#眉標=ASP.NET
#副標=ASP.NET 網頁安全
#大標=ASP.NET 防駭指南
#作者=作者/李明儒
==<程式1>===========
protected void Button1_Click(object sender, EventArgs e)
{
using (SqlConnection cn = new SqlConnection("Data Source=(local);User Id=sa; Password=mypassword; Initial Catalog=Lab;"))
{
cn.Open();
string sqlText = "SELECT UserName FROM tblAccount WHERE Account='" + txtUID.Text + "' AND Password='" + txtPWD.Text + "'";
SqlCommand cmd = new SqlCommand(sqlText, cn);
SqlDataReader dr = cmd.ExecuteReader();
if (dr.Read())
Response.Write("歡迎登入! " + dr["UserName"].ToString());
else
Response.Write("帳號或密碼錯誤!");
dr.Close();
cn.Close();
}
}
====<程式1 end>==============
==<程式2>===========
cn.Open();
string sqlText = "SELECT UserName FROM tblAccount WHERE Account=@account AND Password=@password";
SqlCommand cmd = new SqlCommand(sqlText, cn);
cmd.Parameters.Add("@account",
(acle,是沒為此應用程式另外建立專屬帳號,而是 SqlDbType.NVarChar).Value = txtUID.Text;
cmd.Parameters.Add("@password",
SqlDbType.NVarChar).Value = txtPWD.Text;
SqlDataReader dr = cmd.ExecuteReader();
==<程式2 end>==============
==<程式3>===========
using System;
using System.Security.Cryptography;
using System.Text;
using System.IO;
public struct DESKeyPack
{
public byte[] Key, IV;
public DESKeyPack(byte[] data)
{
Key = new byte[8];
Buffer.BlockCopy(data, 0, Key, 0, 8);
IV = new byte[8];
Buffer.BlockCopy(data, 8, IV, 0, 8);
}
}
public class Cipher
{
private static DESKeyPack genKeyPack(string keyString)
{
//可以在不同的版本設不同的SALT值
//則不同版本的程式不能用來解密
const string salt = "SALT";
MD5CryptoServiceProvider md5 = new MD5CryptoServiceProvider();
byte[] data = md5.ComputeHash(
UTF8Encoding.UTF8.GetBytes(keyString + salt)
);
md5.Clear();
DESKeyPack dkp = new DESKeyPack(data);
return dkp;
}
public static string Encrypt(string rawString, string keyString)
{
DESKeyPack dkp = genKeyPack(keyString);
DESCryptoServiceProvider des = new DESCryptoServiceProvider();
ICryptoTransform trans = des.CreateEncryptor(
dkp.Key, dkp.IV
);
MemoryStream ms = new MemoryStream();
CryptoStream cs = new CryptoStream(ms, trans, CryptoStreamMode.Write);
byte[] rawData = UTF8Encoding.UTF8.GetBytes(rawString);
cs.Write(rawData, 0, rawData.Length);
cs.FlushFinalBlock();
cs.Close();
return Convert.ToBase64String(ms.ToArray());
}
public static string Decrypt(string encString, string keyString)
{
DESKeyPack dkp = genKeyPack(keyString);
DESCryptoServiceProvider des = new DESCryptoServiceProvider();
ICryptoTransform trans = des.CreateDecryptor(
dkp.Key, dkp.IV
);
MemoryStream ms = new MemoryStream();
CryptoStream cs = new CryptoStream(ms, trans, CryptoStreamMode.Write);
byte[] rawData = Convert.FromBase64String(encString);
cs.Write(rawData, 0, rawData.Length);
cs.FlushFinalBlock();
cs.Close();
return UTF8Encoding.UTF8.GetString(ms.ToArray());
}
}
==<程式3 end>==============
==<程式4>===========
protected void Page_Load(object sender, EventArgs e)
{
string rawString="Hello World!";
string encString = Cipher.Encrypt(rawString, "MyKey");
Response.Write("
ENC=" + encString);
string decString = Cipher.Decrypt(encString, "MyKey");
Response.Write("
DEC=" + decString);
}
顯示結果:
ENC=kGdj4wLUX1NVd5BGB3w/iA==
DEC=Hello World!
==<程式4 end>==============