doucuo1642 2011-02-11 05:31
浏览 22
已采纳

Javascript如何安全地访问用户信息?

When a user clicks on my green button, I need Javascript to detect this and pass the $UserID and $ActivityID to the server to be stored in the database.

But what's the best way for JS to securely get this info and send it to the server? I've been hiding variables in the HTML:

HTML:

 <div class="green-button">Add it</div>
 <input type="hidden" class="u" value = " <?php $UserID ?>  "/> 
 <input type="hidden" class="a" value = " <?php $ActivityID ?>  "/>

jQuery:

jQuery('.green-button').click(function(event){
var $UserID = jQuery(this).siblings('input').hasClass('u').attr('value');
var $ActivityID = jQuery(this).siblings('input').hasClass('a').attr('value');
// rest of the code...

However, this doesn't seem secure. What if someone uses Firebug to change the HTML and then clicks on the button? Won't garbage be written into the dbase?

Thanks for the tips.

  • 写回答

4条回答 默认 最新

  • dongyongyu0789 2011-02-11 05:36
    关注

    Well, you need to explain as which sort of security are you looking for. Are you looking to secure the data sent over the network? If so, then you'll have to opt for SSL certificate and send data AS post over it.

    But, if you want the data to be invisible to the user, then there is no such way to do it, since if anyone is reading the packets sent from his machine, he can easily figure out what data is being sent over.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(3条)

报告相同问题?

悬赏问题

  • ¥15 关于#matlab#的问题:在模糊控制器中选出线路信息,在simulink中根据线路信息生成速度时间目标曲线(初速度为20m/s,15秒后减为0的速度时间图像)我想问线路信息是什么
  • ¥15 banner广告展示设置多少时间不怎么会消耗用户价值
  • ¥16 mybatis的代理对象无法通过@Autowired装填
  • ¥15 可见光定位matlab仿真
  • ¥15 arduino 四自由度机械臂
  • ¥15 wordpress 产品图片 GIF 没法显示
  • ¥15 求三国群英传pl国战时间的修改方法
  • ¥15 matlab代码代写,需写出详细代码,代价私
  • ¥15 ROS系统搭建请教(跨境电商用途)
  • ¥15 AIC3204的示例代码有吗,想用AIC3204测量血氧,找不到相关的代码。