or IDvalue
2) In the server side, Ajax.aspx documentation package for the specified by the client ajaxTemplate UserControl call, the rest of the specific logic function in a particular UserControl and ascx.cs appeared in;
3) as a callbehind specific run, the English we simply PAGE reference AjaxHelper.js, and in the specified location through the web development web development javascript: Update r (ajaxTemplate, output, params, onComplete) to stop calling, if the demand Stop a form submission, you can call the javascript web development web development: SerializeForm (form) sequence of the form and pass params, of course, did not score manually constructed params, and returns the data specified by set output or through the practical application of the PAGE onComplete custom processing.
4) The full use of UserControl, means that the results did not make full use of existing side asp.net controls and data binding mechanisms, as a matter of fact, has largely simplified the return data structure, in ascx.cs, after Request.Form [ParamName] visit to the client side will be able to pass the params, then visit the logic source code for the source data.
Personal history tips: ASP.NET Applications 2.0 generics and anonymous tips
Introduction to the second Internet: s.Generic.Stack (statement source code) did not score the Stack class thought of as the process has the following schematic: Stack class indicative source: public class stack <> {T [] item; int count ; public void Push (T item) {} public T pop () {}} No results for the generic type parameter set three kinds of constraints: the derived constraints, structural parameter constraints, the reference / value type constraint Anonymous Tip: Almost Anonymous Tips ... Body:
Generic:
Generic Description: Generic class can actually be used, tricks, frameworks, interfaces, delegates and other design, and reusability, type and high efficiency is associated in a non-generic of the reach for the practical application of generic , required application class System.Collections.Generic.Stack. Such a statement as follows:
System.Collections.Generic.Stack (Declaration)
No results the Stack class thought of as the process has the following schematic:
Indicative of the source code of class Stack:
public class stack <>
{
T [] item;
int count;
public void Push (T item) {}
public T pop () {}
}
No results for the generic type parameter to set the constraints 3: derived constraints, structural parameter constraints, the reference / value type constraint
Anonymous tips:
Anonymous tips overview: In C # 1.x, the application support calls tricks of the delegate to occur event. Fu and tricks to help calculate commission to add or delete the purpose of tips, did not result in the whole. Net framework, widely used for events, callbacks, asynchronous calls, multithreading. However, in order to apply a commission, and sometimes can not not create a class or a trick, this approach is too cumbersome, and the habit of thinking with the DEV we do not match. For example, the following example arose from a box containing a list, document boxes, and buttons for simple input form. When you press the button, the document box of the document will be added to the list box. In C # 1.x, the application event mechanism entrusted to occur, the source code looks like
The emergence of application C # 1.x source code
class InputForm: From
{
ListBox listBox;
TextBox textBox;
Button addButton;
pulic MyForm ()
{
listBox = new ListBox ();
textBox = new TextBox ();
addButton = new Button ();
}
........
void AddClick (object sender, EventArgs e)
{
listBox.Items.Add (textBox.Text)
}
}
Anonymous tips allow one associated with the source code (usually tips entity) "embedded" into the application areas delegate, delegate and tricks entities that together
The emergence of anonymous tips application source code (no argument)
class InputForm: From
{
ListBox listBox;
TextBox textBox;
Button addButton;
pulic MyForm ()
{
listBox = new ListBox ();
textBox = new TextBox ();
addButton = new Button ();
addButton.Click + = delegate {listBox.Items.Add (textBox.Text);}
}
}
ASP in the database records the selection and filter out
The second Internet Guide: Class records, or that they expect to apply some "query interface" to create and run queries, SQL databases without having direct application. This article demonstrates the use of ASP performance filter out the records to establish the interface to select a trick. Although the discussion of the settlement where the trick is quite simple, but the application did not result in similar performance of complex queries of any WebPAGE help do the job. Solution for any tips before coding, you should fully understand and record the end-user needs. For this example, the user requires the ability to use the specified types of tricks to get the specified name ... Body:
First, note
Most end users of their Web solutions require some kind of report can help do the job.Application of static Web pages and, no result is very simple to help record and are listed in the table one by one view of their competence. However, users often require that after a drop-down list box (or other selection method) to select a specific category of records, or that they expect to apply some "query interface" to create and run queries, SQL databases without having direct application. This article demonstrates the use of ASP performance filter out the records to establish the interface to select a trick. Although the discussion of the settlement where the trick is quite simple, but the application did not result in similar performance of complex queries of any WebPAGE help do the job.
