设为首页
联系我们
加入收藏
| 网络工具 | 系统工具 | 应用软件 | 多媒体类 | 联络聊天 | 行业软件 | 图形图像 | 安全相关 | 编程开发 | 教育教学 | 游戏娱乐 |
| 程序源码 | ASP 源码 | CGI 源码 | PHP 源码 | 驱动下载 | 字体下载 | 素材下载 | 桌面大全 | 闪客天地 | 外挂插件 | 考题下载 |

站内搜索:

您的位置:首页-> 资讯中心-> 技术开发-> ASP 学院-> ASP文摘-> 加密QueryString数据

ASP文摘

ASP教程
ASP文摘
ASP实例
ASP FAQ
ASP安全
ASP组件
ASP其它

本类阅读TOP10
·负载平衡环境下的ASP会话管理(转)(二)
·Chinaasp论坛精华帖全文检索器技术内幕
·如何解决图形和文字的显示问题
·ASP中处理#include
·Microsoft Script Debugger说明书
·在ASP处理程序时,进度显示
·全面考察“禁用浏览器后退按钮”
·ASP中FSO的神奇功能 - 权限许可
·用ASP创建Microsoft Word 文件
·关于数据库连接的一点浅见

精品推荐

加密QueryString数据

作者:未知 来源:未知 加入时间:2004-12-1
Problem with Query String Method
Often time we use query string collection to retrieve an unique record from a table. Notice the following
piece of code -

Detail.asp?RecordID=200

Here we are passing a query string value called "RecordID" using the url. We then use the Query String
collection "RecordID" to get the actual number -

<%
Dim RecordID
RecordID = Request.QueryString("RecordID")
%>

The problem with the above method is that we are exposing "RecordID" to the public. Hence making easy to
hackers to just change the RecordID Query string to retrieve other values of the table.

Solution to the above problem

In order to solve the above problem, we will use two ASP pages and the ASP random number function to
scramble the passing query string value so that the real record number is not exposed to others.

On the first page we get a random number with the following code -

<%
Randomize timer
' Randomizing the timer function
rndNum = abs(int((rnd() * 3001)))
' To generate a prime based, non-negative random number..
rndNum = rndNum + 53
Session("rndNum") = rndNum
'We place the random number value in a session variable so that we can use it again in the next page %>

Now that we have our random number we will scramble our query string with it! Here is how -

<%
'Assuming you have a record set retrieved -
Display_Rs.movefirst
While not Display_Rs.Eof
Response.Write "<a href=detail.asp?RecordID="
Response.Write (Display_Rs("RecordID")*rndNum)
' Notice we are multiplying the actual record number with the random number to scramble the query 'string
Response.Write Display_Rs("RecordID") & "</a>"
Display_Rs.Movenext
Wend
%>

In the next page we will un-scramble the query string! Here is how -

<%
Dim RecordID
RecordID = request.querystring("RecordID")/Session("rndNum")
' We are dividing the record ID query string value with the same formula to un-scramble and pass the
actual record ID to the SQL statement
Session.abandon
' Releasing Session value for the next record
%>

That's it! Using the above method you can scramble a query string as much as you like. For example
multiply the random number with a very complex formula to generate an even more difficult integer number.
The key point here is you divide the number with the same formula yielding to the original value. This
technique is not full proof but much more difficult to break in that passing a regular query string value.


(出处:不详 )


相关文章
相关软件