偽造ip各種方式
http://devco.re/blog/2014/06/19/client-ip-detection/
Nlog取得Server變數
http://kevintsengtw.blogspot.tw/2011/10/nlog-advanced-net-logging-3.html
圖形驗證
Google reCaptcha
https://www.google.com/recaptcha/intro/index.html?utm_source=twitterfeed&utm_medium=twitter
缺點:需申請API Token
Nuget package BotDetect CAPTCHA
https://captcha.com/asp.net-captcha.html
.NET防止跨站腳本攻擊 Xss (Xross-Site-Scripting)
Nuget AntiXss 4.3
https://dotblogs.com.tw/mis2000lab/2014/11/04/microsoft_anti-xss_v43
.NET防止跨站偽造請求攻擊 CSRF (Cross-Site Request Forgery)
Controller --> [ValidateAntiForgeryToken]
View -- >@Html.AntiForgeryToken()
http://kevintsengtw.blogspot.tw/2013/01/aspnet-mvc-validateantiforgerytoken.html
訂閱:
張貼留言 (Atom)
沒有留言:
張貼留言