I am seeking the strongest security measure for people changing the IDs in the URL for comments, blogs, inbox etc...
Any suggestions?
为$ _GET id实施强大安全标准的最佳方法是什么?
- 写回答
- 好问题 0 提建议
- 追加酬金
- 关注问题
分享- 邀请回答
-
6条回答 默认 最新
- dou448172583 2009-12-07 20:35关注
Validating the data you get is a great idea, if you're expecting digit, make sure you get digits.
if(isset($_GET['id']) && ctype_digit($_GET['id'])) { $id = $_GET['id']; }else { $id = 0; }If your concern is people changing urls to see things, like requesting image 44 when you only wanted to show them image 42 you've got a few options:
- Include various checks on the page to ensure the user has the appropriate permission to use the item.
- Hash the item in the url to make items immutable.
- Don't use sequential numbers, use random numbers or hashes.
本回答被题主选为最佳回答 , 对您是否有帮助呢?解决 无用评论 打赏举报 分享
- 2009-12-07 20:07回答 6 已采纳 Validating the data you get is a great idea, if you're expecting digit, make sure you get digits.
- 2019-06-26 19:54回答 5 已采纳 预定义的 $_GET 变量用于收集来自 method="get" 的表单中的值,具体来说是获取通过get方式传递url中的参数。 举个例子: ``` 名字:
- 2011-05-03 19:47回答 4 已采纳 The @ is the error suppression operator. In this specific context, it's a (wrong!) way to avoid P
- 2020-08-31 18:57culh2177的博客 wordpress安全 This article is part of a series created in partnership with SiteGround. Thank you for supporting the partners who make SitePoint possible. 本文是与SiteGround合作创建的系列文章的一部分...
- 2019-03-13 20:36回答 1 已采纳 Don't use strpos() for this. If you have cat=101,11 and you call setorunset(10) it will match the
- 2014-10-10 09:46回答 1 已采纳 As a mega quick and dirty hack, you could use array_walk. array_walk($_GET, function($value, $key
- 2011-04-13 22:39回答 3 已采纳 Could be error settings, similar issue answered here.
- 2022-03-17 07:23????27282的博客 不安全的文件上传基本原理(File upload vulnerabilities) 什么是文件上传漏洞? 常用1句话(密码全为1) Godzilla YYDS Raw or Base64 加密器区别 生成的面杀shell对比 pikachu clientcheck servercheck getimagesize ...
- 2021-08-25 18:21回答 1 已采纳 这个代码总的来说就是用popen执行传入的命令(command),和popen的链接的模式(parameter),如果2个参数都未传入,则以php高亮语法显示当前这个脚本源代码。比较像后面,除非有特殊
- 2015-05-24 06:47回答 2 已采纳 You can try this way $classNamespace = "\App\Identification\"; $class=$_GET['class_name']; $path
- 2015-04-03 11:32回答 1 已采纳 Try with location.reload(true); //It load document from server If you write location.reload() t
- 2018-11-28 16:37fly_on_the_sky的博客 ==========================================PHP=================================================== 1:请用最简单的语言告诉我PHP是什么? PHP全称:Hypertext ...2:什么是MVC? MVC由Model(模型), View(...
- 2018-05-22 07:28回答 1 已采纳 Of course Go can load x509 private keys, but there is no "do-what-I-want" function, such as openss
- 2023-05-09 10:52GARY-JAY的博客 300个业务集体下线了 所以虚拟化迁移是一个大工程,这就是为什么后来发展到容器时代 四、Docker 容器化时代 容器类似于 VM,但是更宽松的隔离特性,使容器之间可以共享操作系统(OS)。 因此,容器比起 VM 被认为是...
- 2024-04-27 14:192401_84264630的博客 例如,在授权过程中,API 的消费者和提供者均不直接进行授权操作,而是让 OAuth 作为委托协议,为 API 添加一个基本的保护层,并在此基础上让 OpenID Connect 标准作为额外的身份层,使用 ID 令牌去扩展 OAuth2.0。...
- 没有解决我的问题, 去提问
悬赏问题
- ¥15 Centos7 / PETGEM
- ¥15 csmar数据进行spss描述性统计分析
- ¥15 各位请问平行检验趋势图这样要怎么调整?说标准差差异太大了
- ¥15 delphi webbrowser组件网页下拉菜单自动选择问题
- ¥15 wpf界面一直接收PLC给过来的信号,导致UI界面操作起来会卡顿
- ¥15 init i2c:2 freq:100000[MAIXPY]: find ov2640[MAIXPY]: find ov sensor是main文件哪里有问题吗
- ¥15 运动想象脑电信号数据集.vhdr
- ¥15 三因素重复测量数据R语句编写,不存在交互作用
- ¥15 微信会员卡等级和折扣规则
- ¥15 微信公众平台自制会员卡可以通过收款码收款码收款进行自动积分吗