html用ajax(Restful API)与PHP交互-PHP Tutorial-php.cn

Home

Backend Development

PHP Tutorial

html用ajax(Restful API)与PHP交互

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 06, 2016 pm 08:26 PM

php

因为移动端和PC端API共用，想这样做。
html与PHP交互，用Ajax(Restful API)方式。
1.如何保证安全性？
2.有什么要注意的地方？
3.怎样防止被别人爆刷请求？

或者说，相比MVC有什么优点和缺点？

回复内容：

因为移动端和PC端API共用，想这样做。
html与PHP交互，用Ajax(Restful API)方式。
1.如何保证安全性？
2.有什么要注意的地方？
3.怎样防止被别人爆刷请求？

或者说，相比MVC有什么优点和缺点？

1、安全性
web的东西，安全性是通用的，与你解决问题的方法无关。
比如输入校验，正常的校验是两步的（浏览器、服务器），那么对于API式的设计，是作为直接的请求，服务端对于传入数据需严格校验。
再比如访问权限。API虽然是直接暴露的访问，但是可以提供额外的必须的参数作为访问控制。而该参数的来源、方式则取决于你自己。

2、有什么要注意的地方？
这个问题真的是太广了。

3、爆刷
其实这个可以列入问题1 中。
假设传入某key值作为额外参数，那么限定该key在一定时间内的访问次数即可。这也仅仅是一个简单的处理方式。
但是如果遇到疑似CSRF的攻击，这个方式是不管用的。

实际上任何一个web应用，都可以通过抓包分析，然后自行解读为 “伪API”(非专用词)，然后对其做请求得到结果。爬虫基本上就是这个法。
那么所需要的关注的切入点就是（其实也算问题2 的回答）
1、安全
系统本身的权限等问题的安全策略
来自攻击的安全防范
2、爬虫
反爬虫相关技术。

安全问题：如果你的数据级别比较高的话用https。
防刷：服务器端多IP限制。客服端可以用js做一些加密字符串。也是可以放刷的（但是会被破解，google的passport也是这样做的。只不过他的js算法很难而已）。

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

What data can be stored in a PHP session?May 02, 2025 am 12:17 AM

PHPsessionscanstorestrings,numbers,arrays,andobjects.1.Strings:textdatalikeusernames.2.Numbers:integersorfloatsforcounters.3.Arrays:listslikeshoppingcarts.4.Objects:complexstructuresthatareserialized.

How do you start a PHP session?May 02, 2025 am 12:16 AM

TostartaPHPsession,usesession_start()atthescript'sbeginning.1)Placeitbeforeanyoutputtosetthesessioncookie.2)Usesessionsforuserdatalikeloginstatusorshoppingcarts.3)RegeneratesessionIDstopreventfixationattacks.4)Considerusingadatabaseforsessionstoragei

What is session regeneration, and how does it improve security?May 02, 2025 am 12:15 AM

Session regeneration refers to generating a new session ID and invalidating the old ID when the user performs sensitive operations in case of session fixed attacks. The implementation steps include: 1. Detect sensitive operations, 2. Generate new session ID, 3. Destroy old session ID, 4. Update user-side session information.

What are some performance considerations when using PHP sessions?May 02, 2025 am 12:11 AM

PHP sessions have a significant impact on application performance. Optimization methods include: 1. Use a database to store session data to improve response speed; 2. Reduce the use of session data and only store necessary information; 3. Use a non-blocking session processor to improve concurrency capabilities; 4. Adjust the session expiration time to balance user experience and server burden; 5. Use persistent sessions to reduce the number of data read and write times.

How do PHP sessions differ from cookies?May 02, 2025 am 12:03 AM

PHPsessionsareserver-side,whilecookiesareclient-side.1)Sessionsstoredataontheserver,aremoresecure,andhandlelargerdata.2)Cookiesstoredataontheclient,arelesssecure,andlimitedinsize.Usesessionsforsensitivedataandcookiesfornon-sensitive,client-sidedata.

How does PHP identify a user's session?May 01, 2025 am 12:23 AM

PHPidentifiesauser'ssessionusingsessioncookiesandsessionIDs.1)Whensession_start()iscalled,PHPgeneratesauniquesessionIDstoredinacookienamedPHPSESSIDontheuser'sbrowser.2)ThisIDallowsPHPtoretrievesessiondatafromtheserver.

What are some best practices for securing PHP sessions?May 01, 2025 am 12:22 AM

The security of PHP sessions can be achieved through the following measures: 1. Use session_regenerate_id() to regenerate the session ID when the user logs in or is an important operation. 2. Encrypt the transmission session ID through the HTTPS protocol. 3. Use session_save_path() to specify the secure directory to store session data and set permissions correctly.

Where are PHP session files stored by default?May 01, 2025 am 12:15 AM

PHPsessionfilesarestoredinthedirectoryspecifiedbysession.save_path,typically/tmponUnix-likesystemsorC:\Windows\TemponWindows.Tocustomizethis:1)Usesession_save_path()tosetacustomdirectory,ensuringit'swritable;2)Verifythecustomdirectoryexistsandiswrita

See all articles