避免从网站数据库“刮取数据"的主要技术 [英] Top techniques to avoid 'data scraping' from a website database
问题描述
我正在使用PHP和MySQL设置一个站点,该站点本质上只是现有数据库的Web前端.可以理解,我的客户非常希望防止任何人能够复制数据库中的数据,但同时又希望所有内容都公开可用,甚至希望查看全部"链接来显示数据库中的每条记录.
I am setting up a site using PHP and MySQL that is essentially just a web front-end to an existing database. Understandably my client is very keen to prevent anyone from being able to make a copy of the data in the database yet at the same time wants everything publicly available and even a "view all" link to display every record in the db.
尽管我已采取一切措施来防止诸如SQL注入攻击之类的攻击,但没有什么可以阻止任何人以html格式查看所有记录并运行某种脚本来将此数据解析回另一个数据库中.即使我要删除查看全部"链接,从理论上讲,仍然有人可以使用自动化过程来逐条浏览每条记录,然后将它们编译到新数据库中,本质上是捏紧所有信息.
Whilst I have put everything in place to prevent attacks such as SQL injection attacks, there is nothing to prevent anyone from viewing all the records as html and running some sort of script to parse this data back into another database. Even if I was to remove the "view all" link, someone could still, in theory, use an automated process to go through each record one by one and compile these into a new database, essentially pinching all the information.
任何人都有防止或什至阻止他们分享的好的策略吗?
Does anyone have any good tactics for preventing or even just detering this that they could share.
推荐答案
如果数据已发布,则Internet上的所有人都可以看到并访问这些数据.这包括您想看到它的人和您不想看到的人.
If the data is published, it's visible and accessible to everyone on the Internet. This includes the people you want to see it and the people you don't.
您不能同时拥有这两种方式.您可以这样做,以便只能通过帐户看到数据,而人们将创建帐户来处理数据.您可以这样做,以便只能从已批准的IP地址中看到数据,然后人们会在获取信息之前先经过步骤以获取批准.
You can't have it both ways. You can make it so that data can only be visible with an account, and people will make accounts to slurp the data. You can make it so that the data can only be visible from approved IP addresses, and people will go through the steps to acquire approval before slurping it.
是的,您很难获得它,但是如果您希望它对普通用户来说很方便,那么您也需要使它对恶意用户也很方便.
Yes, you can make it hard to get, but if you want it to be convenient for typical users you need to make it convenient for malicious ones as well.
这篇关于避免从网站数据库“刮取数据"的主要技术的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
