如何在php中验证请求服务器? [英] how to verify the requesting server in php?

问题描述

我有一个php页面"server1.com/page1.php"(不是真实的)和另一个页面"server2.com/page2.php"

I have a php page "server1.com/page1.php" (not real) and another page "server2.com/page2.php"

page1.php根据URL传递的参数进行响应，该参数可以来自任何服务器.

page1.php response according to the parameter passed by URL which can come from any server.

但是如何检查是否从"server2.com/page2.php"调用了"server1.com/page1.php".

but how can i check that whether "server1.com/page1.php" is called from "server2.com/page2.php" or not.

预先感谢

推荐答案

可以通过多种方式实现.

There are many ways this could be implemented.

最简单的方法是检查$ _SERVER ['HTTP_REFERER']是否匹配，尽管这不是100％可靠，也不是真正的安全性.

This easiest way is to check the $_SERVER['HTTP_REFERER'] to see if it matches, although this is not 100% reliable, and is not true security.

第二种方法是使用PHP的会话功能.不过，这将要求两台服务器使用共享的会话跟踪区域，这是一种更为高级的服务器设置.

A second method would be to use PHP's session functionality. This would require that the two servers use a shared session tracking area though, which is a much more advanced server setup.

第三种方法是使用共享的MySQL服务器，两者都可以访问以验证请求.这将引入延迟，这可能会降低请求的速度.

A third method would be to use a shared MySQL server that both can access to verify requests. This will introduce latency, which may slow down the request a bit.

第四种方法是使用对原始服务器的回叫以确认它确实发出了请求. Server2向Server1发出请求，然后Server1与Server2联系，并询问刚收到的请求是否确实来自它.

A fourth method would be to use a call back to the originating server to verify it did make the request. Server2 makes the request to Server1, then Server1 contacts Server2 and asks if the request it just received actually came from it.

第五种方法是使用私钥/公钥对对您的请求进行签名.通过这种方式，您可以确保请求明确来自请求的服务器.

A fifth method is to sign your request using a private/public key pair. This way you can verify for sure that the request came specifically from the server it claims it is.

这篇关于如何在php中验证请求服务器?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！