zoukankan      html  css  js  c++  java

  • Asp.net 网站防攻击安全设置

    针对已解密的_ViewStat参数漏洞整改建议:在<system.web>下添加

    <machineKey validation="3DES"/>

    禁用脚本调试
    <compilation debug="true">

    跨站点请求伪造,如果要避免 CSRF 攻击,每个请求都应该包含唯一标识,它是攻击者所无法猜测的参数。 
    protected override void OnInit(EventArgs e)
     {
          base.OnInit(e);
          if (System.Web.HttpContext.Current.Session != null)
         {
                ViewStateUserKey = Session.SessionID;
          }
      }

    防止伪造用户身份

    public partial class AdminLogin : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {
            if(!Page.IsPostBack)
                Session.Clear();
        }

    }

    防SQL注入

     public static bool FilterChar(string oldstr)
            {
                bool flag = true;
                string[] filterstr = {"and ","exec ","insert ","select ","delete ","update ","count(","from ","drop ","asc(","char(","or ","chr(","mid("," master",
                "truncate ","declare ","sitename","net user","xp_cmdshell "," /add","exec master.dbo.xp_cmdshell","net localgroup administrators",
                "%",";","/'","/"","-","@",",","//","!","(",")","[","]","{","}","|"};
                for (int i = 0; i < filterstr.Length; i++)
                {
                    if (oldstr.Contains(filterstr[i]))
                    {
                        flag = false;
                        break;
                    }
                }
                return flag;
            }
  • 相关阅读:
    博客作业04--树
    博客作业03--栈和队列
    博客作业2---线性表
    博客作业01-抽象数据类型
    C语言最后一次作业--总结报告
    CSAPP(8):系统级IO
    CSAPP(7):虚拟存储器
    CSAPP(6):异常控制流
    CASPP(5):链接
    CSAPP(4):存储器层次结构
  • 原文地址:https://www.cnblogs.com/kdkler/p/3410169.html
Copyright © 2011-2022 走看看