zoukankan      html  css  js  c++  java
  • Asp.net 网站防攻击安全设置

    针对已解密的_ViewStat参数漏洞整改建议:在<system.web>下添加

    <machineKey validation="3DES"/>

    禁用脚本调试
    <compilation debug="true">

    跨站点请求伪造,如果要避免 CSRF 攻击,每个请求都应该包含唯一标识,它是攻击者所无法猜测的参数。 
    protected override void OnInit(EventArgs e)
     {
          base.OnInit(e);
          if (System.Web.HttpContext.Current.Session != null)
         {
                ViewStateUserKey = Session.SessionID;
          }
      }

    防止伪造用户身份

    public partial class AdminLogin : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {
            if(!Page.IsPostBack)
                Session.Clear();
        }

    }

    防SQL注入

     public static bool FilterChar(string oldstr)
            {
                bool flag = true;
                string[] filterstr = {"and ","exec ","insert ","select ","delete ","update ","count(","from ","drop ","asc(","char(","or ","chr(","mid("," master",
                "truncate ","declare ","sitename","net user","xp_cmdshell "," /add","exec master.dbo.xp_cmdshell","net localgroup administrators",
                "%",";","/'","/"","-","@",",","//","!","(",")","[","]","{","}","|"};
                for (int i = 0; i < filterstr.Length; i++)
                {
                    if (oldstr.Contains(filterstr[i]))
                    {
                        flag = false;
                        break;
                    }
                }
                return flag;
            }

  • 相关阅读:
    排序算法之快速排序
    设计模式之原型模式
    设计模式之门面模式
    第五十四课 树中节点的插入操作
    第五十三课 树中节点的查找操作
    第五十二课 树的存储结构与实现
    第五十一课 树的定义与操作
    第五十课 排序的工程应用示例
    第四十九课 归并排序和快速排序
    第四十八课 冒泡排序和希尔排序
  • 原文地址:https://www.cnblogs.com/kdkler/p/3410169.html
Copyright © 2011-2022 走看看