ConnectionStringBuilder

    內容表格
    沒有標頭

    ConnectionStringBuilder元件適用在驗證資料庫成員資格時, 他會有作用性存在. 盡可能防止在應用程式執行的非預期以及不當攻擊情況. 下面是以下相關範例代碼:
    using System;
    using System.Configuration;
    using System.Collections.Generic;
    using System.Linq;
    using System.Web;
    using System.Web.UI;
    using System.Web.UI.WebControls;
    using System.Data;
    using System.Data.Common;
    using System.Data.SqlClient;

    namespace WA_ADONET
    {
        public partial class checkconnection : System.Web.UI.Page
        {
            private const string DB_PROVIDER_NAME = "System.Data.SqlClient";

            protected void Button_Command(object sender, CommandEventArgs e)
            {
                string commandName = e.CommandName;
                switch (commandName) {
                    case "Validate":
                        string account = TxtAccount.Text;
                        string password = TxtPwd.Text;
                        string server = TxtServer.Text;
                        DbProviderFactory dbProvider = DbProviderFactories.GetFactory(DB_PROVIDER_NAME);
                        SqlConnectionStringBuilder scsBuilder =
                            (SqlConnectionStringBuilder)dbProvider.CreateConnectionStringBuilder();
                       
                        scsBuilder.DataSource = server;
                        scsBuilder.UserID = account;
                        scsBuilder.Password = password;

                        //LblConnString is a Label component
                        LblConnString.Text = scsBuilder.ConnectionString;
                        break;
                }
            }
        }
    }
    這是呈現出來的畫面:
    connstring_check1.gif
    這是正常輸入執行的情況, 但是當可能遭遇到不當的字串注入攻擊. 透過ConnectionStringBuilder元件可以盡可能防範這個安全問題. 以下是輸入異常的數值:
    connstring_check2.gif
    你可以看到ConnectionStringBuilder會自行補上安全字元, 使其在安全性上增強, 注入式攻擊會被盡量防範.

    標籤 (Edit tags)
    • No tags
    您必須 登入 才能發佈評論。
    Powered by MindTouch Core