0
A
回答
1
”尝试加密查询字符串并将结果字符串追加到查询字符串中。当读出查询字符串时,首先再次对常规参数进行加密并将其与字符串进行比较,然后当任何参数发生变化时,哈希将不再匹配你可以抛出一个异常。
这样的事情。搜索一个很好的查询字符串读/写器类,以使生活更轻松。
private string GetSecureQsToken(string querystring)
{
Byte[] buffer = Encoding.UTF8.GetBytes(querystring);
SHA1CryptoServiceProvider cryptoTransformSha1 =
new SHA1CryptoServiceProvider();
string hash = BitConverter.ToString(
cryptoTransformSha1.ComputeHash(buffer)).Replace("-", "");
return hash;
}
private void GoToSecureQsPage()
{
string qsvalues = "id=1&page=4";
Response.Redirect(string.Format("Default.aspx?{0}&hash={1}", qsvalues, GetSecureQsToken(qsvalues)));
}
private void ReadSecureQs()
{
//here check the normal querystring parameters again against the hash parameter
if (GetSecureQsToken("id=1&page=4") != Request.QueryString["hash"])
{
throw new Exception("Error here");
}
}
我只是去了哈希的版本,因为它是在意见建议,但是,那么客户端会再次变更它,因此您需要进行一些加密像这样:
public class SecureQuerystring
{
public SecureQuerystring()
{
m_passPhrase = "#oqT6%hKg";
m_saltValue = "7651273512";
m_initVector = "@1B2c3D4e5F6g7H8";
m_hashAlgorithm = "SHA1";
m_passwordIterations = 5;
m_keySize = 128;
}
private string m_plaintext;
private string m_ciphertext;
private byte[] m_plaintextbytes;
private byte[] m_ciphertextbytes;
private string m_passPhrase;
private string m_saltValue;
private string m_hashAlgorithm;
private Int32 m_passwordIterations;
private string m_initVector;
private Int32 m_keySize;
public string plaintext
{
get { return m_plaintext; }
set { m_plaintext = value; }
}
public string ciphertext
{
get { return m_ciphertext; }
set { m_ciphertext = value; }
}
public byte[] plaintextbytes
{
get { return m_plaintextbytes; }
set { m_plaintextbytes = value; }
}
public byte[] ciphertextbytes
{
get { return m_ciphertextbytes; }
set { m_ciphertextbytes = value; }
}
public string passPhrase
{
get { return m_passPhrase; }
set { m_passPhrase = value; }
}
public string saltValue
{
get { return m_saltValue; }
set { m_saltValue = value; }
}
public string hashAlgorithm
{
get { return m_hashAlgorithm; }
set { m_hashAlgorithm = value; }
}
public Int32 passwordIterations
{
get { return m_passwordIterations; }
set { m_passwordIterations = value; }
}
public string initVector
{
get { return m_initVector; }
set { m_initVector = value; }
}
public Int32 keySize
{
get { return m_keySize; }
set { m_keySize = value; }
}
public string ASCIIEncrypt(string plaintext2)
{
try
{
byte[] initVectorBytes = Encoding.ASCII.GetBytes(m_initVector);
byte[] saltValueBytes = Encoding.ASCII.GetBytes(m_saltValue);
byte[] plainTextBytes = Encoding.ASCII.GetBytes(plaintext2);
PasswordDeriveBytes password = new PasswordDeriveBytes(m_passPhrase, saltValueBytes, m_hashAlgorithm, m_passwordIterations);
byte[] keyBytes = password.GetBytes(m_keySize/8);
