Home >Backend Development >PHP Tutorial >PHP security development: Add random string verification to prevent forged cross-site requests_PHP tutorial
Yahoo’s way to deal with fake cross-site requests is to add a random string called .crumb to the form; Facebook has a similar solution, and its forms often have post_form_id and fb_dtsg.
A common and cheap prevention method is to add a random and frequently changing string to all forms that may involve user writing operations, and then check this string when processing the form. If this random string is associated with the current user identity, it will be more troublesome for the attacker to forge requests. Now the prevention methods are basically based on this method
Implementation of random string code
We follow this idea and copy the implementation of crumb. The code is as follows:
Construct a form
Insert a hidden random string crumb into the form
http://www.bkjia.com/PHPjc/326620.html