I have a question about stopping spoofed form submissions. How about if by using the $_SERVER['HTTP_REFERER']
I only allow submissions to my forms coming from my website? Would that help?! Thanks!
停止欺骗表单提交
- 写回答
- 好问题 0 提建议
- 追加酬金
- 关注问题
- 邀请回答
-
11条回答 默认 最新
- dqs86517 2012-02-08 23:08关注
It would help, and it's fairly easy thing to add but it wont stop a targeted attack, after all you can spoof a
HTTP_REFERER
header.One thing to keep in mind is that a client is not required to send a
HTTP_REFERER
, so if the header is missing you might want to allow submissions anyway. If this is not possible, then checkingHTTP_REFERER
wont help you.Run a search for CAPTCHA "Completely Automated Public Turing test to tell Computers and Humans Apart", this is what you're really looking for.
本回答被题主选为最佳回答 , 对您是否有帮助呢?解决 无用评论 打赏 举报
悬赏问题
- ¥15 拟通过pc下指令到安卓系统,如果追求响应速度,尽可能无延迟,是不是用安卓模拟器会优于实体的安卓手机?如果是,可以快多少毫秒?
- ¥20 神经网络Sequential name=sequential, built=False
- ¥16 Qphython 用xlrd读取excel报错
- ¥15 单片机学习顺序问题!!
- ¥15 ikuai客户端多拨vpn,重启总是有个别重拨不上
- ¥20 关于#anlogic#sdram#的问题,如何解决?(关键词-performance)
- ¥15 相敏解调 matlab
- ¥15 求lingo代码和思路
- ¥15 公交车和无人机协同运输
- ¥15 stm32代码移植没反应