没有合适的资源?快使用搜索试试~ 我知道了~
毕业设计文献翻译-Web安全性
需积分: 3 16 下载量 82 浏览量
2010-06-21
09:57:13
上传
评论
收藏 47KB DOC 举报
温馨提示
试读
7页
针对Web应用程序安全性、ASP.NET服务器安全性等分析,来源于MSDN,内容不错
资源推荐
资源详情
资源评论
附录Ⅱ 文献翻译
Ⅰ 英文原文
Basic Security Practices for Web Applications
Even if you have limited experience with and knowledge of application security, there are basic
measures that you should take to help protect your Web applications. The following sections in
this topic provide minimum-security guidelines that apply to all Web applications.General Web
Application Security Recommendations;Run Applications with Minimum Privileges ;Know Your
Users; Guard Against Malicious User Input;Access Databases Securely;Create Safe Error
Messages;Keep Sensitive Information Safely;Use Cookies Securely;Guard Against Denial-of-
Service Threats.
1. General Web Application Security Recommendations
Even the most elaborate application security can fail if a malicious user can use simple ways to
gain access to your computers. General Web application security recommendations include the
following: Back up data often and keep your backups physically secure.Keep your Web server
physically secure so that unauthorized users cannot gain access to it, turn it off, physically steal it,
and so on.Use the Windows NTFS file system, not FAT32. NTFS offers substantially more
security than FAT32. Protect the Web server and all of the computers on the same network with
strong passwords.Follow best practices for securing Internet Information Services (IIS). Close any
unused ports and turn off unused services.Run a virus checker that monitors site traffic.Use a
firewall.Learn about and install the latest security updates from Microsoft and other vendors.Use
Windows event logging and examine the logs frequently for suspicious activity. This includes
repeated attempts to log on to your system and excessive requests against your Web server.
2. Run Applications with Minimum Privileges
When your application runs, it runs within a context that has specific privileges on the local
computer and potentially on remote computers. For information about configuring application
identity, see Configuring ASP.NET Process Identity.To run with the minimum number of
privileges needed, follow these guidelines: Do not run your application with the identity of a
system user (administrator).Run the application in the context of a user with the minimum
practical privileges. Set permissions (ACLs, or Access Control Lists) on all the resources required
for your application. Use the most restrictive setting. For example, if practical in your application,
set files to be read-only. For a list of the minimum ACL permissions required for the identity of
your ASP.NET application, see ASP.NET Required Access Control Lists (ACLs).Keep files for
your Web application in a folder below the application root. Do not allow users the option of
资源评论
普通网友
- 粉丝: 2
- 资源: 6
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功