JQuery的阿贾克斯投票 [英] JQuery Ajax Voting
问题描述
我用这 JQuery的阿贾克斯表决系统指南作为一个粗略的参考,但我在这个安全性的小烦恼。眼下本指南主要存储的东西的ID,并为其投票的统计信息。
I am using this JQuery Ajax Voting system guide as a rough reference but I am a little troubled at the security of this. Right now this guide basically stores the ID of something and the vote statistics for it.
我想去过类似的想法,但我需要包括用户ID,以及使用户只能投票一次。它被保存在一个PHP会话变量,我想知道,如果AJAX页面被调用将有机会获得该会话与否。如果不是,是通过在参数,因此它不能被一个中间人攻击劫持或伪造的安全方式。
I'd like to go off a similar idea but I need to include the userID as well so a user can only vote once. This is stored in a PHP session variable and I was wondering if the ajax page that gets called will have access to that session or not. If not, what is a safe way of passing in the parameter so it can't be hijacked by a man in the middle attack or faked.
推荐答案
服务器将通过AJAX调用访问会话数据,只要你做的 在session_start();
在脚本的顶部。你还应该确保你净化你的数据,因为我看到的教程是做查询,而不通过的 mysql_real_escape_string
。你也应该做 唯一键(USER_ID, ID)
的投票表格,以确保有没有愚弄。
The server will have access to the session data through the AJAX call as long as you do session_start();
at the top of your script. You should also make sure you sanitize your data, as I see that tutorial is doing queries without passing the data through mysql_real_escape_string
. You should also do UNIQUE KEY(user_id, id)
on the votes table to ensure there's no dupes.
这篇关于JQuery的阿贾克斯投票的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!