$_POST安全, 如何避免跨域提交?
我有一些AJAX页面,提交并链接数据库,最近怀疑有人用fsockopen或者curl模拟POST表单,偷取我的数据库资料。
如何避免$_POST跨域提交?
可否在apache里设置?或者用$_SERVER之类的进行判别?
------解决方案--------------------
1.如果能设定数据的访问权限,比如说只有登录会员才可查看,这样会给别人的抓取造成一定难度。但这个障碍总能被解决的。
2.分析访问日志,从服务器级别限制可疑IP访问。
3.记录每个IP的操作密度,较频繁的可不定时要求输验证码
------解决方案--------------------
一个token 或者一个验证码就解决了...
或者上面说的产生一个 全局变量 验证一下
------解决方案--------------------
如版主所说,生成令牌验证再对频繁提交的IP设置验证码即可。
------解决方案--------------------
用session生成令牌,提交之后验证session,合法则马上注销这个session,确保每次都有一个新的令牌.
------解决方案--------------------
除了不友好的验证码之外,没有别的方法
不过简单些的验证码也是可以机器识别的
你是些AJAX页面,所以验证码也是不能用的
可以考虑请求数据部分的 js 代码也是动态产生的
这样窃取者如不能动态解析 js 就无法获取数据了
------解决方案--------------------
使用验证,加hash。这些hash值绑定时间,
(1)设定时间内失效
(2)加密方式根据时间日期变化
------解决方案--------------------
作为一个长期数据搜集者,很遗憾地告诉你,上面说的方法都能应付
但作为php学得比你早,还知道点市场运作知识的人,我给你的建议有下面这些(基于开放数据内容):
1.最重要的一点:你要搞清防范的对象,像我这样的人(看最后),你防也没用,也没必要,关键是防你公司的竞争对手
2.基于第1点,也没必要做全数据库防范,那是防黑客层面的工作,只需要在关键数据上面做手脚就行了
什么是关键数据?对商城来说,价格就是关键数据,淘宝为何不防范?因为不是淘宝自己在卖东西……完毕
3.任何的防范工作必然会导致用户体验降低,流失客户的损失和防范少数小偷的得益之间的比较,需要衡量
4.真的要防范的话――
1) 防机器不防人,区别是什么?前者读代码,后者读文字(肉眼),所以从这点出发最重要
2) 基于上面第2点,最好和市场部协同,找对重要数据
3) 抓数据有三个步骤:开发爬虫、抓取过程、重组数据,针对增加开发难度,没必要,也没办法;针对抓取增加难度,这个上述第3点说了,慎重对待,最好针对“时间”做文章;最好把着眼点放在重组数据的难度,就是说抓到了也很难用程序重组,这个就要看你的能力了
4) 大公司应该从公司层面做对付小偷的工作,例如诉讼,这样更显得公司的大气形象;小公司一般服务对象比较固定,采用“信任”机制会更好,例如一些数据只对特定人员开放
……
总的来说应该结合商业模型,不要技术部全扛下来
补充3)所说的举例方案:
A: 如唠叨所说,某些东西用js“拼”出来,直接写出来不行,那还是完整结果;这是因为现在懂调用js引擎运算结果的人还很少
B: 以前帮别人做过这样的事――四位数,用N(某数量4,随机)张图片显示,从代码看这N张图片代码完全一致,取回的字节数也接近,但目视只有4张显示出所需要的数字(结合网页底色),当时这个方法使用相当一段时间都有效,但随着OCR的程序越来越简单,这个方法也失效了,但原理还是有用的
我抓数据漫无目的(指target),只抓自己有用和喜欢的东西,例如中日韩的邮政编码
、喜欢的图片……,不卖钱不外传也从不帮别人抓,商业数据一点兴趣(用处)也没有,可能去抓还惹来一身骚,后果严重,俺要为人生倒数的几年着想啊最后告诉你,我现在还没法对付的就是――图片瀑布墙
------解决方案--------------------
补充一下
无论你是用 cookie、session还是token都不能达到防范的作用
因为检查的是客户端回传的数据与服务端预设的是否一致
那么好了,我只要将采集的动作分为两步:
1、进入你的ajax页面,你的网站就会把验证的相关数据发给我。因为你的ajax提交也是要验证的
2、向目标页发送请求,此时与你的ajax请求是一样携带验证数据的
The Continued Use of PHP: Reasons for Its EnduranceApr 19, 2025 am 12:23 AMWhat’s still popular is the ease of use, flexibility and a strong ecosystem. 1) Ease of use and simple syntax make it the first choice for beginners. 2) Closely integrated with web development, excellent interaction with HTTP requests and database. 3) The huge ecosystem provides a wealth of tools and libraries. 4) Active community and open source nature adapts them to new needs and technology trends.
