This article is a spanzhang original, its blog address is: http://blog.9cbs.net/spanzhang. Quote or repost, please indicate the source, thank you! ! The current website has basically had a background database, and this stuff has become an attack focus. It has become a common attack method from the URL to become a common attack method, which is the same for those web pages that have been written in order to improve the search rate. I will basically solve the risk of attacks below, but there are also some small drawbacks. YES, the easiest way to think is to display the URL parameters on the client. But this is basically unlike, it is not a technology, because it will be exhausted, and the program structure (readability) will be seriously threatened. The method is to encrypt the URL parameter section, so that the attacker can put an article on the URL, and the search rate of the web page will not be too much affected, but the URL of the web page will no longer be good. A simple example is as follows: http: //192.168.0.1/app1/editProfile__AsamrlDcFZr0a0eTdqX0U0U8c81rzSzfBgYJCf6iQXB.aspx wherein, double underline "__" is divided, a subsequent AsamrlDcFZr0a0eTdqX0U0U8c81rzSzfBgYJCf6iQXB parameter list is encrypted, it is decrypted userId = 13972 & action = delete. The above URL will be treated to: http:///192.168.0.1/app1/EditProfile.aspx? Userid = 13972 & action = delete additional
