如何从视图中传递敏感数据控制器 [英] how to pass sensitive data from view to controller
问题描述
为了构建一个实体相当多的信息,我需要performe形式提交的序列。每次我从控制器返回一个视图,我需要通过对尚未建立一些实体的ID。现在我注入这些作品的信息进入隐藏字段,当回发到服务器,继续构建实体。
这种情况持续了几次。
我很不满意传递敏感信息的这种方式,并且是不知道是否有正在做的其他更合适的方式。我使用的授权和认证,但还是很担心的一些场景,其中一个用户可以破解这些ID的,发送回服务器之前,并通过,修改错误的实体。
In order to construct an entity with quite a lot of information, I need to performe a sequence of forms submitting. Every time I return a view from a controller, I need to pass some id's about the not yet established entity. Right now I inject these pieces of info into hidden fields, and when post back to server, continuing to construct the entity. This scenario continues for a few times. I'm very not satisfied with this way of passing sensitive information, and was wonder if there're other more appropriate ways of doing it. I use authorization and authentication, but still worried of some scenarios in which one user could hack these id's, before sending it back to server, and by that, modifying the wrong entity.
此外,似乎有点艰苦的工作来回传递相同的数据。我被取消资格使用会话,因为它揭示了不同种类的数据中断的威胁。 (在使用多个浏览器在一个时间的情况下)。
Also, seems kind of hard work to pass back and forth the same data. I disqualified the use of sessions, because it reveals a different kind of data disruption threat . (in case of using more than one browser at a time).
我应该如何进行一连串的操作?
How should I perform the mentioned operation?
推荐答案
您可以使用数据的安全散列在另一个隐藏字段检测与篡改值
You can use a secure hash of the data in another hidden field to detect tampering with the values.
下面是如何生成一个加密的安全哈希 HTTP的例子:/ /www.bytemy$c$c.com/snippets/snippet/379/
Here is an example of how to generate a cryptographically secure hash http://www.bytemycode.com/snippets/snippet/379/
这篇关于如何从视图中传递敏感数据控制器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