Solution for any tips before coding, you should fully understand and record the end-user needs. For this example, the user requires the ability to use the specified class name specified in the table to get the hang of a group of records, he had not the type of results did not select all results select a specific category. That feature is there, we apply a the "recursive" ASPPAGE, it has helped select the form contains the category from the list, according to the data extraction form to send the results of the record set, the result will be recorded in the form of table appears to facilitate the user to look.
Second, the structure required to filter out
For the practical application of such a database should first understand the database table involved in the necessary framework and connect to the database connection parameters. Tips connection parameters specified in Microsoft's ASP online documentation has a very detailed description, the paper will not repeat them. In this case to use two tables for the: Document_Category, it contains for the user to select a category name Category_Name; Documents, which contains the names corresponding to other data types, fields, including Category_Name, File_Name, Comments, Date_Submitted and so on.
Select the category list in the form table from the category of Category_Name Document_Category field, constructed type drop-down list box below, please note that there use to VBScript ADO contains documentation:
<%
ConnString = "DSN = LocalUpload;"
Set conn = server. CreateObject ("ADODB.Connection")
conn.Open ConnString,,, adOpenForwardOnly
Set rs = SERVER.CreateObject ("ADODB.Recordset")
'First get used to populate the drop-down list box the type of record
'Set the SQL database statement
database strSQL = "SELECT * FROM Document_Category ORDER BY category_title"
database rs.Open strSQL, conn, adOpenStatic
%>
Most end users of their Web solutions require some kind of report can help do the job.Application of static Web pages and, no result is very simple to help record and are listed in the table one by one view of their competence. However, users often require that after a drop-down list box (or other selection method) to select a specific category of records, or that they expect to apply some "query interface" to create and run queries, SQL databases without having direct application. This article demonstrates the use of ASP performance filter out the records to establish the interface to select a trick. Although the discussion of the settlement where the trick is quite simple, but the application did not result in similar performance of complex queries of any WebPAGE help do the job.
Solution for any tips before coding, you should fully understand and record the end-user needs. For this example, the user requires the ability to use the specified class name specified in the table to get the hang of a group of records, he had not the type of results did not select all results select a specific category. That feature is there, we apply a the "recursive" ASPPAGE, it has helped select the form contains the category from the list, according to the data extraction form to send the results of the record set, the result will be recorded in the form of table appears to facilitate the user to look.
Second, the structure required to filter out
For the practical application of such a database should first understand the database table involved in the necessary framework and connect to the database connection parameters. Tips connection parameters specified in Microsoft's ASP online documentation has a very detailed description, the paper will not repeat them. In this case to use two tables for the: Document_Category, it contains for the user to select a category name Category_Name; Documents, which contains the names corresponding to other data types, fields, including Category_Name, File_Name, Comments, Date_Submitted and so on.
Select the category list in the form table from the category of Category_Name Document_Category field, constructed type drop-down list box below, please note that there use to VBScript ADO contains documentation:
<%
ConnString = "DSN = LocalUpload;"
Set conn = server. CreateObject ("ADODB.Connection")
conn.Open ConnString,,, adOpenForwardOnly
Set rs = SERVER.CreateObject ("ADODB.Recordset")
'First get used to populate the drop-down list box the type of record
'Set the SQL database statement
database strSQL = "SELECT * FROM Document_Category ORDER BY category_title"
database rs.Open strSQL, conn, adOpenStatic
%>
Foreign Language Internet ASP tips to prevent Internet hackers
The second Internet Guide: not estimated immediately win your site. As ASP's easy to use, more and more applications are Internet daemon ASP scripting language. However, the ASP security vulnerabilities inherent part of, a little carelessness will give hackers an opportunity to help. In fact, security is not only a network thing, in English you must also pay attention to details in some of the security, to develop good safety habits, or will own a huge Internet security risks. Currently, most of the ASP program on the Internet so that security holes are, but if programming time to note that the words, but also ... the text:
Prevention tips: check carefully before uploading process, delete unnecessary documents. BAK suffix of the document to be especially careful.
