快捷搜索:

加密QueryString数据

Problem with Query String Method

Often time we use query string collection to retrieve an unique record from a table. Notice the following

piece of code -

Detail.asp?RecordID=200

Here we are passing a query string value called "RecordID" using the url. We then use the Query String

collection "RecordID" to get the actual number -

The problem with the above method is that we are exposing "RecordID" to the public. Hence making easy to

hackers to just change the RecordID Query string to retrieve other values of the table.

Solution to the above problem

In order to solve the above problem, we will use two ASP pages and the ASP random number function to

scramble the passing query string value so that the real record number is not exposed to others.

On the first page we get a random number with the following code -

Now that we have our random number we will scramble our query string with it! Here is how -

"

Display_Rs.Movenext

Wend

%>

In the next page we will un-scramble the query string! Here is how -

That's it! Using the above method you can scramble a query string as much as you like. For example

multiply the random number with a very complex formula to generate an even more difficult integer number.

The key point here is you dividethe number with the same formula yielding to the original value. This

technique is not full proof but much more difficult to break in that passing a regular query string value.

您可能还会对下面的文章感兴趣: