保护网页内容 [英] Protect web content

问题描述

大家好，


我是一名网络开发人员，我最近变得非常注重安全。


所以两个问题适合你和任何帮助表示感谢。


1）我对通过查看页面源向所有人透露我的网络代码表示犹豫。 Web浏览器的功能。显然，源评论可能会揭示出一些影响安全性的提示。有没有办法阻止人们看到这个？


2）作为Web开发人员（尤其是PHP）我想知道如何限制我的程序只在特定域上运行。这样，如果有人窃取了我的代码，他就无法将其部署在他的服务器上。



感谢您的帮助


peter

Hi All,

I am a web developer and I am lately becoming fairly security conscious.

So two questions for you and any help appreciated.

1)I have my hesitations about my web code being revealed to everyone through the "view page source" feature of web browsers. Apparently the source review may reveal quite a few hints that affect security. Is there a way to prevent people from seeing this?

2)Being a web developer (especially PHP) I would like to know how I can restrict my programs to run on specific domains only. In this way if someone steals my code he can not deploy it on his server.


Thanks for your help all

peter

推荐答案

大家好，


我是网络开发人员我最近变得相当注重安全。


所以两个问题对你和任何帮助表示赞赏。


1）我对此犹豫不决我的网络代码通过查看页面源向所有人显示。 Web浏览器的功能。显然，源评论可能会揭示出一些影响安全性的提示。有没有办法阻止人们看到这个？


2）作为Web开发人员（尤其是PHP）我想知道如何限制我的程序只在特定域上运行。这样，如果有人窃取了我的代码，他就无法将其部署在他的服务器上。



感谢您的帮助


peter

Hi All,

I am a web developer and I am lately becoming fairly security conscious.

So two questions for you and any help appreciated.

1)I have my hesitations about my web code being revealed to everyone through the "view page source" feature of web browsers. Apparently the source review may reveal quite a few hints that affect security. Is there a way to prevent people from seeing this?

2)Being a web developer (especially PHP) I would like to know how I can restrict my programs to run on specific domains only. In this way if someone steals my code he can not deploy it on his server.


Thanks for your help all

peter

根本不应该在客户端提供任何安全信息。如果有，你需要考虑改变它。查看源代码将显示您的所有客户端代码，并且您无能为力。在任何情况下，这不应该真正影响你（除非你有秘密信息，不应该在那里首先！）


如果它是PHP，那是'服务器端，只要您的Web服务器等是安全的，没有人可以只使用您的PHP脚本。即使您将PHP编程为在特定域上运行（如果可以的话），如果有人确实抓住了您的代码，那就不够好了，因为他们可以轻松地改变它。只要你保证一切都完全安全，我不需要在这方面担心太多。


也许其他人可以给你更多的见解。


希望有所帮助。

There should be no secure information on the client side at all. If there is, you need to consider changing that. View Source will show all your client-side code and there''s not much you can do about it. In any case, this should not really affect you (unless you have secret information which should not be there in the first place!)

If it''s PHP, that''s server side so as long as your web server, etc. is secure, no one can just take your PHP scripts. Even if you program your PHP to run on specific domains (if you can), that''s not good enough if someone does actually get hold of your code because they can easily alter that. As long as you''ve kept everything fully secure I don''t you need to worry too much on that aspect.

Maybe someone else can give you more insight on this.

Hope that helps.

大家好，


我是一名网络开发人员，我最近变得非常注重安全。


所以两个问题对你和任何帮助表示赞赏。


1）我对通过查看页面源向所有人透露我的网络代码表示犹豫。 Web浏览器的功能。显然，源评论可能会揭示出一些影响安全性的提示。有没有办法阻止人们看到这个？


2）作为Web开发人员（尤其是PHP）我想知道如何限制我的程序只在特定域上运行。这样，如果有人窃取了我的代码，他就无法将其部署在他的服务器上。



感谢您的帮助


peter

Hi All,

I am a web developer and I am lately becoming fairly security conscious.

So two questions for you and any help appreciated.

1)I have my hesitations about my web code being revealed to everyone through the "view page source" feature of web browsers. Apparently the source review may reveal quite a few hints that affect security. Is there a way to prevent people from seeing this?

2)Being a web developer (especially PHP) I would like to know how I can restrict my programs to run on specific domains only. In this way if someone steals my code he can not deploy it on his server.


Thanks for your help all

peter

关于第一个问题，无论如何，如果你有东西，人们将能够查看HTML源代码，你可以做很多事情。你不想被人看到你的服务器端保持你的PHP并且不显示它们。不知道你试图用问题2做什么，如果有人窃取你的PHP代码然后他们有它我怀疑除非你做某种密码保护你将能够阻止他们打开文件。


Aric

There isn''t a whole lot you can do about the first problem persons are going to be able to view the HTML source no matter what, if you have things you don''t want to be seen keep them server side with your php and don''t display them. Not sure what your trying to do with question 2 if someone steals your php code then they have it I doubt unless you do some kind of password protecting you will be able to prevent them from opening the file.

Aric

根据我的经验，为了让人们看到你的PHP代码，他们需要在你的服务器上，这意味着你有一大堆其他的问题比人们看到你的脚本！也就是说，您接受用户输入的任何地方都是可能的攻击向量，并且相应的编码器需要对收到的数据进行清理。表单和URL变量是两个这样的向量。阅读SQL注入攻击和XSS（跨站点脚本）攻击以了解更多信息。


此外，请记住，用户始终可以看到您的所有HTML和JavaScript，但您无法做到这一点。所以在其他地方保留敏感材料。


最后，考虑有网站搜索网页，寻找名称为信用卡号的表单字段。和密码然后运行自动攻击试图破坏这些脚本。所以不要公然愚蠢。

In my experience, in order for people to see your PHP code they need to be on your server, and that means you''ve got a whole bunch of other problems than people seeing your script! That said, any place where you accept user input is a possible attack vector and the recieved data needs to be sanitized by you the coder accordingly. Forms and URL variables are two such vectors. Read up on SQL Injection attacks and XSS (cross site script) attacks to learn more.

Also, remember all of your HTML and javascript is visible by the user at all times, there is nothign you can do about it. So keep sensitive material elsewhere.

Lastly, consider there are bots that scour the web looking for form fields with names like "credit card number" and "password" and then run automated attacks trying to compromise those scripts. So don''t be blatantly stupid.

这篇关于保护网页内容的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！