How better to prevent hacker attacks, personal mention independent individual opinion! NO · 1, non-profit, non-profit program can not really use, since you do not have results to share the original code, the attacker did not score the same plan. If attention to prevention in the details, so your site to greatly increase the resistance. Injection SQL database even if there is a kind of vulnerability, the attacker does not win you estimate the site immediately. Because of the easy to use, more and more applications are Internet daemon ASP scripting language. However, the ASP security vulnerabilities inherent part of, a little carelessness will give hackers an opportunity to help. In fact, security is not only a network thing, we must also pay attention to details in some of the security, to develop good safety habits, or will own a huge Internet security risks.Currently, most of the ASP program on the Internet so that security holes are, but if a little programming time to pay attention to the words, but that did not result to avoid.
1, the user name and password is compromised
Attack Thought: the user name and password, hackers are often most interested in the items, if in some way be seen pouring through the code, the consequences are significant.
Prevention tips: involving the user name and password the best package at the end of the procedure, as little as possible appear in the ASP documentation involved with the connected user name and password should be given minimal privileges. Many occurrences of a user name and password did not result in a position to write contest include hidden document. If involved with the database connection, under ideal conditions it is only the permissions to run the stored procedure, do not directly given to the user to correct, insert, delete records of the authority.
2, authentication is bypassed
Attack ideas: the current needs of the ASP program validated mostly in the head plus a judge PAGE statement, but not enough, there are estimated to be hackers to bypass the authentication directly into.
Prevention tips: demand proven ASPPAGE, can track the PAGE on a document name, and only come in from the previous dialogue turn PAGE to read the PAGE.
3, inc disclosure documents and difficult
Attack idea: when there is production of ASP's home page and do not stop before the final testing completed, no additional results are some of the mobile object for the Search. If this time was using Search engines look for this part of the stop, the document will be on the grade, and can view the database in place and the details of the framework, and to reveal the full stream of the code.
Prevention tips: programmers should be published in the website thoroughly before it is to stop debugging; security experts reinforced the need for external users ASP document can not see them. First. Inc encrypted document content to stop, then did not score applications. Documents instead. Inc document should be directly from the browser the user can view the document stream of code. inc document the default document name can not be applied or have special meaning easy to guess the name of the user, no rules apply as far as possible in English letters.
4, the automatic backup is downloaded
Attack idea: In some props editing ASP program, when the ASP to create or correct a document, Editor automatically creates a backup of documents, such as: UltraEdit will backup one. Bak document, as you create or corrected some. asp, Editor will automatically generate a document called some.asp.bak, if you do not delete the bak document, the attacker did not score a direct download some.asp.bak document, as some.asp the source will be downloaded.
Prevention tips: check carefully before uploading process, delete unnecessary documents. BAK suffix of the document to be especially careful.
5, a special char
Attack ideas: the input box is a hacker using the purpose of their No results through the input script language such as damage to the user client; if that involves data query input box, they will use a special query and get more database data, or even the entire table. Therefore necessary to filter out the input box to stop. However, if only in order to increase efficiency and legitimacy of the client stop the importation of inspection, there are estimated to be bypassed.
Prevention tips: dealing with a similar message boards, BBS, etc. in the input box of the ASP program, the best block out static pages, javaScript, VBScript statements, as no special requirements, not performance limited only enter letters and numbers, masked special char. At the same time the length of the input char stop control. And not only the legality of the client stop the importation of inspections at the process on the server side to stop a similar examination.
6, Database Download Vulnerability
Attack thoughts: In with the Access database to do the background, if someone through a variety of tips to understand or guess the server's Access database path and database name, then he can download the Access database, document, which is unusual dangerous.
Prevention tips:
(1) the name of your database documentation for unusual from a complex regulation of the name, and put it under layers of the list. The so-called "extraordinary rules", so to speak, for example there is a database to save information about books, can not give it a "book.mdb" name, but to play a strange name, such as d34ksfslf.mdb, and put it on as ./kdslf/i44/studi / the layers list, so after a hacker in order to guess the way to get your Access database document to more difficult.
