如何加密asp.net中的查询字符串？ [英] How to encrypt query strings in asp.net?

问题描述

如何在aspx.net中加密查询字符串？

How do I encrypt query strings in aspx.net?

我意识到这并不提供安全性。我只是想模糊一个谜题。

P.S. I realize that this does not offer security. I'm just looking to obfuscate a puzzle.

P.P.S虽然我将CKret的答案标记为正确答案（对于这个问题，我相信他是最正确的答案）。不过，对于我自己，我只是去尝试使用ChoasPandion的加密方式。如果我需要更多的安全性，我会看看CKret的或Ian的。

P.P.S Though I marked CKret's answer as the correct one (for the question as worded I believe his is the most correct answer). However, for myself, I'm just going to try ChoasPandion's alternative to encryption. If I needed more security I'd look at CKret's or Ian's.

推荐答案

Mads Kristensen的一篇博客文章关于查询字符串加密

A blog post by Mads Kristensen about Query String encryption.

注意一件事：
他在Encrypt方法中使用PasswordDeriveBytes。它已被Rfc2898DeriveBytes替代。如果只需加密查询字符串，而不是页面上的每个链接都可以。如果您想加密每个链接，您也可以添加一个重写器来加密这些查询字符串。

Beware of one thing though: He uses PasswordDeriveBytes within the Encrypt method. It has been replaced by Rfc2898DeriveBytes. If you only need to encrypt the query string and not every link on the page this is fine. If you however want to encrypt every link too you'll want to add a Rewriter to encrypt those query string too.

如果您这样做，会对性能产生重大影响在您的网页上有很多链接。您要做的是从encrypt / decrypt方法中取出PasswordDeriveBytes / Rfc2898DeriveBytes，并存储密钥和IV，而不是密码和salt。

Doing so will have a substantial impact on performance if you have many links on your pages. What you would want to do is lift out the PasswordDeriveBytes/Rfc2898DeriveBytes from the encrypt/decrypt methods and store the key and IV instead of the password and salt.

编辑：

我在这个问题上发表了一篇博客文章这里。

这篇关于如何加密asp.net中的查询字符串？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！