经典ASP中的加密/解密密码 [英] Encrypt/Decrypt Password in Classic ASP

问题描述

您好，



我想在经典ASP中加密/解密密码以防止SQL注入和跨站点脚本..

请帮忙..



提前谢谢..

Hello,

I want to encrypt/ decrypt password in classic ASP to prevent from SQL Injection and Cross site scripting..
Please help..

Thank you in advance..

推荐答案

最好在丢失之前使用谷歌所有希望;-)



点击这里



这将回答你的问题。

It is better use google before losing all hope ;-)

Click Here

This will answer your question.

加密密码赢了;不帮你使用SQL注入，或跨站点脚本，因为这些形式的攻击通常不用于密码...



并且忽略了你永远不应该加密密码因为这是一个主要的安全风险：密码存储：如何操作。 [ ^ ]



您使用SQL进行处理整个应用程序中的参数化查询而不是串联字符串，跨站脚本是一个比这更复杂的问题！见这里：

http://en.wikipedia.org/wiki/Cross-site_scripting [ ^ ] - 有一节关于预防

和此处： http：//www.acunetix .com / blog / web-security-zone / articles / prevent-xss-attacks / [ ^ ]这可能会有所帮助。

Encrypting passwords won;'t help you with SQL injection, or cross site scripting because those forms of attack aren't normally used for passwords anyway...

And that's ignoring that you should never encrypt passwords because it's a major security risk: Password Storage: How to do it.[^]

You handle SQL Injection by using parametrized queries throughout your application instead of concatenating strings, and cross-site scripting is a much more complex problem than that! see here:
http://en.wikipedia.org/wiki/Cross-site_scripting[^] - there is a section on prevention
and here: http://www.acunetix.com/blog/web-security-zone/articles/preventing-xss-attacks/[^] which may help.

这篇关于经典ASP中的加密/解密密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！