(2) The database name can not be written in the program. Some people like to write the DSN in the program, such as:
DBPath = server. MapPath ("cmddb.mdb")
conn.Open "driver = {Microsoft Access Driver (*. mdb)}; dbq =" & DBPath
conn.Open "driver = {Microsoft Access Driver (*. mdb)}; dbq =" & DBPath
If in case people got the source, the name of your Access database to a glance. Therefore, in the opinion set your ODBC data source, and then write in the program as:
conn.open "webjxcom"
(3) Application Access to the database document coding and encryption. First, the "props → Security → Encryption / decryption database", select the database (such as: employer.mdb), and then click OK, then there will be "encrypted database, Save As" window can be saved as: "employer1.mdb" .
It should be noted that the above action does not set a password as the database, but only on the database to be encoded document, the purpose is to prevent other applications other props to view the content of the document database.
Then we as database encryption, encoding the first open after the employer1.mdb, when opened, select the "monopoly" approach. Then select the menu "prop → Security → Set Database Password", then enter the password. That even if the others were employer1.mdb documents without a password can see he is employer1.mdb content.
7, injection attacks against remote
Such attacks in the past should be the battle against the daily knowledge of methods, such as POST attack, the attacker did not score easily change the data value has to be submitted to attack purposes. Another example: COOKIES forgery, was the fuse that more value writers, or the attention, do not apply COOKIES method for the user authentication, or you and the thief left the keys to the same reason.
For example:
If trim (Request. cookies ("utitle "))=" fqy" and Request.cookies ("upwd") = "fqy # e3i5.com" then
... ... .. Abundance ... ... ...
End if
... ... .. Abundance ... ... ...
End if
I think you like the Internet regulators to write the program or do not make such mistakes buddy, really is unforgivable. Forged COOKIES are more young people, and you also used to blame other people like to run your password. Involves to the user's password or user login, you best use it is the most secure session. If you want to apply COOKIES COOKIES in your message on one more, SessionID, which is 64-bit random value, we must guess solution It is not estimated. Example:
if not (rs.BOF or rs.eof) then
login = "true"
Session ("usertitle" & sessionID) = Usertitle
Session ("passexpress" & sessionID) = Passexpress
'Response.cookies ("usertitle") = Usertitle
'Response.cookies ("Passexpress") = Passexpress
login = "true"
Session ("usertitle" & sessionID) = Usertitle
Session ("passexpress" & sessionID) = Passexpress
'Response.cookies ("usertitle") = Usertitle
'Response.cookies ("Passexpress") = Passexpress
Here we talk about how to prevent remote injection attacks, attacks are usually single table to submit documents to the local drag, the Form ACTION = "chk.asp" to point to your server documentation to process the data. If all your data filter out pages in a single table, then congratulations, you will have been scripting attack.
How can stop that kind of long-range attack? Easy to handle, see the source code is as follows: The body of (9)
<%
server_v1 = Cstr (Request. Server Variables ("HTTP_REFERER"))
server_v2 = Cstr (Request. Server Variables ("SERVER_NAME"))
if mid (server_v1, 8, len (server_v2)) <> server_v2 then
response.record "
"
response.record ""
response.record "the wrong path you submit, submitted against the data from an external site, please change the parameters can not be chaos!"
response.record ""
response.end
end if
%>
'Feeling independent individual filter out the source code above is not as good, some of the external submission and she was upright in, then write one.
'That is to filter out good results, opinions applications.
if instr (request.servervariables ("http_referer "),"")) <1 then response.record" server error when processing URL.
If you are using any means to attack a server, you should be glad, for your server, all operations have been recorded, we will NO · 1 notice to the Public Security Bureau and the English department to check your IP. "
response.end
end if
server_v1 = Cstr (Request. Server Variables ("HTTP_REFERER"))
server_v2 = Cstr (Request. Server Variables ("SERVER_NAME"))
if mid (server_v1, 8, len (server_v2)) <> server_v2 then
response.record "
response.record ""
response.record "the wrong path you submit, submitted against the data from an external site, please change the parameters can not be chaos!"
response.record ""
response.end
end if
%>
'Feeling independent individual filter out the source code above is not as good, some of the external submission and she was upright in, then write one.
'That is to filter out good results, opinions applications.
if instr (request.servervariables ("http_referer "),"")) <1 then response.record" server error when processing URL.
If you are using any means to attack a server, you should be glad, for your server, all operations have been recorded, we will NO · 1 notice to the Public Security Bureau and the English department to check your IP. "
response.end
end if
Subscribe to:
Posts (Atom)