PHP and Python: Exploring Their Similarities and DifferencesApr 19, 2025 am 12:21 AMPHP and Python are both high-level programming languages that are widely used in web development, data processing and automation tasks. 1.PHP is often used to build dynamic websites and content management systems, while Python is often used to build web frameworks and data science. 2.PHP uses echo to output content, Python uses print. 3. Both support object-oriented programming, but the syntax and keywords are different. 4. PHP supports weak type conversion, while Python is more stringent. 5. PHP performance optimization includes using OPcache and asynchronous programming, while Python uses cProfile and asynchronous programming.
PHP and Python: Different Paradigms ExplainedApr 18, 2025 am 12:26 AMPHP is mainly procedural programming, but also supports object-oriented programming (OOP); Python supports a variety of paradigms, including OOP, functional and procedural programming. PHP is suitable for web development, and Python is suitable for a variety of applications such as data analysis and machine learning.
PHP and Python: A Deep Dive into Their HistoryApr 18, 2025 am 12:25 AMPHP originated in 1994 and was developed by RasmusLerdorf. It was originally used to track website visitors and gradually evolved into a server-side scripting language and was widely used in web development. Python was developed by Guidovan Rossum in the late 1980s and was first released in 1991. It emphasizes code readability and simplicity, and is suitable for scientific computing, data analysis and other fields.
Choosing Between PHP and Python: A GuideApr 18, 2025 am 12:24 AMPHP is suitable for web development and rapid prototyping, and Python is suitable for data science and machine learning. 1.PHP is used for dynamic web development, with simple syntax and suitable for rapid development. 2. Python has concise syntax, is suitable for multiple fields, and has a strong library ecosystem.
PHP and Frameworks: Modernizing the LanguageApr 18, 2025 am 12:14 AMPHP remains important in the modernization process because it supports a large number of websites and applications and adapts to development needs through frameworks. 1.PHP7 improves performance and introduces new features. 2. Modern frameworks such as Laravel, Symfony and CodeIgniter simplify development and improve code quality. 3. Performance optimization and best practices further improve application efficiency.
PHP's Impact: Web Development and BeyondApr 18, 2025 am 12:10 AMPHPhassignificantlyimpactedwebdevelopmentandextendsbeyondit.1)ItpowersmajorplatformslikeWordPressandexcelsindatabaseinteractions.2)PHP'sadaptabilityallowsittoscaleforlargeapplicationsusingframeworkslikeLaravel.3)Beyondweb,PHPisusedincommand-linescrip
How does PHP type hinting work, including scalar types, return types, union types, and nullable types?Apr 17, 2025 am 12:25 AMPHP type prompts to improve code quality and readability. 1) Scalar type tips: Since PHP7.0, basic data types are allowed to be specified in function parameters, such as int, float, etc. 2) Return type prompt: Ensure the consistency of the function return value type. 3) Union type prompt: Since PHP8.0, multiple types are allowed to be specified in function parameters or return values. 4) Nullable type prompt: Allows to include null values and handle functions that may return null values.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
SublimeText3 English version
Recommended: Win version, supports code prompts!
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
SublimeText3 Mac version
God-level code editing software (SublimeText3)
MinGW - Minimalist GNU for Windows
This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.
Atom editor mac version download
The most popular open source editor
