Asp.net 網站防攻擊安全設置
針對已解密的_ViewStat參數漏洞整改建議:在<system.web>下添加web
<machineKey validation="3DES"/>shell
禁用腳本調試
<compilation debug="true">ide
protected override void OnInit(EventArgs e)
{
base.OnInit(e);
if (System.Web.HttpContext.Current.Session != null)
{
ViewStateUserKey = Session.SessionID;
}
}
防止僞造用戶身份debug
public partial class AdminLogin : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
if(!Page.IsPostBack)
Session.Clear();
}調試
}cmd
防SQL注入string
public static bool FilterChar(string oldstr)
{
bool flag = true;
string[] filterstr = {"and ","exec ","insert ","select ","delete ","update ","count(","from ","drop ","asc(","char(","or ","chr(","mid("," master",
"truncate ","declare ","sitename","net user","xp_cmdshell "," /add","exec master.dbo.xp_cmdshell","net localgroup administrators",
"%",";","/'","/"","-","@",",","//","!","(",")","[","]","{","}","|"};
for (int i = 0; i < filterstr.Length; i++)
{
if (oldstr.Contains(filterstr[i]))
{
flag = false;
break;
}
}
return flag;
}it
- 1. 網站安全配置Nginx防止網站被攻擊
- 2. 網站安全配置Nginx防止網站被攻擊(轉)
- 3. 網站防攻擊
- 4. 網站被攻擊 如何作好網站安全防禦
- 5. 應用安全-Web安全-XSS(跨站攻擊)攻防整理
- 6. 如何防止網站被SQL注入攻擊之java網站安全防禦
- 7. 如何防止網站被SQL注入攻擊之java網站安全防護
- 8. nginx 防DDOS攻擊設置
- 9. 360safe安全衛士防網站攻擊源碼
- 10. 網站安全的常見攻擊方式防止
- 更多相關文章...
- • ASP.NET MVC - 安全 - ASP.NET 教程
- • 網站建設指南 - 網站建設指南
- • IntelliJ IDEA代碼格式化設置
- • Composer 安裝與使用
-
每一个你不满意的现在,都有一个你没有努力的曾经。