Viewstate中的敏感数据

Viewstate中的敏感数据

本文介绍了Viewstate中的敏感数据?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我需要在每个会话的几个页面(通过https运行)中存储敏感数据.

I need to store sensitive data across few pages (run over https) per session.

我不能使用会话对象,主要原因是会话存储被设计为与备份存储一样(主要是进行服务调用和加载会话).如果会话已重新启动,或者换句话说会话中的密钥不存在,请进行服务并重新填充会话.

I can't use session object, for the primary reason being that the session store is designed as just as backup store (primarily make service calls and load the session). If the session has been restarted or in other words that the key in the session does not exist, make the service and re-populate the session.

因此,在用户键入敏感数据的情况下,我需要将此数据跨页传送,我们目前没有持久存储,因此剩下的选项是将这些敏感数据存储在Viewstate中.

So, in the case of user keyed in sensitive data, i need to carry this data forward across pages, we do not have a persistent store for now, therefore option left is storing these sensitive data in Viewstate.

1)我应该加密数据然后存储在Viewstate中吗(尽管不建议使用-sec和perf.含义)或者2)我应该将数据存储在可序列化的类中,然后将其存储在Viewstate中吗?(由于存在性能问题,因此不建议再次使用)

1) Should I encrypt the data and store then in Viewstate (not recommended though - sec & perf. implications)OR2) Should i store the data in a serializable class and store that in Viewstate? (not recommended again due to perf. implications)

有什么意见吗?

推荐答案

ViewState在页面级别设置和维护.它不能跨不同的页面请求携带,只能在当前页面的回发中携带.假设您真的是说必须跨几页"携带数据,而不是回发.

ViewState is set and maintained on the page level. It cannot be carried across different page requests, only postbacks of the current page. Assuming you really mean you have to carry the data "across a few pages" rather than postbacks.

您可能会将敏感数据存储在cookie中,但这会带来一些安全风险.

You could potentially store your sensitive data in a cookie, but that comes with some security risks.

您还可以将敏感数据存储在服务器端数据存储区(xml文件,数据库等)中,并将数据的密钥存储在客户端cookie中.更加安全.

You could also store your sensitive data in a server side data store (xml file, database, etc.) and store a key to the data in the client side cookie. Slightly more secure.

这篇关于Viewstate中的敏感数据?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-05 15:42