我在 url 中传递了贷款 ID、社会安全号码和邮政编码。
LoanID: 205689
ssn No: 555-896-4569
Zip code: 12345
网址是http://localhost/Product/abc/manager/internet/PayCredential.aspx?LoanID=205689
出于安全目的,我需要将社会安全号码和邮政编码转换为哈希码,并将它们传递到此 url。然后我会在调用页面时解密它们。我怎样才能做到这一点?
问问题
881 次
3 回答
1
不要费心重新发明轮子。使用 SSL - 您的所有通信都将被加密,包括您的 URL。
于 2012-06-28T06:26:50.683 回答
0
Your whole approach is wrongheaded. Under no circumstances should you be passing that information via the querystring, even if you are encrypting it using SSL. As I mention in the comment to @zmbq, I don't want someone shoulder surfing my SSN while I'm paying my mortgage, thanks.
What you should do is have the data securely stored on the server side, SSL secure your connection, and the client's URL should only use a non-identifiable token (like session ID) to refer to it. If the user needs to enter their SSN as part of their login identifier, it should be entered via a password field so that the browser masks the input.
于 2012-07-05T21:20:21.530 回答
0
Hasing 在您的情况下不起作用。您无法从其散列值访问该对象。您应该在发送之前对数据进行加密,在使用之前对其进行解密。在这里您可以看到如何在 c# 中使用 encrpyt 和解密的示例:http: //www.codeproject.com/Articles/5719/Simple-encrypting-and-decrypting-data-in-C
另外,您可以使用 https 来提高安全性。
于 2012-06-28T06:28:24.013 回答