ASP.net ×ÔÖÆTableTreeʵÏÖ
using System;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
namespace UserControl.UI
{
/// <summary>
/// TreesTable µÄժҪ˵Ã÷¡£
/// </summary>
public class TreesTable
{
public interface iTrees
{
void AddNode(Trees node);
Control NodeItem{get;}
Control Title{get;set;}
}
public class Trees:Control,iTrees
{
private Control m_TreeNodeCollect;
private Control m_TitleControl;
private string m_TextTitle;
private HtmlTable m_HtmlTabe;
private string m_script;
private const string SCRIPT="<script language='javascript'>{0}</script>";
public Trees()
{
m_TreeNodeCollect = new Control();
m_HtmlTabe = new HtmlTable();
//Java script
m_script = string.Format(SCRIPT,
"function ShowObject(showObjName){var showObj1=showObjName; if(showObj1.style.display=='none'){showObj1.style.display='block';}else{showObj1.style.display='none';}}");
}
public Trees(string title)
{
m_TreeNodeCollect = new Control();
m_HtmlTabe = new HtmlTable();
//Java script
m_script = string.Format(SCRIPT,
"function ShowObject(showObjName){var showObj1=showObjName; if(showObj1.style.display=='none'){showObj1.style.display='block';}else{showObj1.style.display='none';}}");
TextTitle = title;
}
Ïà¹ØÎĵµ£º
Trustwave's SpiderLabs Security Advisory TWSL2010-001:
Multiplatform View State Tampering Vulnerabilities
Published: 2010-02-08 Version: 1.1
SpiderLabs has documented view state tampering
vulnerabilities in three products from separate vendors.
View states are used by some web application frame ......
ÔÚʹÓÃasp.net±àдwebserviceʱ£¬Ä¬ÈÏÇé¿öÏÂÊDz»Ö§³ÖsessionµÄ£¬µ«ÎÒÃÇ¿ÉÒÔ°ÑWebMethodµÄEnableSessionÑ¡ÏîÉèΪtrueÀ´ÏÔʽµÄ´ò¿ªËü£¬Çë¿´ÒÔÏÂÀý×Ó£º
1 н¨ÍøÕ¾WebSite
2 н¨web·þÎñWebService.asmx£¬Ëü¾ßÓÐÒÔÏÂÁ½¸ö·½·¨£º
C#-Code:
[WebMethod(EnableSession = true)]
public string Login( ......
ÓÐЩwebÓ¦ÓÃÔÚ¿ÉÒÔ´¦ÀíÓû§·ÃÎÊ֮ǰ£¬ÐèҪװÔغܶàµÄÊý¾Ý£¬»ò×öһЩ»¨·ÑºÜ´óµÄ³õʼ»¯´¦Àí¡£½ñÌìʹÓà ASP.NET µÄ¿ª·¢ÈËÔ±¾³£Ê¹ÓÃÓ¦ÓõÄGlobal.asax ÎļþÖÐµÄ “Application_Start”ʼþ´¦Àíº¯ÊýÀ´×öÕâЩ¹¤×÷£¨¸ÃʼþÊÇÔÚµÚÒ»¸öÇëÇóÖ´ÐÐʱ´¥·¢µÄ£©¡£ËûÃÇҪôÉè¼Æ¶¨Öƽű¾£¬ÖÜÆÚÐÔµØÏòÓ¦Ó÷¢¼ÙµÄÇëÇó£¬À´“»½Ð ......
WebÒ³ÃæÊÇÎÞ״̬µÄ£¬ ·þÎñÆ÷¶Ôÿһ´ÎÇëÇó¶¼ÈÏΪÀ´×Ô²»Í¬Óû§£¬Òò´Ë£¬±äÁ¿µÄ״̬ÔÚÁ¬Ðø¶ÔͬһҳÃæµÄ¶à´ÎÇëÇóÖ®¼ä»òÔÚÒ³ÃæÌøתʱ²»»á±»±£Áô¡£ÔÚÓÃASP.NET Éè¼Æ¿ª·¢Ò»¸öWebϵͳʱ£¬ Óöµ½Ò»¸öÖØÒªµÄÎÊÌâÊÇÈçºÎ±£Ö¤Êý¾ÝÔÚÒ³Ãæ¼ä½øÐÐÕýÈ·¡¢°²È«ºÍ¸ßЧµØ´«ËÍ£¬Asp.net ÌṩÁË״̬¹ÜÀíµÈ¶àÖÖ¼¼ÊõÀ´½â¾ö±£´æºÍ´« ......
ÕâÀàÎÊÌâͨ³£ÔÚÕûºÏ»ò¶þ´Î¿ª·¢ASPÍøվʱÓöµ½¡£°´³£ÀíÀ´Ëµ£¬ä¯ÀÀÆ÷µÄCookie´æ·ÅÔÚ¿Í»§¶Ë£¬Êµ¼ÊÉÏÓë·þÎñ¶ËʹÓÃʲôÓïÑÔÎ޹أ¬µ«ÎÒÃÇÔÚʵ¼Ê²Ù×÷¹ý³ÌÖУ¬×Ü»áÓöµ½Ò»Ð©ÒâÏë²»µ½µÄÎÊÌâ¡£
1. µ±ASPдµÄCookieµÄKeyÖдøÓÐÏ»®Ïߣ¬ÀýÈçÎÒÃÇÔÚASPÖÐÕâÑùÉèÖÃCookie:
......
