dongxindu8753 2012-12-30 13:06
浏览 62
已采纳

如何在CakePHP中生成安全的私有URL?

I like to create a secure URL for a user for his entries (delete and edit links).

for ex, this is my actual URL

http://localhost/project/blogs/delete/1/test-title

what i want to do is,

http://localhost/project/blogs/delete/4324143563443/test-title (some hash made of salt+user auth id)

My main purpose is to create a secure hash along with the URL for delete and edit method. Is there any custom method's available? I searched in CakePHP Security functions http://book.cakephp.org/2.0/en/core-utility-libraries/security.html and not sure whether its the right way to do it or not sure which algorith to use)

  • 写回答

2条回答 默认 最新

  • doujiu3768 2012-12-30 13:38
    关注

    Firstly, although I am not quite clear on how/why you want to do this, it sounds like you want to "protect" these links through obscuring their URL's. This is known as "Security through Obscurity" and is generally frowned upon.

    In Cake (and most apps), the usual way to achieve this is to allow users to login (see: Auth Component) and then, for example, in your delete action (i.e. for the URL /delete/1) requests would be checked for a valid user session, and that the user has sufficient permissions to delete.

    Although I would strongly reccommend otherwise, if you did wish to create these obscure URLs then you should probably use Security::hash();. The problem with this is that you wouldn't be able to just hash the id and then determine the id from the hash directly (thats the whole point!). Instead you would need to store the hashes in the database and then query for the hash (each post could have a unique hash generated either from the id or just random data, either would do).

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

  • 如何在CakePHP生成安全私有URL php
    2012-12-30 13:06
    回答 2 已采纳 Firstly, although I am not quite clear on how/why you want to do this, it sounds like you want to
  • 如何在CakePHP使用GoogleCharts插件? php
    2014-02-16 17:47
    回答 1 已采纳 I had to think backwards for this one. The problem was that I was still trying to make use of the
  • 如何在cakephp通过外键查找数据? php
    2013-02-18 10:20
    回答 1 已采纳 You should simply be able to use 'contain':- $p_plan = $this->Product->find('all', array(
  • CakePHP快速开发应用程序
    2020-08-10 17:44
    culh2177的博客 CakePHP is a framework that provides a solid base for PHP development. It allows users at any skill level to rapidly develop robust web applications. The framework follows the principles of the MVC ...
  • 如何正确执行CakePHP 3的LEFT连接? mysql php
    2017-02-08 03:31
    回答 1 已采纳 This works in model: What I guess is your join query might working well.The important thing in ca
  • CakePHP:在routes.php重定向url php
    2015-10-28 16:50
    回答 1 已采纳 Router::connect('/old_url/*', array('controller' => 'my_controller', 'action' => 'old_url'))
  • 如何在常规PHP脚本继续CakePHP 3会话? php
    2017-10-05 15:47
    回答 1 已采纳 CakePHPs PHP session defaults (like all built-in defaults) do change the name of the cookie / the
  • CakePHP命名约定
    2017-02-27 19:04
    般若Neo的博客 CakePHP提倡约定优于配置(Convention over Configuration),在基于CakePHP的应用使用恰当的约定命名,将为你节省大量的时间。
  • 如何检查Cakephp 3是否存在元素? php
    2015-10-14 11:06
    回答 4 已采纳 file_exists() and use the Controller::$viewPath property. But this is IMHO bad practice because y
  • cakephp使用PHP Gender扩展 php
    2018-12-05 16:32
    回答 1 已采纳 Without your CakePHP code I can only guess but yes, most likely the namespace creates the problem.
  • 如何在CakePHP重写URL [关闭] php
    2014-09-15 05:56
    回答 1 已采纳 As mentioned in cakephp official documentation you can use Router class in your bootstrap.php file
  • 常用的 PHP 类库 , 资源
    2020-02-12 17:43
    AR414.com的博客 持续更新:https://github.com/ar414-com/php-source-lib 学习资源 PHP相关的有参考价值的社区,博客,网站,文章,书籍,视频等资源 PHP网站(PHP Websites) PHP The Right Way - 一个PHP实践的快速参考指导 PHP ...
  • 如何在cakephp1分钟后破坏cookie? php
    2017-02-10 12:21
    回答 2 已采纳 In cakephp 3.x as the document says you can have these paramenters CookieComponent::write(mixed $
  • php类库
    2021-07-30 08:42
    极梦网络无忧的博客 依赖管理( Dependency ...pickle - PHP扩展安装器 Melody - A tool to build one file Composer scripts. 依赖注入( Dependency Injection ) 实现依赖注入设计模式的库 Pimple - 一个小的依赖注入容器 containe
  • 常用的100个PHP类库资源和技巧
    2021-12-17 22:58
    沈恩华的博客 以便在工作迅速的查找所需,本文主要和大家分享常用的100个PHP 类库资源和技巧,希望能帮助到大家。 PHP相关的有参考价值的社区,博客,网站,文章,书籍,视频等资源 PHP网站(PHP Websites) PHP The Right Way 一个...
  • php面试题大全及答案
    2021-01-21 12:49
    艾莉宝贝的博客 PHP的运行环境最优搭配为Apache+MySQL+PHP,此运行环境可以在不同操作系统(例如windows、Linux等)上配置,不受操作系统的限制,所以叫跨平台 2、WEB开发数据提交方式有几种?有什么区别?百度使用哪种方式? ...
  • 常用php类库、资源
    2020-06-11 11:37
    逸之云的博客 学习资源 PHP相关的有参考价值的社区,博客,网站,文章,书籍,视频等资源 PHP网站(PHP Websites) ...Securing PHP - 有关PHP安全相关 PHP FIG - PHP框架交互小组 PSR 文翻译 PHP School - 一个
  • php 面试常问的题目2
    2020-07-05 22:43
    nzz_171214的博客 PHP的运行环境最优搭配为Apache+MySQL+PHP,此运行环境可以在不同操作系统(例如windows、Linux等)上配置,不受操作系统的限制,所以叫跨平台 2、WEB开发数据提交方式有几种?有什么区别?百度使
  • PHP面试题大全
    2019-12-20 09:54
    Rudon滨海渔村的博客 系统限制,只显示了2902行,请下载完整版: ...回答:PHP全称:Hypertext Preprocessor,是一种用来开发动态网站的服务器脚本语言。 问题:什么是MVC? 回答:MVC由Model(模型), View(视图...
  • php面试常问的题目2
    2019-03-14 09:13
    qq_37138818的博客 PHP专业面试题汇总 一、PHP基础: 二、数据库部分 三、面向对象部分 四、ThinkPHP部分 五、smarty模板引擎 ...六、二次开发系统(DEDE...PHP的运行环境最优搭配为Apache+MySQL+PHP,此运行环境可以在不同操作系统...
  • 没有解决我的问题, 去提问

悬赏问题

  • ¥15 vue3页面el-table页面数据过多
  • ¥100 vue3中融入gRPC-web
  • ¥15 kali环境运行volatility分析android内存文件,缺profile
  • ¥15 写uniapp时遇到的问题
  • ¥15 vs 2008 安装遇到问题
  • ¥15 matlab有限元法求解梁带有若干弹簧质量系统的固有频率
  • ¥15 找一个网络防御专家,外包的
  • ¥100 能不能让两张不同的图片md5值一样,(有尝)
  • ¥15 informer代码训练自己的数据集,改参数怎么改
  • ¥15 请看一下,学校实验要求,我需要具体代码