Exportar (0) Imprimir
Expandir Tudo

Secure Code

No matter how strong the security of your server is, if the applications that it hosts are not programmed according to best security practices, your network might be vulnerable to attacks. As part of a defense-in-depth strategy, IIS administrators should work with developers to ensure that the code hosted on the server running IIS is as secure as possible. For example, developers can reduce the risk of certain types of attacks, such as cross-site scripting and SQL injection, by validating user input.

Cross-site scripting occurs when an attacker sends a link in e-mail to a user or otherwise points the user to a Web site, and the link actually contains malicious script code, which can be VBScript or JScript. As a result of cross-site scripting, an attacker potentially can perform such actions as reading cookies, instantiating browser plug-ins or native code and scripting it with untrusted data, and intercepting user input. Potential targets are any browsers that support scripting and any Web servers that support HTML forms.

In a SQL-injection attack, an attacker finds a way to modify a SQL command that is used in a dynamic Web page. The attacker typically crafts user input in a way that modifies the logic of the SQL command, so that the attacker is able to obtain information that would otherwise be unavailable.

Developers who write the applications that are hosted on your Web site must know how to include safeguards against these types of attacks. It is paramount that all user input be validated thoroughly. The book Writing Secure Code covers these and other Web application security issues in depth. For more information about Writing Secure Code, see Additional Resources for IIS 6.0 Security.

Isso foi útil para você?
(1500 caracteres restantes)
Agradecemos os seus comentários

Contribuições da comunidade

A Microsoft está realizando uma pesquisa online para saber sua opinião sobre o site do MSDN. Se você optar por participar, a pesquisa online lhe será apresentada quando você sair do site do MSDN.

Deseja participar?
© 2015 Microsoft