如何在CakePHP中生成安全的私有网址? [英] How to generate secure private urls in CakePHP?
问题描述
我喜欢为使用者为他的项目建立安全网址(删除和编辑连结)。
这是我的实际网址
http:// localhost / project / blogs / delete / 1 / test-titlepre>
我想要做的是
http: / localhost / project / blogs / delete / 4324143563443 / test-title(一些由salt +用户授权ID组成的哈希)
$ b b我的主要目的是创建一个安全哈希以及删除和编辑方法的URL。
有什么自定义方法吗?
我在CakePHP安全功能中搜索了 http:// book .cakephp.org / 2.0 / en / core-utility-libraries / security.html ,不确定是否正确的方法,或不确定使用哪个算法)
<首先,虽然我不太清楚如何/为什么你想这样做,它听起来像你想通过模糊其URL的保护这些链接。这被称为安全通过隐身,通常被人。病。
在Cake(和大多数应用程序)中,通常的方法是允许用户登录(参见: Auth Component ),然后,例如,在您的删除操作(即URL / delete / 1)中,请求将检查有效的用户会话,并且用户有足够的
虽然我会强烈推荐,但如果你希望创建这些模糊的URL,那么你应该使用 Security :: hash(); 。这个问题是,你不能只是哈希id,然后直接从哈希值确定id(这是整个点!)。相反,你需要将散列存储在数据库中,然后查询散列(每个帖子可以有一个唯一的散列从id或只是随机数据生成)。
I like to create a secure URL for a user for his entries (delete and edit links).
for ex, this is my actual URL
http://localhost/project/blogs/delete/1/test-titlewhat i want to do is,
http://localhost/project/blogs/delete/4324143563443/test-title (some hash made of salt+user auth id)My main purpose is to create a secure hash along with the URL for delete and edit method. Is there any custom method's available? I searched in CakePHP Security functions http://book.cakephp.org/2.0/en/core-utility-libraries/security.html and not sure whether its the right way to do it or not sure which algorith to use)
解决方案Firstly, although I am not quite clear on how/why you want to do this, it sounds like you want to "protect" these links through obscuring their URL's. This is known as "Security through Obscurity" and is generally frowned upon.
In Cake (and most apps), the usual way to achieve this is to allow users to login (see: Auth Component) and then, for example, in your delete action (i.e. for the URL /delete/1) requests would be checked for a valid user session, and that the user has sufficient permissions to delete.
Although I would strongly reccommend otherwise, if you did wish to create these obscure URLs then you should probably use Security::hash();. The problem with this is that you wouldn't be able to just hash the id and then determine the id from the hash directly (thats the whole point!). Instead you would need to store the hashes in the database and then query for the hash (each post could have a unique hash generated either from the id or just random data, either would do).
这篇关于如何在CakePHP中生成安全的私有网址?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
