如何加密/解密在C＃中的网址 [英] How to encrypt/decrypt the url in C#

问题描述

我有一个URL www.site地址/站点页/ page1.aspx这个用户名= deepu＆放大器;密码= deepu
如何更改URL来
www.site地址/站点页/ page1.aspx这个用户名= 232322323232＆放大器;密码= 2323232322323
即我想加密我通过URL字段请帮我加密和使用.NET解密URL在C＃中，我现在用的Response.Redirect，并通过这些值作为查询字符串....请帮助...

I have a URL www.site-address/site-page/page1.aspx?username=deepu&password=deepu how can i change the URL to www.site-address/site-page/page1.aspx?username=232322323232&password=2323232322323 ie i want to encrypt the fields i pass through the URL please help me to encrypt and decrypt the URL in C# using .net,now i am using response.redirect and pass these values as query string....pls help....

推荐答案

您的方法是有缺陷的和加密不会真正帮助潜在的问题。如果您在净走出去你很少会（不应该）看到像你所描述的一种模式，即使是加密的。

Your approach is flawed and encrypting will not really help the underlying problem. If you go out across the 'net you will rarely (should never) see a pattern like what you are describing, even if it is encrypted.

相反，你应该尽可能安全地存储在服务器上的用户凭据，并在你可以用它来查找证书查询字符串传递一个独特的，短暂的会话令牌。

Instead you should store the user credentials as securely as possible on the server and pass a unique, short-lived session token in the querystring that you can use to look up the credentials.

至于安全地存储在服务器上，一旦你收到用户的密码是第一次，你应该使用一个单向散列，如SHA256，与盐。你可以通过这个值的地方，储存，并验证比较具有潜在的密码已存储的散列的。像对待有毒废料用户的密码 - 尽可能快地把它扔掉。你想成为的密码存储业务有关的严重，你想成为在有毒废物贮存业务。

As for storing securely on the server, once you've receive the user's password the first time, you should use a one-way hash, like SHA256, with a salt. You can pass this value wherever, store it, and to validate compare the has of a potential password to the hash you have stored. Treat a user's password like toxic waste - throw it away as quickly as possible. You want to be in the password storing business about as badly as you want to be in the toxic waste storing business.

（从我的iPhone回答，链接或即将出台，如果有人愿意帮助我！））

(Answered from my iPhone, links forthcoming or if someone wants to help me out! :))

这篇关于如何加密/解密在C＃中的网址的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！