使MVC应用程序对ajax和其他攻击安全

时间:2021-04-17 11:28:11

I have a complete unsafe mvc application. And now I started to think about security. Cause I use a couple of ajax I will close this securityhole with AntiForgeryToken is this a good way to stop Injection attacks?.

我有一个完整的不安全的mvc应用程序。现在我开始考虑安全问题了。因为我使用了几个ajax我会用AntiForgeryToken关闭这个安全漏洞这是一个停止注入攻击的好方法吗?

Next I thought about authentication and how i could manage my users. Than I decided to use the users of my Domain. But how can I auth from mvc to the user base of my Microsoft Domainserver? And whats about HTTPS. how can I activate that

接下来我考虑了身份验证以及如何管理用户。比我决定使用我的域用户。但是如何从mvc授权到我的Microsoft Domainserver的用户群?关于HTTPS的最新消息。我怎么能激活它

thanks for your ideas. And I definitely forgot some details so please ask me for them!

谢谢你的想法。我肯定忘记了一些细节,所以请问我他们!

1 个解决方案

#1


1  

AntiForgeryToken will not stop injection attacks. It will prevent cross-site attacks.

AntiForgeryToken不会停止注射攻击。它可以防止跨站点攻击。

Stop injection attacks by never constructing SQL queries from user strings. Always user parameterized queries.

永远不要从用户字符串构造SQL查询来停止注入攻击。始终是用户参数化查询。

Your authentication scheme depends on your needs. If your users are already in Active Directory, then manage them from you domain server. Otherwise, create a user database.

您的身份验证方案取决于您的需求。如果您的用户已在Active Directory中,请从您的域服务器管理它们。否则,请创建用户数据库。

HTTPS is activated on the web server.

HTTPS在Web服务器上激活。

#1


1  

AntiForgeryToken will not stop injection attacks. It will prevent cross-site attacks.

AntiForgeryToken不会停止注射攻击。它可以防止跨站点攻击。

Stop injection attacks by never constructing SQL queries from user strings. Always user parameterized queries.

永远不要从用户字符串构造SQL查询来停止注入攻击。始终是用户参数化查询。

Your authentication scheme depends on your needs. If your users are already in Active Directory, then manage them from you domain server. Otherwise, create a user database.

您的身份验证方案取决于您的需求。如果您的用户已在Active Directory中,请从您的域服务器管理它们。否则,请创建用户数据库。

HTTPS is activated on the web server.

HTTPS在Web服务器上激活。