mvc5中我网站的潜在安全漏洞 [英] Potential security breach in my website in mvc5

问题描述

你好，



我建立了一个网站，我发现了一个很高的安全漏洞，你能帮帮我吗？



成功登录后，用户点击主页上的一个按钮，向他显示他向专家提出的所有问题的清单。现在，他点击任何一个问题并将该问题ID作为查询字符串传递，并将该问题的详细信息打开到另一页面。现在用户从网站注销。



另一位用户成功登录网站，现在他将链接（带有问题ID作为查询字符串）复制到浏览器历史记录并粘贴到选项卡，然后他可以成功查看该问题的详细信息。这里的漏洞是第二个用户可以看到第一个用户提出的问题的详细信息，这是不允许的。对于来自数据库的任何请求，我不能每次都传递用户名和密码。我如何修复此安全漏洞？



谢谢，

Sumit

解决方案

< blockquote>所有安全主体中最基本的是您授权登录用户可以访问他们请求的任何资源。在user.aspx页面中，您需要确保登录用户可以访问ID中引用的问题。当您使用增量ID时，任何用户都可以随机尝试它们，因此额外的安全性将是使用GUID而不是int，但只要您验证用户有权访问该问题，使用ints就不应该是一个问题。

Hi Sumit，



我认为你可以在数据访问层修复此问题，正如你所提到的那样当用户登录时，你会得到问题列表。所以我认为你在用户问题表中定义了一些关系。



所以只需在获取问题详情时，如果

提供了问题ID是否真的属于登录用户，请再添加一次检查。



希望这能让您有所了解。



问候，

Hello there,

I had build a website and i have found a high security breach, could you please help me out?

After a successful login, the user clicks on a button in the home page which shows him the list of all the questions he asked to the experts. Now he clicks on any one of the question and that question Id is passed as a query string and opens the details of that question on to the other page. Now the user log out from the website.

Another user log into the website successfully, Now he copies the link(which was with question id as query string) from the browser history and paste into tab and then he can successfully see the details of that question. The breach here is that the second user can see the details of the question asked by first user, which must not be allow. I cannot pass username & password every time for any request from database. How do i fix this security breach?

Thanks,
Sumit

解决方案

The most basic of all security principals is that you authorise that the logged in user can access any resource they have requested. In your user.aspx page you need to ensure the logged in user has access to the question referenced in the id. As you are using incremental IDs any user can just try them all randomly, so an extra bit of security would be to use GUIDs rather that ints, but as long as you verify the user has rights to access that question, using ints shouldn't be a problem.

Hi Sumit,

I think you can have this fixed at Data Access layer, as you have mentioned you get the list of questions when user logs in. so i think you have some relations defined in user-questions table.

so simply while getting the question details, just add one more check if
provided question id is really belong to logged in user or not.

Hope this gives you some heads up.

Regards,

这篇关于mvc5中我网站的潜在安全漏洞的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！