(newbie)what do i need to know about ASP security

Results 1 to 2 of 2

Thread: (newbie)what do i need to know about ASP security

  1. #1
    Join Date
    Dec 1969

    Default (newbie)what do i need to know about ASP security

    hi everyone I&#039;m about to upload my ASP pages and database onto a Live web server ... could someone tell me what i need to know/ how do i implement security ( as the database will contain sensitive data).. do i use encyrption to encyrpt the database / ASP pages or are there other methods?<BR><BR>Cheers

  2. #2
    Join Date
    Dec 1969

    Default RE: (newbie)what do i need to know about ASP secur

    Some tips:<BR><BR>- Use SQL Server on NT.<BR>- Lockdown NT security following the microsoft guidelines<BR>- use strong passwords for NT and the sa SQL account, <BR>- if you use includes to store connection strings ensure they are .asp extention to hide passwords from users.<BR>- Install all the lastest services packs/hot fixes to SQL/IIS/NT.<BR>- Remove sample web sites/databases etc..<BR>- Run the IISLockD.exe (IIS Lockdown Tool) available from MS.<BR>- do not leave holes in your ASP app, i.e. don&#039;t pass SQL Strings in the querystring/forms.<BR>- Use NT Authentication (not clear text) for user logons on the web.<BR>- Use SSL connections to ensure data cannot be intercepted on the network.<BR><BR><BR>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts