用php安全删除db记录 [英] Safely deleting a db record with php

问题描述

我希望我不是OT。


我有以下问题：

我想要使用php脚本从我的数据库中删除记录。让我们说我是auth''d

我想删除记录ID 440.用一个简单的表格（获取或发布），我

将id发送到我的脚本并删除记录（DELETE FROM table WHERE

id = some_validated_input）。


问题是如果我是一个讨厌的人我只是写自己的表格并删除我想要的任何

记录（因为我已经认证）只需发送另一个ID。


是有没有办法让任意记录删除非平凡的PHP？我是
考虑一个哈希函数来替换真正的数据库ID（DELETE FROM表

WHERE record_hash = validated_form_hash），如果可能的话，不添加

很多服务器端计算。


你们如何应对这种情况？


谢谢，

-

MaXX

Hi,
I hope I''m not OT.

I have the following issue:
I want to delete a record from my db with a php script. Let''s say I''m auth''d
and I want to delete the record id 440. With a simple form (get or post), I
send the id to my script and delete the record (DELETE FROM table WHERE
id=some_validated_input).

The problem is if I''m a nasty guy I just write my own form and delete any
record I want (since I''m auth''d) by just sending another id.

Is there any way to make arbitrary record deletion non-trivial in php? I''m
thinking about a hash function to replace the real db id (DELETE FROM table
WHERE record_hash=validated_form_hash), if possible without adding an
awfull lot of server side computation.

How do you guys deal with that kind of situation?

Thanks,
--
MaXX

推荐答案

你应该有更详细的授权 - 不是只有auth''d

非auth''d，但每个用户都必须拥有其访问信息，因此系统

可以识别谁是那个想要删除的人。


然后你应该指定（例如）记录的所有者 - 在你的表中添加一列

，其中包含用户的标识符，允许谁

删除它（或用它做任何其他操作）。


如果你需要更多细节，你可以考虑定义用户组

（需要一个额外的简单表格）。


MaXX写道：

You should have more detailed authorization - not only auth''d
non-auth''d, but every user must have its access information, so system
can recognize who is that man who wants to delete.

Then you should specify (for example) owner of a record - add a column
to your table, which contains identifier of user, who is allowed to
delete it (or do any other operation with it).

If you need even more details, you may consider definition of usergroups
(need one extra simple table).

MaXX wrote:

我希望我不是OT。

我有以下问题：
我想用PHP脚本从我的数据库中删除一条记录。让我们说我是auth'
我想删除记录ID 440.用一个简单的表格（获取或发布），我将id发送到我的脚本并删除记录（DELETE FROM表WHERE
id = some_validated_input）。

问题是，如果我是一个讨厌的人我只是写自己的表格并删除我想要的任何
记录（因为我是认可的）只需发送另一个ID。

有没有办法让任意记录删除在PHP中非平凡？我正在考虑使用哈希函数替换真正的数据库ID（DELETE FROM表
WHERE record_hash = validated_form_hash），如果可能的话，不添加很多服务器端计算。

你们如何处理这种情况？

谢谢，

Hi,
I hope I''m not OT.

I have the following issue:
I want to delete a record from my db with a php script. Let''s say I''m auth''d
and I want to delete the record id 440. With a simple form (get or post), I
send the id to my script and delete the record (DELETE FROM table WHERE
id=some_validated_input).

The problem is if I''m a nasty guy I just write my own form and delete any
record I want (since I''m auth''d) by just sending another id.

Is there any way to make arbitrary record deletion non-trivial in php? I''m
thinking about a hash function to replace the real db id (DELETE FROM table
WHERE record_hash=validated_form_hash), if possible without adding an
awfull lot of server side computation.

How do you guys deal with that kind of situation?

Thanks,

Jiri Fogl写道：

Jiri Fogl wrote:

你应该有更详细的授权 - 不仅认证了非认证，而且每个用户都必须拥有其访问信息，因此系统
可以识别谁是那个想要删除的人。
在我的特殊情况下，问题是系统无法知道谁将会删除b $ b，因为没有明确的所有权。有问题的表是一个日志

，创建者是一个脚本。


你的建议对我项目的另一个领域非常有用......


另一个想法是只允许php脚本设置一个已删除的标志只有

隐藏记录并通过其他方式擦除或取消删除它们...

然后你应该指定（例如）记录的所有者 - 在你的表中添加一个列
，其中包含用户的标识符，允许谁删除它（或者做使用它的任何其他操作。
如果您需要更多细节，您可以考虑定义用户组
（需要一个额外的简单表格）。

You should have more detailed authorization - not only auth''d
non-auth''d, but every user must have its access information, so system
can recognize who is that man who wants to delete. The problem in my particular case, is that the system can''t know who will
delete as there is no explicit ownership. The table in question is a log
and the creator is a script.

Your suggestion can be very usefull for another area of my project...

Another idea is to only allow the php script to set a deleted flag wich only
hide the record and wipe or undelete them by other means ...
Then you should specify (for example) owner of a record - add a column
to your table, which contains identifier of user, who is allowed to
delete it (or do any other operation with it).
If you need even more details, you may consider definition of usergroups
(need one extra simple table).

数据库（postgresql）已经知道这一点，权利由

组（创建者INSERT，RO用户SELECT，Admins UPDATE [标记为

读取] / DELETE）设置。一些重大事件具有受保护的事件。 boolean避免通过php脚本删除
。当我想摆脱那些我使用PgAdmin

或psql作为超级用户删除它们。


重新考虑系统的时间......


谢谢，

-

MaXX

The database (postgresql) is already aware of this, the rights are set by
groups (creators INSERT, R-O users SELECT, Admins UPDATE[mark as
read]/DELETE). Some major events have a "protected" boolean to avoid
deletion by the php script. When I want to get rid of those I use PgAdmin
or psql as superuser to delete them.

Time to rethink the system...

Thanks,
--
MaXX

MaXX <峰; bs ****** @ skynet.be>写在

新闻：e2 ********** @ talisker.lacave.net：

MaXX <bs******@skynet.be> wrote in
news:e2**********@talisker.lacave.net:

问题是如果我是一个讨厌的人我只是写自己的表格并删除
我想要的任何记录（因为我是认证）只需发送另一个身份。

The problem is if I''m a nasty guy I just write my own form and delete
any record I want (since I''m auth''d) by just sending another id.

在您的数据库中，添加一个名为keystring的列。并索引它。填充

它有18个字符左右（在数据库中输入信息的同时写一个PHP函数，在

）。因此，

记录1的'keytring''可能是''9jfhdsufs8ywre''，而记录2可能是'b $ b''agsadgiwqegiqw''。


由于keytring已编入索引，您可以通过调用

" DELETE FROM so_and_so WHERE Keystring =''9jfhdsufs8ywre''"来删除它。机会很可怜，有些人可以猜到任何钥匙串和

因此会改变记录。


我用这个技术经常，特别是当允许用户访问文件时选择

.


见ya

in your database, add a column called "keystring" and index it. populate
it with 18 characters or so (write a PHP function that does this at the
same time you enter the info in the database). So, this ''keystring'' for
record 1 might be ''9jfhdsufs8ywre'' while record 2 might be
''agsadgiwqegiqw''.

Since the keystring is indexed, you can delete it from your DB by calling
"DELETE FROM so_and_so WHERE Keystring=''9jfhdsufs8ywre''" Chances are
pretty damn slim that someone will be able to guess any keystring and
therefore alter records.

I use this technique often, especially when allowing users access to pick
up files.

See ya

这篇关于用php安全删除db记录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！