编程经验：字符串加密解密

 

其URL地址如下：http://www.XXXX.com/getuserinfo.aspx?id=XXXX

现在将id后面的参数（XXXX）设置成1~55000之间的任一数字，即可查看对应编号的用户信息。并且对此URL保存后可“方便”的直接访问上述内容，这样是很不安全的。

 

这里我们采取对ID进行加密解密的方法

 

using System.Security.Cryptography;

using System.IO;

using System.Text;

using System;

 

///<summary>

/// VerifyTool 的摘要说明--慕容听雨工作室

///</summary>

public class VerifyTool

{

    public VerifyTool()

    {

 

 

    }

    ///<summary>

    ///加密

    ///</summary>

    ///<param name="str">需要加密的字符串</param>

    ///<param name="key">密钥</param>

    ///<returns></returns>

    public static string Encode(string str, string key)

    {

        DESCryptoServiceProvider provider = new DESCryptoServiceProvider();

        provider.Key = Encoding.ASCII.GetBytes(key.Substring(0, 8));

        provider.IV = Encoding.ASCII.GetBytes(key.Substring(0, 8));

        byte[] bytes = Encoding.GetEncoding("GB2312").GetBytes(str);

        MemoryStream stream = new MemoryStream();

        CryptoStream stream2 = new CryptoStream(stream, provider.CreateEncryptor(), CryptoStreamMode.Write);

        stream2.Write(bytes, 0, bytes.Length);

        stream2.FlushFinalBlock();

        StringBuilder builder = new StringBuilder();

        foreach (byte num in stream.ToArray())

        {

            builder.AppendFormat("{0:X2}", num);

        }

        stream.Close();

        return builder.ToString();

    }

 

    ///<summary>

    /// Des 解密 GB2312

    ///</summary>

    ///<param name="str">Desc string</param>

    ///<param name="key">Key ,必须为8位 </param>

    ///<returns></returns>

    public static string Decode(string str, string key)

    {

        DESCryptoServiceProvider provider = new DESCryptoServiceProvider();

        provider.Key = Encoding.ASCII.GetBytes(key.Substring(0, 8));

        provider.IV = Encoding.ASCII.GetBytes(key.Substring(0, 8));

        byte[] buffer = new byte[str.Length / 2];

        for (int i = 0; i < (str.Length / 2); i++)

        {

            int num2 = Convert.ToInt32(str.Substring(i * 2, 2), 0x10);

            buffer[i] = (byte)num2;

        }

        MemoryStream stream = new MemoryStream();

        CryptoStream stream2 = new CryptoStream(stream, provider.CreateDecryptor(), CryptoStreamMode.Write);

        stream2.Write(buffer, 0, buffer.Length);

        try

        {

            stream2.FlushFinalBlock();

        }

        catch (System.Exception ex)

        {

            throw new AppException("非法请求!");

        }

      

        stream.Close();

        return Encoding.GetEncoding("GB2312").GetString(stream.ToArray());

    }

}