Niu Yi learning ---- Web programming security questions, ---- web security questions

Niu Yi learning ---- Web programming security questions, ---- web security questions

In web programming, security is a matter of constant attention. The SQL injection Prevention operation that you encounter when you hit the bull's nest. operations such as md5 conversion to plaintext and password to dark are all raised to address web programming security issues.

For this reason, I have read some information about web security from the Internet and briefly understood some web security issues.

• SQL Injection

SQL Injection allows attackers to submit data carefully. When the server merges SQL statements, they lose the original intention of the designer and execute wrong SQL statements.

For the simplest USER verification, use the simple select statement: select userName from user where userName = 1 and pwd = 1. When the USER enters user or 1 = 1 in the text box; when pwd or 1 = 1, the combined select statement becomes select userName from USER where userName = user or 1 = 1 and pwd = pwd or 1 = 1, intruders can log on without the correct username and password.

• Reflected XSS Vulnerability

This vulnerability occurs when the program dynamically displays the content submitted by the user but does not limit the content displayed. Remember the error interface we used when tapping the bull's nest. If the error interface is passed through parameters, it will be easily captured by others.

• Saved XSS Vulnerability

The saved XSS vulnerability is used to embed an attack script file into a webpage, which is executed by users who browse the webpage. For example, if no limit is imposed on the comment content on a webpage, intruders can add the problem script file to the database we designed, this section of code is executed each time, causing information leakage.

• Redirection Vulnerability

This type of vulnerability occurs when a program allows users to execute a redirected data input and instructs the browser to specify a URL different from the user's requirements.

Through a simple understanding of several common web programming vulnerabilities, we know that web development is not simply capable of implementing functions, we must put forward reasonable solutions to different system vulnerabilities, which requires us to accumulate in the coding process and constantly improve our security programming habits.

MD5 is the Message-Digest Algorithm 5, which is called information-Digest Algorithm 5 in Chinese. It is compressed to transmit the password entered by the user in a program in a dark-text manner.

Simple application:

// Reference using System. Text; using System. Security. Cryptography;

Byte [] result = Encoding. default. getBytes (textBox1. text. trim (); // obtain the user's input password MD5 = new MD5CryptoServiceProvider (); // defines the password service provider byte [] output = md5.ComputeHash (result ); // execute the hash algorithm to encrypt textBox2.Text = BitConverter. toString (output ). replace ("-", ""); // sets the output mode.

In addition, data encryption has also been put forward with the development of society new requirements, in addition to the MD5 algorithm, there are SHA1 algorithm, symmetric encryption (DES, AES), asymmetric encryption algorithm (RSA) and so on.

Conclusion: The niuyun operating system opened the starting line for me to learn web programming. Learning from an instance can attract us all at once, however, if every detail of it makes us zoom in, there will be a lot of unknown things. At this time, it will be very helpful for us to think about unknown things.

References:

Web security programming practices

Web security practices

C # programming Summary (7) Data Encryption-source code

How to use MD5 encryption in C #