aganist&QUOT保护我的ASP.net MVC3网站,点击劫持" [英] Securing my ASP.net MVC3 Website aganist "Click jacking"
本文介绍了aganist&QUOT保护我的ASP.net MVC3网站,点击劫持"的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
最近,我是通过所面临的一些网站的安全问题翻转。幸运的是遇到了一个新名词点击劫持
Recently I was flipping through some security issues faced by websites. Fortunately come across a new term "Click jacking"
我了解,这种攻击只发生,如果我的网站是在iframe装载。
I understood that this attack happens only if my website is loadable in an IFrame.
进一步调查有助于了解,设置X-帧选项,以拒绝prevent网站中的IFrame加载
Further investigation helped to know that setting "x-frame-options" to "DENY" prevent the website been loaded in IFrame
但我不知道如何实现这个,因为我很新的这个领域?
But I Don't know how to implement this as I am very new to this domain?
推荐答案
在您的Global.asax您可以添加以下
In your Global.asax you can add the following
protected void Application_BeginRequest(object sender, EventArgs e)
{
HttpContext.Current.Response.AddHeader("x-frame-options", "SAMEORIGIN");
}
这篇关于aganist&QUOT保护我的ASP.net MVC3网站,点击劫持"的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文