rsa加密_加密加密-CSDN博客

rsa加密

One of the great things about working for a design company is that you are very focused in your day to day activities. With my previous employer I was a developer, administrator, sales & marketing, customer service and tech support. I wore many hats and never got to play with ColdFusion as much as I wanted to.

在设计公司工作的一大好处是，您非常专注于日常活动。与我以前的雇主一起，我曾是开发人员，管理员，销售和市场营销，客户服务和技术支持。我戴着很多帽子，从来没有像我想的那样玩过ColdFusion。

But all this has changed! The guys (and gal) on our design team are first rate and thanks to them I’m hardening my skills and picking up new tricks here and there.

但是这一切都变了！我们设计团队中的家伙(和gal)是一流的，并且由于他们，我能加强自己的技能并在这里和那里找到新的技巧。

One of these tricks involves the cfusion_encrypt() and cfusion_decrypt() functions. These two functions are undocumented and might not be available to users on shared hosting plans since they are part of the ColdFusion backend & management. So you’re forewarned to test before rushing out and deploying it on a production environment.

这些技巧之一涉及cfusion_encrypt()和cfusion_decrypt()函数。这两个功能是未记录的，并且对于共享托管计划的用户可能不可用，因为它们是ColdFusion后端和管理的一部分。因此，事先警告您进行测试，然后再匆忙将其部署到生产环境中。

The reason cfusion_encrypt() and cfusion_decrypt() are unique and different from there documented encrypt() and decrypt() functions is because the resulting encrypted string will contain only letters and numbers. Therefore it’s ideal for URL’s and inserting data into a database, but not for passwords or other more sensitive information.

cfusion_encrypt()和cfusion_decrypt()之所以唯一且与已记录的crypto()和crypto()函数不同，是因为生成的加密字符串仅包含字母和数字。因此，它是URL并将数据插入数据库的理想选择，而不适合密码或其他更敏感的信息。

So do yourself a favor and don’t use these functions for really important data, like passwords, or private information. BUT they are great for encrypting your URL strings thereby hiding your variables and possibly preventing a SQL injection attack on your site.

因此，请帮自己一个忙，不要将这些功能用于真正重要的数据，例如密码或私人信息。但是它们非常适合加密您的URL字符串，从而隐藏您的变量并可能防止您站点上SQL注入攻击。

To do this just follow this bit of code.

为此，只需遵循以下代码。

First you need to encrypt your URL string like so:

首先，您需要像这样加密您的URL字符串：

The above code will take the “show=userData&secretid=#secretid#&userid=#userID#” and encrypt it into a URL friendly string. The “MyPassw0rd” portion of this function is the key to locking and unlocking this string. Without this key I can’t unlock the encrypted string, and neither can anyone else.

上面的代码将采用“ show = userData＆secretid =＃secretid＃＆userid =＃userID＃”并将其加密为URL友好字符串。该函数的“ MyPassw0rd”部分是锁定和解锁此字符串的关键。没有此密钥，我将无法解锁加密的字符串，其他任何人也不能。

Now when a user clicks on this link their URL should look something like:

现在，当用户单击此链接时，其URL应该类似于：

http://www.example.com/index.cfml?pass=JLASW5UTHOUHIUGL9STIASLAV4ECLA91ATR6EMLAJLE37UQIET9AMLE6IEM9AGOE

Now since it’s encrypted you’ll need to decrypt the string and then make the variables something you can actually use.

现在，由于已加密，因此您需要解密字符串，然后使变量真正可用。

For this we use the following bit of code:

为此，我们使用以下代码：

a:: #listFirst(thisVar,'=')# = #listLast(thisVar,'=')#

a :: #listFirst(thisVar，'=')＃= #listLast(thisVar，'=')＃

The above code first sets our decrypted string to the variable “thisURLString”. Then we loop over this string, after it’s been decrypted, we reset the variables as local variables within our page. You could set these to any scoped variable you desire, such as URL, SESSION or even APPLICATION.

上面的代码首先将解密后的字符串设置为变量“ thisURLString”。然后，我们对该字符串进行遍历，将其解密后，将变量重置为页面内的局部变量。您可以将它们设置为所需的任何范围变量，例如URL，SESSION甚至APPLICATION。

The idea here is to use this not for 100% application security but more as a hurdle for people to overcome and possibly prevent SQL Injection attacks. It’s also a great way to hide the inner workings of your site.

这里的想法不是将其用于100％的应用程序安全性，而更多地是人们克服并可能防止SQL注入攻击的障碍。这也是隐藏网站内部运作方式的好方法。

Enjoy and if you have a cool trick be sure to post it in the ColdFusion Forums here at SitePoint.com

尽情享受，如果您有很棒的窍门，请务必将其发布在SitePoint.com的ColdFusion论坛中