ASP .NET MVC sensitive data

2018-06-07 01:43:27

Let's suppose a user enters sensitive data (like SSN, etc) in a HTML input (textbox) on a page in a MVC web app.

What would be the way to secure that piece of data before sending it (either thru form-post, URL query string, etc). Does ASP .NET MVC provides a mechanism to do that?

PS I'd like to know how to do it with MVC, not HTTPS or something else based on infrastructure/transport/etc

The only (achievable) way to securely send any sensitive message between a web server and a client's web browser is via HTTPS/SSL - otherwise, your message will always be interceptable by a MITM attack, which is not really possible with a proper HTTPS setup (and this post too).

You could theoretically role out a custom-JS encryption and a custom decryption, but even then, your JS can easily be unminified and eventually de-obfuscated, assuming it was even obfuscated to begin with, which would no longer secure your custom encryption, assuming you could've gotten it working securely to begin with.

This answer goes into more detail on why you cannot secure a web application without HTTPS/SSL.

MVC is just an architectural design pattern which microsoft set it as a standard for developing web apps. And many other frameworks use MVC as pattern for developing web apps under their framework(exp. Spring MVC). Basically MVC is everywhere, don't get confused if you don't see Model, View, Controller folders, believe me it's there. So about sensitive information, there is mechanism to prevent Cross-Site Request Forgery and other hacks, but if your sending requests over http, it's useless, you are sending naked request that everybody can easily sniff. So that's why https is always used where sensitive data is being passed from your computer to server. Every time you open connection to server, for example posting form, https will provide you encrypted communication with server where you can pass sensitive data without any concern. That's basic concept, and it's applied whatever framework you choose. So your answer is NO. Here is the link how you can protect asp.net app.

链接地址: http://www.djcxy.com/p/21748.html

上一篇: 在Python中验证Peer

下一篇: ASP .NET MVC敏感数据