厚积薄发-Web安全

 

1.敏感信息在数据库中要以密文储存

//一个md5加密的函数
     public String md5(String s)
      {
            System.Security.Cryptography.MD5 md5 = new             

            System.Security.Cryptography.MD5CryptoServiceProvider();           
            byte[] bytes = System.Text.Encoding.UTF8.GetBytes(s);
             bytes = md5.ComputeHash(bytes);
             md5.Clear();
 
             string ret = "";
            for(int i=0 ; i<bytes.Length ; i++)
            {               
                ret += Convert.ToString(bytes[i],16).PadLeft(2,'0');
           }
 
           return ret.PadLeft(32,'0');
        }

 

2.防止SQl注入攻击

//替换单引号

tbxLogonName.Text.Replace("'", "").Trim()

 

3.

...