我应该通过加密URL的参数传递一个GUID? [英] Should I encrypt a GUID passed by URL-parameters?
问题描述
我们正在创建一个Silverlight应用程序,需要有几个参数的URL与调用网站传递
We are creating a Silverlight application and need to have a few parameters pass in with the URL from calling site.
例如: http://oursite.com/index。 ASPX?测试= d53ae99b-06a0-4ba7-81ed-4556adc532b2
我们想给链接回到我们的桌子的GUID告诉Silverlight应用程序它的任务是什么,当他们到达调用网站测试字符串。我们也用这个GUID进行认证,我们除其他事项外应用。
We want to give the calling website 'test' string that links back to the GUID of our table which tells the Silverlight application what it's task is when they arrive. We also use this GUID for authentication on our application among other things.
的GUID是这样:
- d53ae99b-06a0-4ba7-81ed-4556adc532b2
- 8354b838-99b3-4b4c-bb07-7cf68620072e
加密,值更长
- l5GyhPWSBUw8KdD + TpWJOsoOFDF0LzmGzd4uufLx + V / d3eByGZ6zPcRjvCRMG2tg
- WVMN7B0FPa18 / Q7 + U4njb5AOKnx6Ga9xoAsvCET6MyjM5TV6dO86OexaCXDiXaES
我的问题是,与安全考虑,我们应该给他们加密的GUID或喜欢它,未加密的?
My question is, with security in mind, should we give them the GUID encrypted or like it is, unencrypted?
什么关系呢?
什么是大家的这种类型的参数传递的经验?
What is everyone's experience with this type of parameter passing?
推荐答案
在加密方面,关键是要定义你的安全上下文。也许有人会能做什么,如果他们有访问原始的GUID?如果他们不能做什么危险,有没有点加密,它通常最好不要加密。如果有这个信息是公开可用造成的任何安全隐患,你最好对其进行加密。
In matters of encryption, the key is to define your security context. What might someone be able to do if they had access to the original GUIDs? If they couldn't do anything hazardous, there's no point encrypting, and it's generally best not to encrypt. If there's any security risk posed by this information being publicly available, you'd better encrypt it.
既然你说:
我们也用这个GUID进行认证,我们除其他事项外应用
We also use this guid for authentication on our application among other things
...我猜你会想进行加密。但你可能要重新考虑您的身份验证策略。它通常最好使用经过时间考验的,对于像认证和加密广为接受的方法,因为你可以比较肯定的是,不会有未知攻击。
... I'm guessing you'll want to encrypt. But you may want to re-think your authentication strategy. It's often best to use time-tested, well-accepted methods for things like authentication and encryption, since you can be relatively certain that there aren't unknown exploits.
这篇关于我应该通过加密URL的参数传递一个GUID?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
