什么是使用成员身份API的主要缺点是什么? [英] whats are the major disadvantages of using Membership API?
问题描述
什么都使用成员身份API的主要缺点是什么?当我应该考虑依靠使用手工编码?
Whats are the major disadvantages of using Membership API? And when should i consider relying on using manual coding?
推荐答案
绝不会编写自己的$ C $下任何与安全性。这包括认证/会员。
NEVER write your own code for anything to do with security. This includes authentication/membership.
编写您自己的身份验证系统是看似简单:基本功能是简单的编写和测试。然而,这里的问题是在设计过程是安全的。因为这很容易做到,这也很容易建立的东西,只有的似乎的工作—它通过所有测试,允许那些它应该和不允许那些没有,所以你部署系统。然后来一个黑客,发现那个小瑕疵在您的设计。一年后,你终于发现你已经破解。
Writing your own authentication system is deceptively easy: the basic functionally is simple to write and test. However, the problem here is designing the process to be secure. Because it's easy to do, it's also very easy to build something that only seems to work — it passes all your tests, allows those it's supposed to and does not allow those it isn't, and so you deploy your system. Then along comes a hacker and finds that little flaw in your design. A year later you finally find out you've been cracked.
有关成员API的事情是,它的可扩展性。如果有没有出的现成的供应商,做你所需要的,你可以扩展一个,而不必从头开始,所以这将是pretty的例外情况下确实是从使用它的prevent你。
The thing about the membership API is that it's extensible. If there's not an out-of-the-box provider that does what you need you can extend one without having to start from scratch, so it would be pretty exception circumstances indeed that prevent you from using it.
这个原则不仅适用于ASP.Net,也给其他任何平台,在这里,你可能想实现一个身份验证系统。无论平台,你有,总是瘦尽可能一个中提供给您的久经考验的安全功能。
This principle applies not only to ASP.Net, but also to any other platform where you might want to implement an authentication system. Whatever platform you have, always lean as much as possible one the battle-tested security features provided to you.
这篇关于什么是使用成员身份API的主要缺点是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
