1.敏感信息在数据库中要以密文储存
//一个md5加密的函数
public String md5(String s)
{
System.Security.Cryptography.MD5 md5 = new
System.Security.Cryptography.MD5CryptoServiceProvider();
byte[] bytes = System.Text.Encoding.UTF8.GetBytes(s);
bytes = md5.ComputeHash(bytes);
md5.Clear();
string ret = "";
for(int i=0 ; i<bytes.Length ; i++)
{
ret += Convert.ToString(bytes[i],16).PadLeft(2,'0');
}
return ret.PadLeft(32,'0');
}
2.防止SQl注入攻击
//替换单引号
tbxLogonName.Text.Replace("'", "").Trim()
3.
...