安全地在页面之间传递数据
我期待着一种方法来安全地将数据从一个页面传递到另一个页面并避免可能的篡改。
- 解决这个问题的最好方法是将敏感数据保存在数据库服务器上。
- 或者在数据库服务器上使用会话持久化。
- 或者任何将数据保存在数据库服务器上的方法。
事实上,由于性能原因,我不想使用此类方法。
我不知道下面的方法是否安全,但我想测试一下。(但我不知道是否可行)
我想以加密模式将敏感数据保存在视图状态中。 .for ex in tespage1.aspx 并从 testpage2.aspx 中检索此内容。
我该如何执行此操作,安全吗?
提前致谢
I am looking forward for a method to pass data from page to page safely and avoid as It's possible the tampering.
- The best way to solve it, is to save the sensitive data on db server.
- Or using session persist on db server.
- Or whatever method that persists data on db server.
The fact is because of performance I wouldn't like to use such methods.
I don't know if the following is a safe way, but I would like to test it.( but i don't know if it is possible)
I would like to save the sensitive data in viewstate in encryption mode..for ex in tespage1.aspx and retrieve this from testpage2.aspx.
How can I do this, and is it safe?
Thanks in advance
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
创建一个自定义类来保存您的敏感数据。
如果您真的很偏执,请包括加密/解密方法......
现在,设置数据的字段和属性。
接下来,加密(可选)。
将内容放入缓存中...
重定向到您的其他页面
在 Page_Load 事件中
就是这样,您拥有了数据,如果您加密了它,您现在需要解密它...
有多种方法可以做到这一点,但是这个一个对我来说适用于相对较小的数据集。如果您正在处理大量数据,那么您可能想要探索使用 Sql Sever、mySql 等数据库来充当数据的“缓存”。
Create a custom class to hold your sensitive data.
If you are really paranoid include methods for encryption/decryption...
Now, set up fields and properties for the data.
Next, encrypt (optional).
Put the thing in the Cache...
redirect to your other page
In the Page_Load event
That's it, you have your data, if you encrypted it you now need to decrypt it...
There are a multitude of ways to do this but this one works for me with relatively small sets of data. If you are doing large sets of data then you might want to explore using a database such as Sql Sever, mySql, etc... to act as a 'cache' for the data.
始终建议敏感数据应位于服务器而不是客户端。您嵌入页面中的任何内容都是责任。由于您已经排除了所有服务器端选项,我认为 ViewState 应该是最好的选择,因为它具有加密功能。您还可以使用 Page.enableviewstatemac 属性来实现安全的视图状态传输。
Its always recommended that sensitive data, should be in the server not with the client. Anything you embed in the page is a liability. Since you have ruled out all server side options, ViewState should be the best bet I believe due to its encryption. You could also use the Page.enableviewstatemac property to have even secure viewstate transfer.
这里有两个问题......第一,ViewState 不安全。默认情况下它只是一个简单的 BASE64 编码。将此数据保存在服务器上。任何其他事情都是自找麻烦。第二,当您进入新页面时,ViewState 会丢失,这是有充分理由的。这不是将数据从一个 aspx 页面传递到另一页面的方式。
此外,出于性能原因选择 ViewState 而不是 Session 在大多数情况下是没有意义的。使用 InProc Session 或 Cache 将比 ViewState 更高效。
Two problems here... One, ViewState is not secure. By default it is just a simple BASE64 encoding. Save this data on the server, period. Anything else is asking for trouble. Two, ViewState is lost when you go to a new page, for good reason. This is NOT how you pass data from one aspx page to another.
Additionally, choosing ViewState over Session for performance reasons makes no sense in most scenarios. Using InProc Session or Cache is going to be much more efficient than ViewState.