C # Discovery Tour Nineth talk about ASP. NET Authentication Code Technology

To get a deeper understanding and use of C #, we will begin this series of technical lectures on the "C # Discovery Tour". Given that most of you are in the Web database development, and the so-called discovery is found that we are unfamiliar with the field, so this series of lectures will be C # in the Web database development outside the application. The main content of the current planning is graphic development and XML development, and plans to organize a number of courses. In the next C # Discovery Tour, we follow the step-by-step steps to explore and discover the other unknown areas of C #, a deeper understanding and mastery of the use of C # for software development, broaden our horizons, enhance our comprehensive software development capabilities.

The demo code for this series of courses.

Course description

Well, in the last lesson, we began to learn how to use graphics programming techniques in asp.net. Today, we have an in-depth understanding of the application of graphics programming in ASP.net for verification code technology.

Verification code technology is a kind of security defense technology adopted by many web programs at present. When the system is logged in not only to output username and password, but also to enter a randomly generated code text, at this time the user needs to enter the correct three information to log into the system.

Since the verification code technology can effectively resist some hacker attacks, it is widely used, and in some C/s system, it also uses the technology from web development.

Verification Code principle

In the current software operating environment, security has become the most software must consider the problem, hackers everywhere, the increasingly rich way to attack, especially the web system because of its openness is facing a severe test, the hacker incidents, resulting in the loss and impact is also constantly growing, Our software developers need to be quite aware of this and take steps to protect against all kinds of hacker attacks.

Enumerating Dictionary security attacks

In a variety of hacker attacks, it is very common to get user names and passwords, many of which are used to enumerate dictionaries to constantly test the user name and password.

For example, a hacker to obtain a bank account, and then open accounts of the bank's online bank login interface. Analysis of the HTML code, found that its page is shoddy, no verification code, no security control, only required to enter the bank account number and withdrawal password can be logged in. The hacker Heart exultation, immediately wrote a program, directly invoke HTTP protocol, use the program to simulate the browser to the Internet Bank server submit account number and password to try to log in. Because the withdrawal code is 6 digits, so there are 1 million combinations, the hacker's computer from six zero start test to six nine, this will certainly test the real password. Hackers find a broadband high-speed Internet access computer, run to get the money after the program is busy with other things, assuming that the computer 1 seconds to test 10 passwords, so spend 100,000 seconds of time will certainly be able to find the password. 100,000 seconds is 27 hours, a day more time, in fact, it may not take that long time. Hackers outside a circle back, found that the password has been found, so immediately log on to the Internet bank money, or forge a bank card to the ATM machine to withdraw cash. That means the hacker spends a day at most to get an unpredictable amount of illegal income.