url- querystring |需要专家建议|将url链接添加到db中是否明智/可取? [英] url- querystring | need expert suggestion | Is it advisable/fare to add url link into db......
问题描述
亲爱的香榭丽舍大街!
故事:....我有一个搜索对话框表单收集搜索参数并调用母版页以显示基于查询字符串的信息。通过查询字符串传递值可以很好地工作。
只是想知道如果用户篡改或玩url参数...页面可以访问其他信息。在这种情况下。示例
http://localhost/octopus/shipmentinfo.aspx?actno = WJgtAbTGa3P%2bUBkYmJrHpA%3d%3d& doctype = OEX& brid = 1018& jc = 0& ; po = 0& wb = 0& inv = 0
我正在考虑在数据库中编写这些param或url字符串并获取它的recId并发送加密的recID通过查询字符串....!看起来好像
http://www.gesksa.com/octopus/shipmentinfo.aspx?recID=WjgtAbTGa3P%
和page_load主页 - 获取recID deCrypt它并从存储的数据库中获取URL ...用于安全起飞和着陆....
是这个真实的想法还是影响性能...
请我需要专家建议.....
谢谢,
Dear Champs!
Story: .... I have a search dialog form collects search param and calls master page to display information based on query string... Works well by passing values by querystring.
just wondering "what if" user tampers or plays with url parameters... page gives access to other info. in that case. example
http://localhost/octopus/shipmentinfo.aspx?actno=WJgtAbTGa3P%2bUBkYmJrHpA%3d%3d&doctype=OEX&brid=1018&jc=0&po=0&wb=0&inv=0
I'm thinking of writing these param or url string in database and get recId of it and send encrypted recID by query-string....! which looks like
http://www.gesksa.com/octopus/shipmentinfo.aspx?recID=WjgtAbTGa3P%
and in page_load master page - get recID deCrypt it and get URL from stored database... for secure take-off and landing....
IS THIS FARE IDEA OR EFFECTS THE PERFORMANCE...
Please I need expert suggestion.....
Thanks,
推荐答案
查询字符串是一种将数据传递到另一页的方法。 [ ^ ]。您可以尝试像Session这样的东西来传递数据,但用户看不到它。
但是你最好还是对输入数据进行验证。例如,检查当前登录用户是否可以访问所请求的数据,然后仅在验证通过时显示。
Query string is one way is one way to pass data to a another page.[^]. you can try something like Session to pass data and it will not visible to user.
But any case you better to have validation for input data. for example check whether current logged in user has access to requested data or not and then display only if validation pass.
这篇关于url- querystring |需要专家建议|将url链接添加到db中是否明智/可取?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
