恶意用户是否有可能编辑$ _SESSION? [英] Is it possible for a malicious user to edit $_SESSION?
问题描述
我将一些重要信息保存在$_SESSION
中,而不是在$_COOKIE
中.所以,我的问题,这很危险吗?还是可以防止恶意用户尝试对其进行编辑,我还好吗?
谢谢.
I save some important info in $_SESSION
, not in $_COOKIE
. So, my question, is it dangerous? Or is it protected from malicious users trying to edit it and I'm fine?
Thank you.
顺便说一句,是否还可以编辑$_COOKIE
?我听说可以,但是如果可以,怎么办?
By the way, is it possible also to edit $_COOKIE
? I heard yes, but if yes, then how?
推荐答案
$_SESSION
存储在服务器端.黑客可以做的最好的事情就是用另一个用户的会话代替现有的会话,但是黑客不能在$_SESSION
中插入任意数据.但是,$_COOKIE
是存储在客户端的,因此,黑客可以通过仅编辑cookie来将任意数据插入cookie.
$_SESSION
is stored server-side. The best a hacker could do would be substitute another user's session for the existing session, but the hacker could not insert arbitrary data into $_SESSION
. $_COOKIE
is, however, stored client-side, so a hacker can insert arbitrary data into the cookie, by just editing the cookie.
这篇关于恶意用户是否有可能编辑$ _SESSION?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!