Website Security 网站安全(译自:《》)

翻译 2007年10月12日 15:09:00
----------------------- 页面 740----------------------- Page 705 Wednesday, December 21, 2005 9:06 PM
          P A R T               4
          ■ ■ ■
          Website Security
----------------------- 页面 741-----------------------      Page 706    Wednesday, December 21, 2005         9:06 PM
----------------------- 页面 742----------------------- Page 707 Wednesday, December 21, 2005 9:06 PM
          C H A P T E R       1 8
          ■ ■ ■
          Security Fundamentals
             By default your ASP.NET applications are available to any user who can connect to your server (whether it’s over a local network or the Internet). Although this is ideal for many web applications (and it suits the original spirit of the Internet), it isn’t always appropriate. For example, an e-commerce site needs to provide a secure shopping experience to win customers. A subscription-based site needs to limit content or site access to extract a fee. Even a wide-open public site may provide some resources or features (such as an administrative report or configuration page) that shouldn’t be available to all users.
             ASP.NET provides a multilayered security model that makes it easy to protect your web applications. Although this security is powerful and profoundly flexible, it can appear           somewhat confusing because of, in large part, the number of layers where security can be           applied. Much of the work in applying security to your application doesn’t come from           writing code but from determining the appropriate places to implement your strategy.              In this chapter, you’ll sort out the different security subsystems and consider how you           can use Windows, IIS, and ASP.NET services to protect your application. You’ll also look           at some examples that use ASP.NET forms-based security, which provides a quick and          easy model for adding a database-backed user authentication system.
                   ASP.NET提供一个多层安全模型可以很容易的保护你的网站项目。尽管这些安全是非常强大和灵活的,因为它看来容易混淆一些东西,在大的方面,安全可以应用到层的数量上。应用安全策略到你的项目不需要写代码而是设置适当的位置来完成你的策略。在这章里,你会挑选出不同的子系统和考虑怎样使用Windows,IIS,和ASP.NET 服务来保护你的项目。你也会看到一些使用了ASP.NET窗体安全验证的可以提供快速简洁模型来添加一个基于数据库的用户签别系统。
          Determining Security Requirements
          The first step in securing your applications is deciding where you need security and what it needs to protect. For example, you may need to block access in order to protect private information, or maybe you just need to enforce a subscription policy. Perhaps you don’t           need any sort of security at all, but you want a login system to provide personalization for           frequent visitors. These requirements will determine the approach you use.              Security doesn’t need to be complex, but it does need to be wide-ranging. For example,           even if you force users to log into a part of your site, you still need to make sure the infor-           mation is stored in the database under a secure account with a password that couldn’t           easily be guessed by a user on your local network. You also need to guarantee your appli-          cation can’t be tricked into sending private information (a possibility if the user modifies           a page or a query string to post back different information than you expect).


网站就像我们在线上开的店铺,不仅仅需要装修,还需要对店铺进行升级和安全维护,如果空间不给力,我们还需要学会怎么进行网站搬迁。 本套课程就是教会怎么进行网站备份,升级维护、安全搬家等操作。
  • 2017年01月24日 16:56

There is a problem with this website’s security certificate in IE

  • lwei_998
  • lwei_998
  • 2015-03-10 17:37:46
  • 2422

IE8与Visual Studio“打架” (Error: An add-on for this website failed to run.)

引用来自: 真佩服Microsoft,自家的產品竟然都會互相衝突? An add-...
  • stwstw0123
  • stwstw0123
  • 2011-08-31 12:16:03
  • 860


1.  XSS攻击(跨站脚本攻击)   通常主要表现为使用未经过校验的字符串,解析不安全的JSON数据等。   一般流程表现为通过客户端提交请求给服务器,请求参数中带有特殊构造的恶意参数(以下会举...
  • yaonianlong
  • yaonianlong
  • 2014-12-03 11:21:14
  • 569

Removing .DS_Store files on Macintosh OS

Issue Many users have experienced and been puzzled by the .DS_Store files, which exist on Macinto...
  • Koupoo
  • Koupoo
  • 2011-10-10 16:31:08
  • 595

《Spring Security 3》中文版 张卫滨译

  • 2012年04月25日 21:34
  • 6.52MB
  • 下载

【小QのSpringBoot-翻译】Spring Boot官方参考指南-第二部分 入门

译者注: 本文翻译自Spring Boot 1.4.2.RELEASE 官方参考指南,译者第一次尝试翻译技术文档,如有不当之处还请诸君多多斧正,谢谢!...
  • jianghai0297
  • jianghai0297
  • 2016-12-19 15:26:26
  • 415

教你9个提升 Wordpress 网站安全性的方法

教你9个提升 Wordpress 网站安全性的方法 以下是我所做的变更,用来提高我的 WordPress 网站安全性,纵使这样的意外可能再次发生。 #1 使...
  • zhihui1017
  • zhihui1017
  • 2017-03-15 16:32:12
  • 960

Acunetix Web Vulnerability Scanner

 网站漏洞扫描工具,需翻墙后方能下载。 14天测试版下载地址: Audit ...
  • xztjhs
  • xztjhs
  • 2015-05-02 21:08:18
  • 602


本系列文章译自Venkat Subramaniam的Functional Programming in Java 第二章:集合的使用 我们经常会用到各种集合,数字的,字符串的还有对象的。它们无...
  • spidercoco
  • spidercoco
  • 2014-03-15 10:11:50
  • 724
您举报文章:Website Security 网站安全(译自:《》)