在 cakephp 中使用“低"安全性的含义是什么? [英] What are the implications of using 'low' security in cakephp?
问题描述
我在 cakephp 中遇到了身份验证问题,当从外部站点放置凭据时,身份验证会起作用,然后立即丢失,站点再次提示输入登录信息.
I had an authentication problem in cakephp, when positing credentials from an external site the authentication would work, and then get immediately lost, with the site prompting for login information again.
此人确定 cakephp 会话 cookie 正在更改.他的解决方案是将安全性设置为低.
This guy determined that the cakephp session cookie was changing. His solution was to set security to low.
似乎在中等或高安全性蛋糕中进行了双重检查推荐人......但在点击身份验证时安全性低下工作正常-来自外部网站(如 hotmail 或 yahoo)的受保护链接
Seems like in medium or high security Cake makes a double check for referer... but with low security works fine when clicking auth- protected links from external sites like hotmail or yahoo
此解决方案也对我有用,但是将 cakephp 设置为低"安全性会丢失什么?
This solution also worked for me, but what I am losing by setting cakephp to 'low' security?
推荐答案
当安全性很高时,每个请求都会生成一个新的会话 ID.在这种情况下,通过共享会话 cookie 在两个应用程序之间创建单点登录解决方案实际上是不可能的,因为 Cake 会不断更改会话 ID,而不通知其他应用程序.
When security is high, a new session ID get generated on every request. It is practically impossible to create a single-sign-on solution between two applications by sharing a session cookie in this case, since Cake will constantly change the session ID without notifying the other application.
当安全性为中等(或更高)时,session.referer_check 已启用.
When security is medium (or higher), session.referer_check is enabled.
当安全性较低时,您没有上述任何一种功能,但它仍然与任何普通的 PHP 网站/CMS 一样安全.
When security is low, you don't have either of the above features, but it is still just as secure as any average PHP website/CMS out there.
这篇关于在 cakephp 中使用“低"安全性的含义是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
