-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathCleartextStorage.cs
More file actions
27 lines (24 loc) · 882 Bytes
/
CleartextStorage.cs
File metadata and controls
27 lines (24 loc) · 882 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
using System.Text;
using System.Web;
using System.Web.Security;
public class CleartextStorageHandler : IHttpHandler
{
public void ProcessRequest(HttpContext ctx)
{
string accountName = ctx.Request.QueryString["AccountName"];
// BAD: Setting a cookie value with cleartext sensitive data.
ctx.Response.Cookies["AccountName"].Value = accountName;
// GOOD: Encoding the value before setting it.
ctx.Response.Cookies["AccountName"].Value = Protect(accountName, "Account name");
}
/// <summary>
/// Protect the cleartext value, using the given type.
/// </summary>
/// <value>
/// The protected value, which is no longer cleartext.
/// </value>
public string Protect(string value, string type)
{
return Encoding.UTF8.GetString(MachineKey.Protect(Encoding.UTF8.GetBytes(value), type));
}
}