【正文】 (Server Component) can be pleted very plicated task, but users can also use their own or others to plete the development of the server ponent of specialized tasks. Comparing the gateway server and ASP expansion mode has the following advantages: (1) ASP VBScript used by the scripting language from the VB, easy to learn. (2) directly into the HTML scripting language, do not need to pile and can connect directly to explain operation. (3) the use of ADODB ponents easy access to the database. (4) Objectoriented programming, which can be expanded ActiveX Server ponent functions, in theory, can achieve any function. (5) does not exist browser patibility problems, ASP is in the process of serverside run. (6) can be hidden code, the protection of labor results. serverside security technology (1) Directory file protection 1) NTFS permissions. NTFS file system provides more security than the Fat32 file management, file access control through a table (ACL) defines the user access to files and directorylevel permissions, if the user has permissions to open the file, the puter allows the user to access files . Directories and files by setting access rights, the prohibition has nothing to do users of the directory file copy, modify, delete, etc. operations, restrict the invasion of the system. 2) Virtual directory and its property. Virtual directory hide the directory structure on the site of important information, in the Asp environment, a safer approach is to Asp separate scripts and HTML files stored in different directory, will be stored as HTML files readonly attribute will be stored Asp script directory attribute is set to implement. 3) To prevent the document view Asp. IIS or own document, you can view the source code of Asp procedures in order to steal information. Web server can delete or disable access to the documents stored in the files. (2) Restrict access to technology 1) IP address restrictions. IIS will authorize or reject a specific IP address of their visit, by refusing a visit to a specific IP address in order to exclude interference invasion. The setting: A start ISM (Inter Service Manager)。 B start page Web Properties Advanced tab。 C for the specified IP address control settings. 2) User Access Control. IIS site provides resources for anonymous access and authentication control settings, Web server set up on the basis of the identity of the user authentication to prevent unauthorized users with restricted content Http connection. Specific settings: in the Web site of the Directory Security property page, select the Anonymous access and authentication control for editing. Allow anonymous access to client account IUSRComputername to establish a connection with the Web server (to provide a random password). For nonanonymous access, there are three types of authentication: basic authentication, allows the user name and password unencrypted (clear) is sent。 summar y authentication, only domain controller in the domain has been supported by the work to send its value after a mixed (that is, to use hashing the message digest calculation) rather than password authentication. Integrated Windows authentication, the use of Secure Sockets Layer (SSL) automatically encrypted user name and password. 3) firewall technology. The purpose of the firewall for internal work or host to provide security, prevent unauthorized access to information resources, mandatory for all connections to go through this protective layer. Including the packet filtering firewall and proxy two, packet filtering is a specific IP address for the services provided by the host, and its basic principle is that in the IP work layer and IP packet intercepted exchanges of information, to determine whether to forward this IP packet. Acting on the basic principles of Web services to construct a single agent, does not allow clients directly interact with the server, it is necessary to be both agent interaction information. In the actual build, it is usually provided by the filter the firstclass security protection, and then from the prox