使用框架时是否有可能篡改过帐数据 [英] is it possible to tamper post data when using frames

问题描述

我有一个使用框架的网站.仍然可以通过浏览器让某人使用地址栏来制作其中一帧的发布数据吗?其中两个框架是静态的，另一个框架具有php页面，这些页面使用post进行通信.而且似乎不可能，但我想确定.

I have a site that is using frames. Is it still possible from the browser for someone to craft post data for one of the frames using the address bar? 2 of the frames are static and the other frame has php pages that communicate using post. And it doesn't appear to be possible but I wanted to be sure.

推荐答案

否，无法从地址栏中 POST 数据.您只能通过在URL中添加参数来从那里发起 GET 请求. POST正文无法以这种方式连接.

No, it is not possible to POST data from the address bar. You can only initiate GET requests from there by adding params to the URL. The POST Body cannot be attached this way.

无论如何，很有可能将框架中页面的POST请求发送到您的Web服务器. HTTP只是浏览器和网络服务器相互通信的协议. HTTP对框架或HTML一无所知.框架中的页面具有URI，就像其他任何页面一样.单击链接时，浏览器会询问服务器该URI是否具有某物.服务器将检查它是否具有用于该URI的内容，并做出相应的响应.它不知道会返回什么.

Regardless of this, it is very much possible to send POST requests to your webserver for the pages in a frame. HTTP is just the protocol with which your browser and webserver talk to each other. HTTP knows nothing about frames or HTML. The page in the frame has a URI, just like any other page. When you click a link, your browser asks the server if it has something for that URI. The server will check if it has something for that URI and respond accordingly. It does not know what it will return though.

使用 Firefox篡改数据或

With tools like TamperData for Firefox or Fiddler for IE anyone can tinker with HTTP Requests send to your server easily.

这篇关于使用框架时是否有可能篡改过帐数据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！