C#安全Cookie的设计开发

摘要

Cookie是一小段文本信息，伴随着用户请求和页面在 Web 服务器和浏览器之间传递。Cookie 包含每次用户访问站点时 Web 应用程序都可以读取的信息。服务器可以利用Cookie包含信息的任意性来筛选并经常性维护这些信息，以判断在HTTP传输中的状态。使用 Cookie 能够达到多种目的，所有这些目的都是为了帮助网站记住用户。

Cookie技术的应用，给网站带来了更多的功能，也给用户带来了极大的方便和个性化的体验，然而, 由于Cookie 以明文形式在浏览器和服务器间发送，任何可以截获 Web 通信的人都可以读取 Cookie、设置 Cookie 属性，而且Cookie信息也可以从用户的电脑上被盗走，所以不正当地利用此技术会造成用户信息的安全问题。

对于上述安全问题，本设计中采用以下方法确保Cookie的安全，首先是在Cookie内容中加入MAC/IP鉴别信息来防止Cookie被盗用，然后使用AES/SHA1算法来加密Cookie内容来防止Cookie内容泄露。经实际测试验证，该方法有效的保证了Cookie的安全。

关键字：Cookie，隐私，安全，加密解密

Abstract

Cookie is a short text message, along with the request of users and pages between the Web server and browser. Cookie contains the information that applications can read whenever user accesses the Web sites. Web server can use the trait of Cookie that it can carry any information to filter and regularly maintain the information, so the state of the HTTP transmission can be determined. Cookie can be used to achieve a variety of purposes, all of these are designed to help Web sites to remember user.

The applications of the Cookie technology make the site more functional, and they also bring great convenience and personalized experience to users, information can also be stolen from the user's computer, so the improper use of this technology will cause personal information security issues.

Towards the security issues of Cookie technology that mentioned above, this design use the following methods to ensure the safety of Cookie. First add a MAC / IP identification information to the Cookie content to prevent unauthorized use, and then use the AES/SHA1 algorithm to encrypt the Cookie content to prevent leakage. With the practical test verification, this method is effective in ensuring the security of Cookie.

Keywords: Cookie, privacy, security, encryption and decryption

上一页  [1] [2] [3] [4] [5] [6] [7] [8] [9] [10]  ... 下一页  >>