加密QueryString数据
2001-04-04 10:17:47 来源:WEB开发网核心提示:PRoblem with Query String MethodOften time we use query string collection to retrieve an unique record from a table. Notice the following piece of code - Detail
PRoblem with Query String Method
Often time we use query string collection to retrieve an unique record from a table. Notice the following
piece of code -
Detail.asp?RecordID=200
Here we are passing a query string value called "RecordID" using the url. We then use the Query String collection "RecordID" to get the actual number -
<%
Dim RecordID
RecordID = Request.QueryString("RecordID")
%>
The problem with the above method is that we are exposing "RecordID" to the public. Hence making easy to hackers to just change the RecordID Query string to retrieve other values of the table.
Solution to the above problem
In order to solve the above problem, we will use two ASP pages and the ASP random number function to scramble the passing query string value so that the real record number is not exposed to others.
On the first page we get a random number with the following code -
<%
Randomize timer
' Randomizing the timer function
rndNum = abs(int((rnd() * 3001)))
' To generate a prime based, non-negative random number..
rndNum = rndNum + 53
session("rndNum") = rndNum
'We place the random number value in a session variable so that we can use it again in the next page %>
Now that we have our random number we will scramble our query string with it! Here is how -
<%
'Assuming you have a record set retrieved -
Display_Rs.movefirst
While not Display_Rs.Eof
Response.Write "<a href=detail.asp?RecordID="
Response.Write (Display_Rs("RecordID")*rndNum)
' Notice we are multiplying the actual record number with the random number to scramble the query 'string
Response.Write Display_Rs("RecordID") & "</a>"
Display_Rs.Movenext
Wend
%>
In the next page we will un-scramble the query string! Here is how -
<%
Dim RecordID
RecordID = request.querystring("RecordID")/Session("rndNum")
' We are dividing the record ID query string value with the same formula to un-scramble and pass the
actual record ID to the SQL statement
Session.abandon
' Releasing Session value for the next record
%>
That's it! Using the above method you can scramble a query string as much as you like. For example multiply the random number with a very complex formula to generate an even more difficult integer number.
The key point here is you divide the number with the same formula yielding to the original value. This technique is not full proof but much more difficult to break in that passing a regular query string value.
Often time we use query string collection to retrieve an unique record from a table. Notice the following
piece of code -
Detail.asp?RecordID=200
Here we are passing a query string value called "RecordID" using the url. We then use the Query String collection "RecordID" to get the actual number -
<%
Dim RecordID
RecordID = Request.QueryString("RecordID")
%>
The problem with the above method is that we are exposing "RecordID" to the public. Hence making easy to hackers to just change the RecordID Query string to retrieve other values of the table.
Solution to the above problem
In order to solve the above problem, we will use two ASP pages and the ASP random number function to scramble the passing query string value so that the real record number is not exposed to others.
On the first page we get a random number with the following code -
<%
Randomize timer
' Randomizing the timer function
rndNum = abs(int((rnd() * 3001)))
' To generate a prime based, non-negative random number..
rndNum = rndNum + 53
session("rndNum") = rndNum
'We place the random number value in a session variable so that we can use it again in the next page %>
Now that we have our random number we will scramble our query string with it! Here is how -
<%
'Assuming you have a record set retrieved -
Display_Rs.movefirst
While not Display_Rs.Eof
Response.Write "<a href=detail.asp?RecordID="
Response.Write (Display_Rs("RecordID")*rndNum)
' Notice we are multiplying the actual record number with the random number to scramble the query 'string
Response.Write Display_Rs("RecordID") & "</a>"
Display_Rs.Movenext
Wend
%>
In the next page we will un-scramble the query string! Here is how -
<%
Dim RecordID
RecordID = request.querystring("RecordID")/Session("rndNum")
' We are dividing the record ID query string value with the same formula to un-scramble and pass the
actual record ID to the SQL statement
Session.abandon
' Releasing Session value for the next record
%>
That's it! Using the above method you can scramble a query string as much as you like. For example multiply the random number with a very complex formula to generate an even more difficult integer number.
The key point here is you divide the number with the same formula yielding to the original value. This technique is not full proof but much more difficult to break in that passing a regular query string value.
Tags:加密 QueryString 数据
编辑录入:爽爽 [复制链接] [打 印][]
- 好的评价 如果觉得好,就请您
0%(0) 
- 差的评价 如果觉得差,就请您
0%(0) 
- ››数据库大型应用解决方案总结
- ››数据结构2--数组
- ››数据源架构模式的活动记录
- ››数据结构C#版线性表(Data Structure)之单链表(Lin...
- ››数据结构C#版线性表(Data Structure)之顺序表(顺序...
- ››数据就是利润:在欧洲两端,IBM Information Cham...
- ››数据架构师: 您要治理什么?
- ››数据驱动的网络营销和网站运营笔记
- ››数据点:Windows Azure 表存储:不同于传统数据库...
- ››数据医生:Alamance Regional Medical Center 通过...
- ››数据显示iPhone 4销售业绩不及Android手机
- ››数据仓库中复杂报表SQL语句写法
中查找“加密QueryString数据”更多相关内容
中查找“加密QueryString数据”更多相关内容更多精彩
赞助商链接
