js根据php生成的js变量a=1表示有某种动作的权限,这样安全吗?
比如ajax请求后台某种动作,得到php生成的js变量 var permission=1;
然后前台js根据这个permission去执行某种操作。
回复讨论(解决方案)
问题不大,如果担心有问题可以加一些验证。
js根据php生成的js变量a=1表示有有 某种动作的权限,这样安全吗?
比如ajax请求后台某种动作,得到php生成的js变量 var permission=1;
然后前台js根据这个permission去执行某种操作。
ajax
权限
…… 你这样做问题不大,很多网站的注册就是通过ajax的方法来返回信息给页面的。
不过我还是建议在: 有某种动作的权限的时候在动作做做权限判断,毕竟js验证在客户端,谁知道会有神马问题呢。
为什么不安全?
ajax 不能跨域,所以指令只能来自你自己的服务器
如果你连自己的服务器都不信任了,那还有什么搞头?
如果在页面伪造一个全局变量var permission=1;
那然后前台js根据这个permission去执行某种操作。
这样是否可行
是谁伪造呢?
如果在页面伪造一个全局变量var permission=1;
那然后前台js根据这个permission去执行某种操作。
是谁伪造呢?
引用 4 楼 nowphp 的回复:
如果在页面伪造一个全局变量var permission=1;
那然后前台js根据这个permission去执行某种操作。
我知识面比较少,也不知道前端的JS会不会被黑客改写,比如我var a = 'xx'; 他能不能将我的脚本代码强行改成 var a = 'yy'; 什么的,如果不能的话那么就只剩下黑客自己制作的页面提交JS变量了
但你上面提到AJAX无法跨域我就安心了,然而实际上我却百度到好多ajax跨域提交的相关文章,那请问是怎么回事呢?
可以这么做。
但"根据这个permission去执行某种操作",这个也需做好权限判断。
毕竟js客户端可以修改。
加密 解密...
涉及到安全问题的数据都要考虑这个问题.几乎任何时候我们都不要信任从客户端发送回来的数据.
Dependency Injection in PHP: A Simple ExplanationMay 10, 2025 am 12:08 AMDependencyInjection(DI)inPHPenhancescodeflexibilityandtestabilitybydecouplingclassesfromtheirdependencies.1)UseConstructorInjectiontopassdependenciesviaconstructors,ensuringfullinitialization.2)EmploySetterInjectionforpost-creationdependencychanges,t
PHP DI Container Comparison: Which One to Choose?May 10, 2025 am 12:07 AMPimple is recommended for simple projects, Symfony's DependencyInjection is recommended for complex projects. 1)Pimple is suitable for small projects because of its simplicity and flexibility. 2) Symfony's DependencyInjection is suitable for large projects because of its powerful capabilities. When choosing, project size, performance requirements and learning curve need to be taken into account.
PHP Dependency Injection: What, Why, and How?May 10, 2025 am 12:06 AMDependencyInjection(DI)inPHPisadesignpatternwhereclassdependenciesarepassedtoitratherthancreatedinternally,enhancingcodemodularityandtestability.Itimprovessoftwarequalityby:1)Enhancingtestabilitythrougheasydependencymocking,2)Increasingflexibilitybya
Dependency Injection in PHP: The Ultimate GuideMay 10, 2025 am 12:06 AMDependencyInjection(DI)inPHPenhancescodemodularity,testability,andmaintainability.1)Itallowseasyswappingofcomponents,asseeninapaymentgatewayswitch.2)DIcanbeimplementedmanuallyorviacontainers,withcontainersaddingcomplexitybutaidinglargerprojects.3)Its
Optimize PHP Code: Reducing Memory Usage & Execution TimeMay 10, 2025 am 12:04 AMTooptimizePHPcodeforreducedmemoryusageandexecutiontime,followthesesteps:1)Usereferencesinsteadofcopyinglargedatastructurestoreducememoryconsumption.2)LeveragePHP'sbuilt-infunctionslikearray_mapforfasterexecution.3)Implementcachingmechanisms,suchasAPC
PHP Email: Step-by-Step Sending GuideMay 09, 2025 am 12:14 AMPHPisusedforsendingemailsduetoitsintegrationwithservermailservicesandexternalSMTPproviders,automatingnotificationsandmarketingcampaigns.1)SetupyourPHPenvironmentwithawebserverandPHP,ensuringthemailfunctionisenabled.2)UseabasicscriptwithPHP'smailfunct
How to Send Email via PHP: Examples & CodeMay 09, 2025 am 12:13 AMThe best way to send emails is to use the PHPMailer library. 1) Using the mail() function is simple but unreliable, which may cause emails to enter spam or cannot be delivered. 2) PHPMailer provides better control and reliability, and supports HTML mail, attachments and SMTP authentication. 3) Make sure SMTP settings are configured correctly and encryption (such as STARTTLS or SSL/TLS) is used to enhance security. 4) For large amounts of emails, consider using a mail queue system to optimize performance.
Advanced PHP Email: Custom Headers & FeaturesMay 09, 2025 am 12:13 AMCustomheadersandadvancedfeaturesinPHPemailenhancefunctionalityandreliability.1)Customheadersaddmetadatafortrackingandcategorization.2)HTMLemailsallowformattingandinteractivity.3)AttachmentscanbesentusinglibrarieslikePHPMailer.4)SMTPauthenticationimpr
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
SAP NetWeaver Server Adapter for Eclipse
Integrate Eclipse with SAP NetWeaver application server.
Notepad++7.3.1
Easy-to-use and free code editor
EditPlus Chinese cracked version
Small size, syntax highlighting, does not support code prompt function
MinGW - Minimalist GNU for Windows
This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.
ZendStudio 13.5.1 Mac
Powerful PHP integrated development environment
