如何建立到我网站上页面的安全链接？ [英] How do I make a secure link to a page on my website?

问题描述

所以我想要做的是在外部网站（例如：externalsite.com）上有一个链接到mywebsite.com/page.php，我只需要点击链接externalsite.com将允许您访问mywebsite.com/page.php。
用户不能简单地在他们的浏览器中输入它，我该怎么做？

so what I would like to do is have a link on an external website (example: externalsite.com) that will go to mywebsite.com/page.php, and I need to make it so ONLY clicking on the link from externalsite.com will allow you to access mywebsite.com/page.php. The user cannot simply type it in their browser to get there, how would I go about doing this?

推荐答案

鉴于没有任何方法是100％安全的，我将向您展示一个非常简单，过于不安全的方法，它可以在任何框架中工作，因为它是纯JavaScript。请记住，这只是作为一般规则而设计的，绝不是黑客证明。

Given that no method is 100% secure, I'll show you a very easy, overtly insecure method that will work in any framework because it's pure JavaScript. Keep in mind that this is designed to work only as a general rule and is in no way "hacker proof".

只需将此脚本添加到 mywebsite.com/page.php 。它将重定向任何未被 externalside.com 上的页面引用的请求。

Simply add this script to your mywebsite.com/page.php. It will redirect any request that isn't referred by a page on externalside.com.

var referrer = document.referrer;
referrer = referrer.toLowerCase();
if (referrer.indexOf("/externalsite.com") == -1) && referrer.indexOf(".externalsite.com") == -1) {
    window.location.href = "http://mysite.com/accessdenied.php"
} else {
    document.findElementById("myBody").style.display = "block";
}

要绕过整个如果你禁用JavaScript，这不会工作，你白痴困境，将 id =myBodystyle =display：none;添加到你网页的< ; body> tag：除非启用JavaScript并验证引用URL，否则不会显示该页面。另外，我不是白痴。

To get around the whole "if you disable JavaScript, this doesn't work, you idiot" dilemma, add id="myBody" style="display: none;" to your page's <body> tag: the page will not be displayed unless JavaScript is enabled and validates the referring URL. Also, I'm not an idiot.

有几种方法可以绕过这种方法：欺骗引用网址，使用FireBug删除显示：无，查看页面的来源并在本地计算机上重新创建，等等。这种方法比安全功能更具威慑力。

There are several ways to bypass this method: spoof the referring url, use FireBug to remove display: none, view the source of the page and recreate it on your local machine, etc. This method is more of a deterrent than a security feature.

这篇关于如何建立到我网站上页面的安全链接？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！