Security issues arising from the encryption and decryption of client data by web programs

Source: Internet
Author: User

 0 × 00 PrefaceFor a complete system, both desktop and web programs use the client to save data such as cookies and db files. To prevent external access or control, the system encrypts the data, such as qq passwords, chat records, and user information in web programs. For open-source programs, algorithms are open, and Data Encryption relies only on keys to protect data. Once the data is controllable, some security problems may occur, this article discusses the security of code for private data in open-source web applications.0 × 01: KeysWhen some encryption keys can be calculated or cracked, private data is fully controllable, and attacks such as SQL injection, xss, and unauthorized access are performed according to the actual environment. Example: espcms brute force injection http://www.bkjia.com/Article/201304/199559.html dedecms cookie injection http://www.wooyun.org/bugs/wooyun-2010-018567PHPCMS V9 sys_auth () design defects cause multiple SQL injection vulnerability http://www.bkjia.com/Article/201109/104004.html0 × 02 cool farming: key unknownFor the unification of data and code, the encryption and decryption keys of data in a set of systems are generally common. We can use some functions of the program to generate encrypted data, to control the private data of the program and launch attacks. Similar cases such as phpcms SQL Injection http://www.wooyun.org/bugs/wooyun-2010-024984espcms secondary injection http://www.bkjia.com/Article/201308/235764.html0 × 03 SummaryWhen variables can be controlled, everything is dangerous. In addition to strictly filtering input and output data, the program also needs to process internal private data.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.