RijndaelManaged symmetricKey = new RijndaelManaged();
symmetricKey.Mode = CipherMode.CBC;
ICryptoTransform encryptor = symmetricKey.CreateEncryptor(keyBytes, initVectorBytes);
MemoryStream memoryStream = new MemoryStream();
CryptoStream cryptoStream = new CryptoStream(memoryStream, encryptor, CryptoStreamMode.Write);
cryptoStream.Write(plainTextBytes, 0, plainTextBytes.Length);
cryptoStream.FlushFinalBlock();
byte[] cipherTextBytes = memoryStream.ToArray();
memoryStream.Close();
cryptoStream.Close();
m_ciphertext = Convert.ToBase64String(cipherTextBytes);
return "SUCCESS";
}
catch (Exception ex)
{
return ex.Message.ToString();
}
}
public string ASCIIDecrypt(string ciphertext2)
{
try
{
byte[] initVectorBytes = Encoding.ASCII.GetBytes(m_initVector);
byte[] saltValueBytes = Encoding.ASCII.GetBytes(m_saltValue);
byte[] cipherTextBytes = Convert.FromBase64String(ciphertext2);
PasswordDeriveBytes password = new PasswordDeriveBytes(m_passPhrase, saltValueBytes, m_hashAlgorithm, m_passwordIterations);
byte[] keyBytes = password.GetBytes(keySize/8);
RijndaelManaged symmetricKey = new RijndaelManaged();
symmetricKey.Mode = CipherMode.CBC;
ICryptoTransform decryptor = symmetricKey.CreateDecryptor(keyBytes, initVectorBytes);
MemoryStream memoryStream = new MemoryStream(cipherTextBytes);
CryptoStream cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read);
byte[] plainTextBytes = new byte[cipherTextBytes.Length];
int decryptedByteCount = cryptoStream.Read(plainTextBytes, 0, plainTextBytes.Length);
memoryStream.Close();
cryptoStream.Close();
m_plaintext = Encoding.ASCII.GetString(plainTextBytes);
return "SUCCESS";
}
catch (Exception ex)
{
return ex.Message.ToString();
}
}
}
所以追加到qyerstring的ASCIIEncrypt(“yourquerstring不加密字符串”)和阅读时再次读取正常QS PARAMATERS并在QS的结果比较散。
相关问题
- 1. 更改Querystring?
- 2. 如何更改回发的QueryString?
- 3. 如何使用QueryString
- 4. 如何使用Querystring而不是';'
- 5. 如何使选择一个菜单不可选/不可更改
- 6. 我怎样才能的queryString值更改为(INT)
- 7. QueryString的改变值
- 8. 使TimePicker不可更改
- 9. 使HTML不可更改
- 10. querystring如何工作
- 11. 如何测试QueryString
- 12. 何时以及如何使用QueryString [“ReturnUrl”]
- 13. 如何访问QueryString参数,如果我使用路由
- 14. 如何不发布我的SharePoint更改?
- 15. 我如何使HTML自动更改测验(jQuery可能?)
- 16. 我该如何更改旧项目,以便可以使用ARC?
- 17. QueryString在请求中不可见
- 18. 用lighttpd代理改变QUERYSTRING
- 19. 使用jQuery更新href中的querystring值
- 20. 我如何使用mod_rewrite更改URL
- 21. 我如何使用jquery更改webkit css
- 22. 如何使用Regx获取Subsite或QueryString
- 23. 为什么我不能获取queryString?
- 24. Querystring内部的Querystring
- 25. 如何使更改
- 26. 如何更改我的ios应用程序更新可用性
- 27. 如何仅使用我的更改更新我的symfony模块?
- 28. 如何在更改视图时使UITextField不可编辑?
- 29. c#如何使添加的文本不可更改
- 30. 如何更改我的可可窗口调整方向?
您可能正在尝试解决错误的问题。你必须检查服务器端,如果用户有实际许可做他的要求。永远不要信任从客户端收到的数据。 – ZippyV
@ZippyV当你处理一个好的情绪时 - 例如 - 支付提供者需要来回发送POST时,你需要为某些数据对象保留一个哈希以确保数据没有被篡改中间人攻击。 –
@ J.Steen这就是SSL进来的地方。 – ZippyV