数据安全控制类
来源:互联网 发布:葫芦娃三娃被软件捆 编辑:程序博客网 时间:2024/05/16 01:41
public sealed class SecurityDB
...{
判断是否服务器端提交#region 判断是否服务器端提交
/**//// <summary>
/// 判断是否服务器端提交
/// </summary>
/// <returns></returns>
public static bool Judge_ThisSubmit()
...{
string text1 = HttpContext.Current.Request.ServerVariables["HTTP_REFERER"];
string text2 = HttpContext.Current.Request.ServerVariables["SERVER_NAME"];
string text3 = string.Empty;
if (text1 != null)
...{
text3 = text1.Substring(7, text2.Length);//根据网站地址确定
}
if (text3 != text2)
...{
return false;
}
return true;
}
#endregion
MD5_ByteEncrypt#region MD5_ByteEncrypt
/**//// <summary>
/// 加密处理用户密码
/// </summary>
/// <param name="encryptString">需要加密的字符串</param>
/// <returns>加密后的字符串</returns>
public static string MD5_ByteEncrypt(string encryptString)
...{
Byte[] clearBytes = new UnicodeEncoding().GetBytes(encryptString);
Byte[] hashedBytes = ((HashAlgorithm)CryptoConfig.CreateFromName("MD5")).ComputeHash(clearBytes);
return BitConverter.ToString(hashedBytes);
}
public static string pwdSecurity(string pwd)
...{
return FormsAuthentication.HashPasswordForStoringInConfigFile(pwd, "md5").ToLower();
}
#endregion
DES_Encrypt#region DES_Encrypt
/**//// <summary>
/// 加密。注意:sKey输入密码的时候,必须使用英文字符,区分大小写,且字符数量是8个,不能多也不能少,否则出错。
/// </summary>
///<param name="pToEncrypt">加密字符串</param>
///<param name="sKey">密钥</param>
public static string DES_Encrypt(string pToEncrypt, string sKey)
...{
DESCryptoServiceProvider des = new DESCryptoServiceProvider();
//把字符串放到byte数组中
//原来使用的UTF8编码,我改成Unicode编码了,不行
byte[] inputByteArray = Encoding.Default.GetBytes(pToEncrypt);
//byte[] inputByteArray=Encoding.Unicode.GetBytes(pToEncrypt);
//建立加密对象的密钥和偏移量
//原文使用ASCIIEncoding.ASCII方法的GetBytes方法
//使得输入密码必须输入英文文本
des.Key = ASCIIEncoding.ASCII.GetBytes(sKey);
des.IV = ASCIIEncoding.ASCII.GetBytes(sKey);
MemoryStream ms = new MemoryStream();
CryptoStream cs = new CryptoStream(ms, des.CreateEncryptor(), CryptoStreamMode.Write);
//Write the byte array into the crypto stream
//(It will end up in the memory stream)
cs.Write(inputByteArray, 0, inputByteArray.Length);
cs.FlushFinalBlock();
//Get the data back from the memory stream, and into a string
StringBuilder ret = new StringBuilder();
foreach (byte b in ms.ToArray())
...{
//Format as hex
ret.AppendFormat("{0:X2}", b);
}
return ret.ToString();
}
#endregion
DES_Decrypt#region DES_Decrypt
/**//// <summary>
/// 解密。
/// </summary>
/// <param name="pToDecrypt">解密字符串</param>
/// <param name="sKey">密钥</param>
public static string DES_Decrypt(string pToDecrypt, string sKey)
...{
DESCryptoServiceProvider des = new DESCryptoServiceProvider();
//Put the input string into the byte array
byte[] inputByteArray = new byte[pToDecrypt.Length / 2];
for (int x = 0; x < pToDecrypt.Length / 2; x++)
...{
int i = (Convert.ToInt32(pToDecrypt.Substring(x * 2, 2), 16));
inputByteArray[x] = (byte)i;
}
//建立加密对象的密钥和偏移量,此值重要,不能修改
des.Key = ASCIIEncoding.ASCII.GetBytes(sKey);
des.IV = ASCIIEncoding.ASCII.GetBytes(sKey);
MemoryStream ms = new MemoryStream();
CryptoStream cs = new CryptoStream(ms, des.CreateDecryptor(), CryptoStreamMode.Write);
//Flush the data through the crypto stream into the memory stream
cs.Write(inputByteArray, 0, inputByteArray.Length);
cs.FlushFinalBlock();
//Get the decrypted data back from the memory stream
//建立StringBuild对象,CreateDecrypt使用的是流对象,必须把解密后的文本变成流对象
StringBuilder ret = new StringBuilder();
return System.Text.Encoding.Default.GetString(ms.ToArray());
}
#endregion
FilterSQL-Html#region FilterSQL-Html
/**//// <summary>
/// 过滤SQL/Html
/// </summary>
/// <param name="text"></param>
/// <returns></returns>
public static string FilterSQL(string text)
...{
string validSql = "";
if (text != null)
...{
text = text.Replace(""", """);
//text = text.Replace(";", "'';''");
//text = text.Replace("'", "''");
//text = text.Replace("--", "''--''");
//text = text.Replace("%25", "");
//text = text.Replace("%0a", "");
//text = text.Replace("%22", "");
//text = text.Replace("%27", "");
//text = text.Replace("%5c", "");
//text = text.Replace("%2f", "");
//text = text.Replace("%3c", "");
//text = text.Replace("%3e", "");
//text = text.Replace("%26", "");
text = text.Replace("<", "<");
text = text.Replace(">", ">");
validSql = text;
}
return validSql;
}
public static string FilterTestHtml(string text)
...{
string validSql = "";
if (text != null)
...{
text = text.Replace(" ", " ");
text = text.Replace("&", "&");
text = text.Replace(" ", "<br>");
//text = text.Replace(" ","<br>");
//text = text.Replace(" ","<br>");
//text = text.Replace(""",""");
//text = text.Replace(";","'';''");
//text = text.Replace("--","''--''");
//text = text.Replace("--","''--''");
//text = text.Replace("<","<");
// = text.Replace(">",">");
validSql = text;
}
return validSql;
}
public static string UnFilterTestHtml(string text)
...{
string validSql = "";
if (text != null)
...{
text = text.Replace(" ", " ");
text = text.Replace("<br>", " ");
//text = text.Replace(">",">");
validSql = text;
}
return validSql;
}
SQL简单过滤#region SQL简单过滤
public static string Text_FSQL(string text)
...{
string validSql = "";
if (text != null)
...{
text = text.Replace("--", "——");
text = text.Replace("'", "‘");
validSql = text;
}
return validSql;
}
#endregion
#endregion
MD5加密保存小写#region MD5加密保存小写
/**//// <summary>
/// MD5加密 保存
/// </summary>
/// <param name="pwd">用于加密的字段</param>
/// <param name="IFLower">是否转化为小写</param>
/// <returns></returns>
public static string pwdSecurity(string pwd, bool IFLower)
...{
if (IFLower)
...{
return FormsAuthentication.HashPasswordForStoringInConfigFile(pwd, "md5").ToLower();
}
else
...{
return FormsAuthentication.HashPasswordForStoringInConfigFile(pwd, "md5");
}
}
#endregion
}
