您的位置:首页技术开发ASP技巧 → 加密QueryString数据

加密QueryString数据

时间:2004/11/7 4:10:00来源:本站整理作者:蓝点我要评论(0)

  Problem with Query String Method

  Often time we use query string collection to retrieve an unique record from a table. Notice the following

  piece of code -

  Detail.asp?RecordID=200

  Here we are passing a query string value called "RecordID" using the url. We then use the Query String collection "RecordID" to get the actual number -

  <%

  Dim RecordID

  RecordID = Request.QueryString("RecordID")

  %>

  The problem with the above method is that we are exposing "RecordID" to the public. Hence making easy to hackers to just change the RecordID Query string to retrieve other values of the table.

  Solution to the above problem

  In order to solve the above problem, we will use two ASP pages and the ASP random number function to scramble the passing query string value so that the real record number is not exposed to others.

  On the first page we get a random number with the following code -

  <%

  Randomize timer

  ' Randomizing the timer function

  rndNum = abs(int((rnd() * 3001)))

  ' To generate a prime based,  non-negative random number..

  rndNum = rndNum + 53

  Session("rndNum") = rndNum

  'We place the random number value in a session variable so that we can use it again in the next page %>

  Now that we have our random number we will scramble our query string with it! Here is how -

  <%

  'Assuming you have a record set retrieved -

  Display_Rs.movefirst

  While not Display_Rs.Eof

  Response.Write "<a href=detail.asp?RecordID="

  Response.Write (Display_Rs("RecordID")*rndNum)

  ' Notice we are multiplying the actual record number with the random number to scramble the query 'string

  Response.Write Display_Rs("RecordID") & ""

  Display_Rs.Movenext

  Wend

  %>

  In the next page we will un-scramble the query string! Here is how -

  <%

  Dim RecordID

  RecordID = request.querystring("RecordID")/Session("rndNum")

  ' We are dividing the record ID query string value with the  formula to un-scramble and pass the

  actual record ID to the SQL statement

  Session.abandon

  ' Releasing Session value for the next record

  %>

  That's it! Using the above method you can scramble a query string as much as you like. For example multiply the random number with a very complex formula to generate an even more difficult integer number.

  The key point here is you divide  the number with the  formula yielding to the original value. This technique is not full proof but much more difficult to break in that passing a regular query string value.

相关阅读 Windows错误代码大全 Windows错误代码查询激活windows有什么用Mac QQ和Windows QQ聊天记录怎么合并 Mac QQ和Windows QQ聊天记录Windows 10自动更新怎么关闭 如何关闭Windows 10自动更新windows 10 rs4快速预览版17017下载错误问题Win10秋季创意者更新16291更新了什么 win10 16291更新内容windows10秋季创意者更新时间 windows10秋季创意者更新内容kb3150513补丁更新了什么 Windows 10补丁kb3150513是什么

文章评论
发表评论

热门文章 没有查询到任何记录。

最新文章 VB.NET 2005编写定时关 Jquery get/post下乱码解决方法 前台gbk gb如何使用数据绑定控件显示数据ASP脚本循环语句ASP怎么提速

人气排行 轻松解决"Server Application Error"和iis"一起学习DataGridView调整列宽用ASP随机生成文件名的函数Jquery get/post下乱码解决方法 前台gbk gbODBC Drivers错误80004005的解决办法返回UPDATE SQL语句所影响的行数的方法用Javascript隐藏超级链接的真实地址两个不同数据库表的分页显示解决方案