Delphi结合ASP使用安全问题?(持续在线等,有好答案理解结帖给分)

问题是这样的我通过Delphi的POST给ASP端提交参数.然后ASP根据提交来的参数操作数据库.可是这样基本上没有任何安全性了.例如我把Delphi的两个变量作为参数提交给ASP.ASP写入数据库.可是别人可以直接通过IE URL地址 来提交这两个参数.ASP也依旧执行.这样任何人都可以往数据库里添加数据了.这样极其不安全.这个问题应该如何解决?

解决方案 »

  1.   

    1、用Webservice方式实现。
    2、登录时在ASP服务端记录一个sessionId,Delphi提交时带这个sessionId,SessionId非法,则不允许操作数据库。SessionId可自己加密。
      

  2.   

    使用HTTPS,强制校验客户端证书,只接受某一根证书签发的证书.
      

  3.   

    感谢各位的帮助.理论我都明白,问题是这样的我用IDHTTP进行POST提交.我曾想过用3楼的办法.可是有这样一串解密函数我不知道该如何转到ASP中,希望谁能帮下~~
    function Instauration(Src: string; Key: string): string; stdcall; //字符解密
    var
      KeyLen: Integer;
      KeyPos: Integer;
      offset: Integer;
      dest: string;
      SrcPos: Integer;
      SrcAsc: Integer;
      TmpSrcAsc: Integer;
    begin
      KeyLen := Length(Key);
      if KeyLen = 0 then key := 'Think Space';
      KeyPos := 0;
      offset := StrToInt('$' + copy(src, 1, 2));
      SrcPos := 3;
      repeat
        SrcAsc := StrToInt('$' + copy(src, SrcPos, 2));
        if KeyPos < KeyLen then KeyPos := KeyPos + 1 else KeyPos := 1;
        TmpSrcAsc := SrcAsc xor Ord(Key[KeyPos]);
        if TmpSrcAsc <= offset then
          TmpSrcAsc := 255 + TmpSrcAsc - offset
        else
          TmpSrcAsc := TmpSrcAsc - offset;
        dest := dest + chr(TmpSrcAsc);
        offset := srcAsc;
        SrcPos := SrcPos + 2;
      until SrcPos >= Length(Src);
      Result := Dest;
    end;
    以上是一段D的解密函数,希望请那位大哥帮忙转一下ASP.谢~
      

  4.   

    恩 那个加密函数虽然比较简单,但是生成的是随机值,比较迷惑人,我一直用那个,我是做idhttp+php版的、、、也在郁闷这个加密问题
      

  5.   

    帮帮啊,现在csdn里真正帮忙的没几个,水人到不少
      

  6.   

    哎,用DES吧,网上有js、delphi、php、perl四语标准版,虽然每次加密结果是固定的,猥琐点就行了
      

  7.   

