dongsong73032 2015-08-27 18:15
浏览 115
已采纳

PHP - 防止F12提交黑客攻击

Im developing a PHP webapp which have user profiles to create & modify & delete (you know)

When I modify I profile I send the $userID to the PHP page and then I load all the user data. That $userID is store into a hidden input because I need it to launch the UPDATE query after submit.

I have noticed that user can press F12 and change that userID to another one and could modify (or delete) other user profile.

Sorry if is a stupid question, I suppose that this is a common problem in forms submitting, but I don't know how you face it (what is the most secure strategy in this case).

Please help :-)

  • 写回答

1条回答 默认 最新

  • douxin2002 2015-08-27 18:40
    关注

    You should not expose a sensitive ID/data. there is no "security" practice doing that.

    you should use a session variable, as @cmrrissey suggestion

    @session_start(); #at before any outputscript $_SESSION['userID'] = $senstiveId;

    Also, You should not rely on the frontend validations. you must re-check/validate on your server, what is your end user sending to you.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 执行 virtuoso 命令后,界面没有,cadence 启动不起来
  • ¥50 comfyui下连接animatediff节点生成视频质量非常差的原因
  • ¥20 有关区间dp的问题求解
  • ¥15 多电路系统共用电源的串扰问题
  • ¥15 slam rangenet++配置
  • ¥15 有没有研究水声通信方面的帮我改俩matlab代码
  • ¥15 ubuntu子系统密码忘记
  • ¥15 保护模式-系统加载-段寄存器
  • ¥15 电脑桌面设定一个区域禁止鼠标操作
  • ¥15 求NPF226060磁芯的详细资料