简单的PHP服务器 - 验证传入的查询/命令[关闭]

I'm developing an application composed of two elements: a simple PHP server interacting with a SQL DB and a client which on certain events will send information to the server to log.

I would like a way to somehow verify (on the server's side) that the incoming query is indeed coming from my client, because there is a possibilty that someone will decompile the client file and see how I connect and send commands to the server, and that would let them inject false data.

I have no idea how to do such a mechanism though simply because anything I implement in the client could (theoretically) be viewed after decompilation process. Or maybe obfuscation is a solution in this case?

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
dongnachuang6635 2013-12-31 19:39
关注
If someone is intrepid enough to decompile your client, they will simply write their own client using your mechanism and there's no way you can distinguish the two. No amount of "authentication" will stop that. (Like for example, if someone gets my private SSH key, game over: they are me until those keys are revoked.)

The best you can do is make it hard for them to decompile, detect intrusion, and limit damage. Some ideas, but you really should consider the attack patterns you expect to face:

Only allow the client to execute certain commands with certain parameters

Do not allow any more than the expected number of commands per time period

Limit the IP from which those certain commands can come

Be able to revoke client privileges on the server

PS: Expect this question to be closed or at least downvoted. It's not about code, but about design.
本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

简单的PHP服务器 - 验证传入的查询/命令[关闭] php
2013-12-31 19:27

回答 1 已采纳 If someone is intrepid enough to decompile your client, they will simply write their own client us
PHP输出1-100的质数 php
2021-05-16 11:53

回答 1 已采纳 <?php header("content-type:text/html;charset=utf-8"); function getPrime($num){ $s=""; for (
为什么/ tmp / go-build644681611 / command-line-arguments / _obj / exe传入运行
2013-06-09 21:25

回答 1 已采纳 go run will compile (go build) your source into the system TEMP or TMP environment variable, then
Pikachu----文件包含/下载/上传
2022-12-31 12:18

橙子学不会.的博客 image/jpeg image/php，不会成功 image/php，上传文件.jpg，同样也不会成功蚁剑连接代码 MIME类型，在HTTP request报文中MIME类型在Content-Type字段体现。 $mime是一个包含合法MIME类型的数组，也就是MIME类型...
使用PHP将HTML值传递给url html javascript php
2019-04-11 15:54

回答 1 已采纳 You can send quantity and value to PHP and save it in a session. Then you first look for these 2 v
使用PHP的Google Drive API - 刷新令牌获取消息'刷新令牌的问题必须传入或设置为setAccessToken的一部分' php
2018-09-18 23:55

回答 1 已采纳 Finally the token refresh works, I had to add this line $client->setAccessType("offline"); in o
php中数据库语句的变量传入问题 html5 php sql 数据库
2017-03-17 07:42

回答 2 已采纳这个要不你写一个隐藏标签，要不你在哪个sql页面直接调用时间函数，将变量传入sql。
php接口如果验证响应头,geetest-验证-server-sensebot-api
2021-05-06 08:38

weixin_39668571的博客 SDK内部与极验监控交互接口重点备注接口路径说明重点/v1/bypass_status.php极验监控接口1、该接口是独立于行为验证现有通讯流程之外的服务可用性监控接口，可以通过轮询机制请求该接口，通过接口返回的状态标识确认...
php打开，读取，传入/从mysql数据库传输 mysql php
2012-03-30 02:46

回答 2 已采纳 If i understood the problem right. You are trying to read from a file and store it into a database
使用PHP将传入的数字添加到MySQL单元格 mysql php
2017-07-09 18:22

回答 2 已采纳 update field to add value to existing value: UPDATE table SET value = value + $number WHERE id =
使用php / ajax选择下拉列表后，从数据库获取客户信息 ajax mysql php
2014-02-24 16:29

回答 2 已采纳 You need some small AJAX function to do that: jQuery(document).ready(function($){ $('[name="s
query-auth：REST API查询身份验证的签名生成和验证
2021-03-01 16:03

查询身份验证掌握：开发： REST API查询身份验证的签名生成和验证API查询认证大多数API需要某种查询身份验证，通常是一种使用API密钥和签名对API请求进行签名的方法。签名通常是使用共享机密生成的。使用API...
在COUNT查询上传递静态值（PHP / MySQL） mysql php sql
2014-01-20 02:29

回答 1 已采纳 Your first version is fine, almost. It just needs a comma: SELECT 'PX' AS Site, COUNT(URL) AS nu
php将POST方法传入进来的用户名和密码进行sql验证
2022-12-27 15:14

御坂10057的博客 PHP 中可以使用如下的代码来将 POST 方法传入的用户名和密码进行 SQL 验证: $username = $_POST['username']; $password = $_POST['password']; $conn = mysqli_connect('localhost', 'user', 'password', '...
【漏洞靶场】文件上传只验证Content-type绕过--upload-labs
2022-04-23 23:17

Edward Hopper的博客在upload-labs第二关中就是采用了限制content-type 的类型做文件上传的限制，先在本地写php脚本若上传成功，且知道上传后文件在网站保存的路径，可通过网页访问获得服务器配置信息，命名为z.php 上传后发现返回...
curl命令
2021-05-02 14:17

爱上的云的博客 curl是一个非常实用的、用来与服务器之间传输数据的工具；支持的协议包括 (DICT, FILE, FTP, FTPS, GOPHER, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, POP3, POP3S, RTMP, RTSP, SCP, SFTP, SMTP, SMTPS, TELNET and ...
支付宝php sdk如何使用,支付宝SDK怎么用啊？
2021-04-07 08:25

鱼利安的博客 } /** * 获取远程服务器ATN结果,验证返回URL * * 验证结果集： * invalid命令参数不对出现这个错误，请检测返回处理中partner和key是否为空 * true 返回正确信息 * false 请检查防火墙或者是服务器阻止端口问题...
没有解决我的问题, 去提问

悬赏问题

¥15 如何用Labview在myRIO上做LCD显示？(语言-开发语言)
¥15 Vue3地图和异步函数使用
¥15 C++ yoloV5改写遇到的问题
¥20 win11修改中文用户名路径
¥15 win2012磁盘空间不足,c盘正常，d盘无法写入
¥15 用土力学知识进行土坡稳定性分析与挡土墙设计
¥70 PlayWright在Java上连接CDP关联本地Chrome启动失败,貌似是Windows端口转发问题
¥15 帮我写一个c++工程
¥30 Eclipse官网打不开，官网首页进不去，显示无法访问此页面，求解决方法
¥15 关于smbclient 库的使用

简单的PHP服务器 - 验证传入的查询/命令[关闭]

1条回答 默认 最新

悬赏问题

1条回答默认最新