    <script language="javascript">
    <!--
    function screncode(s,l)
    {enc=new ActiveXObject("Scripting.Encoder");
    return enc.EncodeScriptFile("."+l,s,0,l+"cript");
    }var STATE_COPY_INPUT = 100
    var STATE_READLEN = 101
    var STATE_DECODE = 102
    var STATE_UNESCAPE = 103var pick_encoding = new Array(
    1, 2, 0, 1, 2, 0, 2, 0, 0, 2, 0, 2, 1, 0, 2, 0,
    1, 0, 2, 0, 1, 1, 2, 0, 0, 2, 1, 0, 2, 0, 0, 2,
    1, 1, 0, 2, 0, 2, 0, 1, 0, 1, 1, 2, 0, 1, 0, 2,
    1, 0, 2, 0, 1, 1, 2, 0, 0, 1, 1, 2, 0, 1, 0, 2
    )var rawData = new Array(
    0x64,0x37,0x69, 0x50,0x7E,0x2C, 0x22,0x5A,0x65, 0x4A,0x45,0x72,
    0x61,0x3A,0x5B, 0x5E,0x79,0x66, 0x5D,0x59,0x75, 0x5B,0x27,0x4C,
    0x42,0x76,0x45, 0x60,0x63,0x76, 0x23,0x62,0x2A, 0x65,0x4D,0x43,
    0x5F,0x51,0x33, 0x7E,0x53,0x42, 0x4F,0x52,0x20, 0x52,0x20,0x63,
    0x7A,0x26,0x4A, 0x21,0x54,0x5A, 0x46,0x71,0x38, 0x20,0x2B,0x79,
    0x26,0x66,0x32, 0x63,0x2A,0x57, 0x2A,0x58,0x6C, 0x76,0x7F,0x2B,
    0x47,0x7B,0x46, 0x25,0x30,0x52, 0x2C,0x31,0x4F, 0x29,0x6C,0x3D,
    0x69,0x49,0x70, 0x3F,0x3F,0x3F, 0x27,0x78,0x7B, 0x3F,0x3F,0x3F,
    0x67,0x5F,0x51, 0x3F,0x3F,0x3F, 0x62,0x29,0x7A, 0x41,0x24,0x7E,
    0x5A,0x2F,0x3B, 0x66,0x39,0x47, 0x32,0x33,0x41, 0x73,0x6F,0x77,
    0x4D,0x21,0x56, 0x43,0x75,0x5F, 0x71,0x28,0x26, 0x39,0x42,0x78,
    0x7C,0x46,0x6E, 0x53,0x4A,0x64, 0x48,0x5C,0x74, 0x31,0x48,0x67,
    0x72,0x36,0x7D, 0x6E,0x4B,0x68, 0x70,0x7D,0x35, 0x49,0x5D,0x22,
    0x3F,0x6A,0x55, 0x4B,0x50,0x3A, 0x6A,0x69,0x60, 0x2E,0x23,0x6A,
    0x7F,0x09,0x71, 0x28,0x70,0x6F, 0x35,0x65,0x49, 0x7D,0x74,0x5C,
    0x24,0x2C,0x5D, 0x2D,0x77,0x27, 0x54,0x44,0x59, 0x37,0x3F,0x25,
    0x7B,0x6D,0x7C, 0x3D,0x7C,0x23, 0x6C,0x43,0x6D, 0x34,0x38,0x28,
    0x6D,0x5E,0x31, 0x4E,0x5B,0x39, 0x2B,0x6E,0x7F, 0x30,0x57,0x36,
    0x6F,0x4C,0x54, 0x74,0x34,0x34, 0x6B,0x72,0x62, 0x4C,0x25,0x4E,
    0x33,0x56,0x30, 0x56,0x73,0x5E, 0x3A,0x68,0x73, 0x78,0x55,0x09,
    0x57,0x47,0x4B, 0x77,0x32,0x61, 0x3B,0x35,0x24, 0x44,0x2E,0x4D,
    0x2F,0x64,0x6B, 0x59,0x4F,0x44, 0x45,0x3B,0x21, 0x5C,0x2D,0x37,
    0x68,0x41,0x53, 0x36,0x61,0x58, 0x58,0x7A,0x48, 0x79,0x22,0x2E,
    0x09,0x60,0x50, 0x75,0x6B,0x2D, 0x38,0x4E,0x29, 0x55,0x3D,0x3F
    )var transformed = new Array()
    for (var i=0; i<3; i++) transformed[i] = new Array()
    for (var i=31; i<=126; i++) for (var j=0; j<3; j++) transformed[j][rawData[(i-31) * 3 + j]] = (i==31) ? 9 : ivar digits = new Array()
    for (var i=0; i<26; i++)
    {
    digits["A".charCodeAt(0)+i] = i
    digits["a".charCodeAt(0)+i] = i+26
    }
    for (var i=0; i<10; i++) digits["0".charCodeAt(0)+i] = i+52
    digits[0x2b] = 62
    digits[0x2f] = 63function unescape(char)
    {
    var escapes = "#&!*$"
    var escaped = "\r\n<>@"if (char.charCodeAt(0) > 126) return char
    if (escapes.indexOf(char) != -1) return escaped.substr(escapes.indexOf(char), 1)
    return "?"
    }function decodeBase64(string)
    {
    var val = 0
    val += (digits[string.substr(0,1).charCodeAt(0)] << 2)
    val += (digits[string.substr(1,1).charCodeAt(0)] >> 4)
    val += (digits[string.substr(1,1).charCodeAt(0)] & 0xf) << 12
    val += ((digits[string.substr(2,1).charCodeAt(0)] >> 2) << 8)
    val += ((digits[string.substr(2,1).charCodeAt(0)] & 0x3) << 22)
    val += (digits[string.substr(3,1).charCodeAt(0)] << 16)
    return val
    }function strdec(encodingString)
    {var er = "#@~^"
    var stringIndex = 0
    var scriptIndex = -1
    var unEncodingIndex = 0
    var char = null
    var encodingLength = unEncodinglength = 0
    var state = STATE_COPY_INPUT
    var unEncodingString = ""
    var re, arrwhile(state)
    {
    switch (state)
    {
    case (STATE_COPY_INPUT) :
    scriptIndex = encodingString.indexOf(er, stringIndex)
    if (scriptIndex != -1)
    {
    unEncodingString += encodingString.substring(stringIndex, scriptIndex)
    scriptIndex += er.length
    state = STATE_READLEN
    }
    else
    {
    stringIndex = stringIndex==0 ? 0 : stringIndex
    unEncodingString += encodingString.substr(stringIndex, encodingString.length)
    state = 0
    }
    breakcase (STATE_READLEN) :
    encodingLength = encodingString.substr(scriptIndex, 6)
    unEncodinglength = decodeBase64(encodingLength)
    scriptIndex += (6 + "==".length)
    state = STATE_DECODE
    breakcase (STATE_DECODE) :
    if (!unEncodinglength)
    {
    stringIndex = scriptIndex + "DQgAAA==^#~@".length
    unEncodingIndex = 0
    state = STATE_COPY_INPUT
    break
    }
    char = encodingString.substr(scriptIndex, 1)
    if (char == "@") state = STATE_UNESCAPE
    else
    {
    if (char.charCodeAt(0) < 0xFF)
    {
    unEncodingString += String.fromCharCode(transformed[pick_encoding[unEncodingIndex%64]][char.charCodeAt(0)])
    unEncodingIndex++
    }
    else
    {
    unEncodingString += char

    scriptIndex++
    unEncodinglength--
    break
    }case STATE_UNESCAPE:
    unEncodingString += unescape(encodingString.substr(++scriptIndex, 1))
    scriptIndex++; unEncodinglength -=2
    unEncodingIndex++
    state = STATE_DECODE
    break
    }
    }re = new RegExp("(JScript|VBscript).encode", "gmi")
    while(arr = re.exec(unEncodingString)) unEncodingString = RegExp.leftContext + RegExp.$1 + RegExp.rightContext
    return unEncodingString
    }//-->
    </script>
    javascript的密碼
      

  8.   

    javascript 的AES加解密函數:
    http://www.movable-type.co.uk/scripts/aes.html
      

  9.   

    zhao_yong 给我的答案我很感谢,可惜小弟ASP很不行 您给的javascript也看不明白.但是还是很谢谢您.CSDN是彻底完蛋了。 开个新问题进来的80%都是来灌水混分的.但是还是要谢谢几位的帮助.截止目前偶还是没找相应的解决办法.