有没有办法验证php / javascript代码的完整性 [英] Is there a way to verify integrity of php/javascript code
问题描述
我们的应用程序在最终用户计算机上运行(apache2.x + php5)。此时
对于有权访问控制台的人来说,插入
a几行PHP代码来窃取敏感信息非常容易。
有没有办法用
使用数字签名/简单哈希/等检查php和javascript代码的完整性。 ?
你如何确认你的代码没有被某人更改
else并且所有内容都泄露给流氓网站?
感谢您的帮助
-Han
Our app runs on end-users machines (apache2.x + php5). At this moment
it is quite easy for someone (who has access to the console) to insert
a couple lines of php code to steal sensitive info.
Is there a way to check the integrity of the php and javascript code by
using digital signatures/simple hash/etc. ?
What do you do to verify that your code has not been changed by someone
else and everything is leaked to a rogue site?
Thanks for your help
-Han
推荐答案
Han写道:
Han wrote:
我们的应用程序在最终用户机器上运行(apache2.x + php5)。此时
某人(有权访问控制台)很容易插入几行PHP代码来窃取敏感信息。
有没有办法使用数字签名/简单哈希/等来检查php和javascript代码的完整性。 ?
你做了什么来验证你的代码没有被别人更改
否则一切都泄露给流氓站点?
感谢您的帮助
-Han
Our app runs on end-users machines (apache2.x + php5). At this moment
it is quite easy for someone (who has access to the console) to insert
a couple lines of php code to steal sensitive info.
Is there a way to check the integrity of the php and javascript code by
using digital signatures/simple hash/etc. ?
What do you do to verify that your code has not been changed by someone
else and everything is leaked to a rogue site?
Thanks for your help
-Han
文件的md5如果在
全部被篡改后会完全改变。
你可以使用php''md5(" path / to / file")''函数通过php检查
文件的完整性。
希望这会有所帮助。
iwp
the md5 of the files would change completly if it was tampered with at
all.
you can use the php ''md5("path/to/file")'' function to check the
integrity of files through php.
hope this helps.
iwp
>我们的应用运行于最终用户机器(apache2.x + php5)。此时
>Our app runs on end-users machines (apache2.x + php5). At this moment
某人(有权访问控制台)很容易插入几行php代码来窃取敏感信息。
如果你把敏感信息放在最不希望最终用户看到
最终用户的机器上,他们就没有必要"窃取"它,你已经给了他们
。
如果他们可以登录,为什么他们需要访问控制台
远程?
有没有办法通过
使用数字签名/简单哈希等来检查php和javascript代码的完整性。 ?
修改代码的任何人都可以简单地看到哈希是什么,而不是修改代码,然后修改代码以便始终发送。或者
他们可以修改代码以在未经修改的副本上执行哈希值
永远不会运行。
您如何验证您的代码没有被某人更改
其他所有内容都泄露给流氓网站?
it is quite easy for someone (who has access to the console) to insert
a couple lines of php code to steal sensitive info.
If you put sensitive info that you don''t want end-users to see on
end-user machines, they don''t have to "steal" it, you already gave
it to them.
And why would they need access to the console if they can log in
remotely?
Is there a way to check the integrity of the php and javascript code by
using digital signatures/simple hash/etc. ?
Anyone modifying the code can simply see what the hash is on
unmodified code and then modify the code to always send that. Or
they can modify the code to do the hash on an unmodified copy which
is never run.
What do you do to verify that your code has not been changed by someone
else and everything is leaked to a rogue site?
你不能。请记住,如果用户可以在显示器上查看您的代码,那么有人可以将网络摄像头对准该显示器并将其发送到任何地方。
您可以尝试使用防篡改的智能卡,但我不知道任何带图形显示或网络功能的b $ b。
Gordon L .Burditt
You can''t. Remember, if the user can view your code on a display,
then someone can aim a webcam at that display and send it anywhere.
You could try using a tamper-proof smart card, but I don''t know of any
of those with a graphical display or with networking capabilities.
Gordon L. Burditt
>>我们的应用程序在最终用户计算机上运行(apache2.x + php5)。此时
>> Our app runs on end-users machines (apache2.x + php5). At this moment
某人(有权访问控制台)很容易插入几行php代码来窃取敏感信息。
有没有办法通过使用数字签名/简单哈希/等来检查php和javascript代码的完整性。 ?
你做了什么来验证你的代码没有被别人更改
否则一切都泄露给流氓站点?
感谢您的帮助
-Han
it is quite easy for someone (who has access to the console) to insert
a couple lines of php code to steal sensitive info.
Is there a way to check the integrity of the php and javascript code by
using digital signatures/simple hash/etc. ?
What do you do to verify that your code has not been changed by someone
else and everything is leaked to a rogue site?
Thanks for your help
-Han
你可以使用的文件md5将完全改变。 php''md5(" path / to / file")''通过php检查文件完整性的功能。
the md5 of the files would change completly if it was tampered with at
all.
you can use the php ''md5("path/to/file")'' function to check the
integrity of files through php.
当然,直到,有人修改了他们的副本,以便路径/到/文件
指向一个*未修改的*副本,该副本从未运行但仅用于
来传递完整性检查。
Gordon L. Burditt
Until, of course, someone modifies their copy so that the path/to/file
points at an *unmodified* copy which is never run but is only used
to pass the integrity check.
Gordon L. Burditt
这篇关于有没有办法验证php / javascript代码的完整性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
