Beef Brisket Learning----Web programming security issues

For web programming, security is an issue to be aware of at all times. In the case of tapping the beef brisket to prevent SQL injection, MD5 conversion of plaintext password for dark text and other operations are to address the Web programming security issues.

To do this from the Internet for some information on web security, some Web security issues a simple understanding.

• SQL injection

SQL injection is an attacker who, through well-designed submission data, loses the designer's original intention when the server synthesizes the SQL statement, leading to the execution of the wrong SQL statement.

The simplest user authentication is if a simple SELECT statement is used: Select UserName from user where username=1 and pwd=1, when the user enters user or 1=1;pwd or 1=1 in the text box, the combined select The statement becomes a select userName from user where UserName =user or 1=1 and pwd=pwd or 1=1, at which point the intruder can log on without the correct user name and password.

• Reflective XSS Vulnerability

This vulnerability occurs when the program dynamically displays user submissions without restricting the displayed content. Remember the wrong interface we used when we were knocking on the brisket, and if the error interface was passed through the parameters, it would be easily captured by others.

• Saved XSS Vulnerability

      A saved XSS vulnerability is the embedding of an offensive script file into a Web page where the user who browses the page executes the code. For example, if there are no restrictions on the content of a comment in the Web page, the intruder can add the problem script file to the database we designed, and the code is executed each time it is executed, resulting in the disclosure of the information.

• REDIRECT Vulnerability

This type of vulnerability occurs when a program allows a user to perform a redirected data entry that instructs the browser to specify a different URL than the user requires.

Through the simple understanding of several common vulnerabilities of web programming above, we know that web development is not simple enough to implement the function, we must propose a reasonable solution for different system vulnerabilities, which requires us to accumulate in the process of coding and constantly improve our own habit of safe programming.

MD5 is message-digest algorithm 5, the Chinese name is: Information-Digest algorithm 5, through a compression method, the user entered the password in the program in the way of dark text transmission.

Simple application:

Reference using system.text;using System.Security.Cryptography;

Byte[] result = Encoding.Default.GetBytes (textBox1. Text. Trim ());    Get user input password            MD5 MD5 = new MD5CryptoServiceProvider ();    Define password service provider            byte[] output = Md5.computehash (result);   Performs a hashing algorithm for encryption            TextBox2.Text = bitconverter.tostring (Output). Replace ("-", "" ");   Set Output mode

In addition, data encryption in the social development continues to be put forward new requirements, in addition to the MD5 algorithm, there are SHA1 algorithms, symmetric encryption (DES, AES), Asymmetric encryption Algorithm (RSA) and so on.

Summary:Beef Brisket Operating system Let me start the learning of Web programming, starting from an example of learning can suddenly attract our interest, but it's every detail let us enlarge the words will have a lot of unknown things, this time, sorting out the knowledge of the unknown to our future study will be a great help.

The article draws lessons from:

"Web Security Programming Practical"

"Web Security Combat"

C # Programming Summary (VII) Data encryption--attached source code

Methods of using MD5 encryption in C #

Beef Brisket Learning----Web programming security issues