how to pass sensitive data from view to controller

*爱你&永不变心* 提交于 2020-01-05 03:26:32

问题


In order to construct an entity with quite a lot of information, I need to performe a sequence of forms submitting. Every time I return a view from a controller, I need to pass some id's about the not yet established entity. Right now I inject these pieces of info into hidden fields, and when post back to server, continuing to construct the entity. This scenario continues for a few times. I'm very not satisfied with this way of passing sensitive information, and was wonder if there're other more appropriate ways of doing it. I use authorization and authentication, but still worried of some scenarios in which one user could hack these id's, before sending it back to server, and by that, modifying the wrong entity.

Also, seems kind of hard work to pass back and forth the same data. I disqualified the use of sessions, because it reveals a different kind of data disruption threat . (in case of using more than one browser at a time).

How should I perform the mentioned operation?


回答1:


You can use a secure hash of the data in another hidden field to detect tampering with the values.

Here is an example of how to generate a cryptographically secure hash http://www.bytemycode.com/snippets/snippet/379/




回答2:


You can secure your data using many approaches, I discussed some of it in this post

http://miroprocessordev.blogspot.com/2012/03/save-aspnet-mvc-application-against.html

http://miroprocessordev.blogspot.com/2012/03/safe-aspnet-mvc-application-against.html




回答3:


use Cross-site request forgery with token to identify that everytime u send an info it contains same token generated at server side and returned from your html



来源:https://stackoverflow.com/questions/10497126/how-to-pass-sensitive-data-from-view-to-controller

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!