毕业设计文献翻译-Web安全性

附录Ⅱ 文献翻译

Ⅰ 英文原文

Basic Security Practices for Web Applications

Even if you have limited experience with and knowledge of application security, there are basic

measures that you should take to help protect your Web applications. The following sections in

this topic provide minimum-security guidelines that apply to all Web applications.General Web

Application Security Recommendations;Run Applications with Minimum Privileges ;Know Your

Users; Guard Against Malicious User Input;Access Databases Securely;Create Safe Error

physically secure so that unauthorized users cannot gain access to it, turn it off, physically steal it,

and so on.Use the Windows NTFS file system, not FAT32. NTFS offers substantially more

security than FAT32. Protect the Web server and all of the computers on the same network with

strong passwords.Follow best practices for securing Internet Information Services (IIS). Close any

unused ports and turn off unused services.Run a virus checker that monitors site traffic.Use a

firewall.Learn about and install the latest security updates from Microsoft and other vendors.Use

Windows event logging and examine the logs frequently for suspicious activity. This includes

repeated attempts to log on to your system and excessive requests against your Web server.

2. Run Applications with Minimum Privileges

When your application runs, it runs within a context that has specific privileges on the local

set files to be read-only. For a list of the minimum ACL permissions required for the identity of

your ASP.NET application, see ASP.NET Required Access Control Lists (ACLs).Keep files for

your Web application in a folder below the application root. Do not allow users the option of