dsw7547 2017-06-15 16:16
浏览 34

php://输入安全吗? 如果没有,如何保护它?

I recently watched video tutorial about Facebook Messenger Bot. To get messages from user who used my messenger bot, facebook send raw json to my server using php://input and then the my server send them back to facebook as a reply messages. Facebook didn't use any parameters for forwarding users messages to my server. I just afraid that someone attacking or gathering info about my server using my messenger bot.

Sample code that Mr.Tutorial used :

file_put_contents("fb.txt", file_get_contents("php://input"));

And here is the video : https://www.youtube.com/watch?v=E2KOqRceipM

  • 写回答

1条回答 默认 最新

  • duanjianao0592 2017-06-18 17:27
    关注

    php://input isn't any more or less secure than your telephone. If you pick up the phone and someone tells you to burn your house down, do you burn your house down? Probably not.

    If you do something like exec(php://input) (psuedocode), you're going to have a bad day. If instead you just read the input stream and properly handle the data you're getting, you're fine.

    There's nothing inherently secure or insecure about the input stream. It's what you do with it that matters.

    评论

报告相同问题?

悬赏问题

  • ¥15 (标签-Python|关键词-socket)
  • ¥15 keil里为什么main.c定义的函数在it.c调用不了
  • ¥50 切换TabTip键盘的输入法
  • ¥15 可否在不同线程中调用封装数据库操作的类
  • ¥15 微带串馈天线阵列每个阵元宽度计算
  • ¥15 keil的map文件中Image component sizes各项意思
  • ¥20 求个正点原子stm32f407开发版的贪吃蛇游戏
  • ¥15 划分vlan后,链路不通了?
  • ¥20 求各位懂行的人,注册表能不能看到usb使用得具体信息,干了什么,传输了什么数据
  • ¥15 Vue3 大型图片数据拖动排序