如何以最安全的方式加密和解密web.config和页面文件中的视图状态值？ [英] How to encrypt and decrypt viewstate values in web.config and page files in the most secure manner?

问题描述

如何以最安全的方式加密和解密web.config和页面文件中的视图状态值？

当使用应用程序扫描测试工具漏洞时，视图状态加密解密过程的漏洞更高。因此，黑客可以篡改数据。最大限度地避免使用Viewstate，因为它会导致性能问题。我正在使用VS 2005（带有c＃的asp.net）和Sql server 2005.

解决方案

请参阅]



本文介绍如何加密字节：

C＃AES 256位带盐的加密库 [ ^ ]



结合这两篇文章，您可以自己加密视图状态。

How to encrypt and decrypt viewstate values in web.config and page files in the most secure manner?
When Tested with App Scan tool vulnerability shown is higher for the viewstate encryption decryption process. Hackers can tamper the data because of this. Viewstate has been avoided in max places as it causes Performance issues. I am using VS 2005(asp.net with c#) and Sql server 2005.

解决方案

Refer How to make ViewState secure in ASP.NET[^].

Quote:

We can also enable these settings for EnableViewStateMAC and ViewStateEncryptionMode in web.config:

Another way is playing it with your own encryption library.

This article explains how to intercept the viewstate handling process:
ViewState Compression[^]

This article explains how to encrypt bytes:
C# AES 256 bits Encryption Library with Salt[^]

Combining these 2 articles enables you to encrypt the viewstate yourself.

这篇关于如何以最安全的方式加密和解密web.config和页面文件中的视图状态值？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！