编程经验:字符串加密解密
其URL地址如下:http://www.XXXX.com/getuserinfo.aspx?id=XXXX
现在将id后面的参数(XXXX)设置成1~55000之间的任一数字,即可查看对应编号的用户信息。并且对此URL保存后可“方便”的直接访问上述内容,这样是很不安全的。
这里我们采取对ID进行加密解密的方法
using System.Security.Cryptography;
using System.IO;
using System.Text;
using System;
///<summary>
/// VerifyTool 的摘要说明--慕容听雨工作室
///</summary>
public class VerifyTool
{
public VerifyTool()
{
}
///<summary>
///加密
///</summary>
///<param name="str">需要加密的字符串</param>
///<param name="key">密钥</param>
///<returns></returns>
public static string Encode(string str, string key)
{
DESCryptoServiceProvider provider = new DESCryptoServiceProvider();
provider.Key = Encoding.ASCII.GetBytes(key.Substring(0, 8));
provider.IV = Encoding.ASCII.GetBytes(key.Substring(0, 8));
byte[] bytes = Encoding.GetEncoding("GB2312").GetBytes(str);
MemoryStream stream = new MemoryStream();
CryptoStream stream2 = new CryptoStream(stream, provider.CreateEncryptor(), CryptoStreamMode.Write);
stream2.Write(bytes, 0, bytes.Length);
stream2.FlushFinalBlock();
StringBuilder builder = new StringBuilder();
foreach (byte num in stream.ToArray())
{
builder.AppendFormat("{0:X2}", num);
}
stream.Close();
return builder.ToString();
}
///<summary>
/// Des 解密 GB2312
///</summary>
///<param name="str">Desc string</param>
///<param name="key">Key ,必须为8位 </param>
///<returns></returns>
public static string Decode(string str, string key)
{
DESCryptoServiceProvider provider = new DESCryptoServiceProvider();
provider.Key = Encoding.ASCII.GetBytes(key.Substring(0, 8));
provider.IV = Encoding.ASCII.GetBytes(key.Substring(0, 8));
byte[] buffer = new byte[str.Length / 2];
for (int i = 0; i < (str.Length / 2); i++)
{
int num2 = Convert.ToInt32(str.Substring(i * 2, 2), 0x10);
buffer[i] = (byte)num2;
}
MemoryStream stream = new MemoryStream();
CryptoStream stream2 = new CryptoStream(stream, provider.CreateDecryptor(), CryptoStreamMode.Write);
stream2.Write(buffer, 0, buffer.Length);
try
{
stream2.FlushFinalBlock();
}
catch (System.Exception ex)
{
throw new AppException("非法请求!");
}
stream.Close();
return Encoding.GetEncoding("GB2312").GetString(stream.ToArray());
}
}