如何查询字符串在asp.net加密? [英] How to encrypt query strings in asp.net?
问题描述
如何加密查询字符串
P.S。我知道这不提供担保。我只是希望混淆一个谜。
PPS虽然我标志着CKret的回答是正确的(对于这个问题的措辞,我相信他是最正确的答案)。但是,对于我自己,我只是去尝试ChoasPandion的替代加密。如果我需要更多的安全性我想看看CKret的和伊恩的。
一个博客发布者的Mads克里斯滕森有关的查询字符串加密。
谨防但有一件事: 他用PasswordDeriveBytes加密方法中。它已取代Rfc2898DeriveBytes。如果你只需要在查询字符串,而不是每一个环节进行加密的网页上,这是好的。但是,如果你想加密过的每一个环节,你需要添加一个重写到过加密的查询字符串。
这样做将会对业绩产生实质性的影响,如果你对你的网页许多环节。什么,你会想要做的是解除从加密的PasswordDeriveBytes / Rfc2898DeriveBytes /解密方法和存储代替密码和盐的密钥和IV。
编辑:
我在这里发表了关于这个问题的博客文章
How do I encrypt query strings in aspx.net?
P.S. I realize that this does not offer security. I'm just looking to obfuscate a puzzle.
P.P.S Though I marked CKret's answer as the correct one (for the question as worded I believe his is the most correct answer). However, for myself, I'm just going to try ChoasPandion's alternative to encryption. If I needed more security I'd look at CKret's or Ian's.
A blog post by Mads Kristensen about Query String encryption.
Beware of one thing though: He uses PasswordDeriveBytes within the Encrypt method. It has been replaced by Rfc2898DeriveBytes. If you only need to encrypt the query string and not every link on the page this is fine. If you however want to encrypt every link too you'll want to add a Rewriter to encrypt those query string too.
Doing so will have a substantial impact on performance if you have many links on your pages. What you would want to do is lift out the PasswordDeriveBytes/Rfc2898DeriveBytes from the encrypt/decrypt methods and store the key and IV instead of the password and salt.
Edit:
I've published a blog post on this issue here.
这篇关于如何查询字符串在asp.net加密?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
