PHP-防止客户端篡改表单ID [英] PHP - Prevent client from tampering the ID of a form

问题描述

如何修复此代码的安全性流：

How to fix the security flow of this code:

 <a href="http://localhost/mypay/admin/company/#" 
   data-pk="26" data-url="http://localhost/mypay/admin/company/update/profile" 
   id="name" 
   name="name" 
   data-type="text" 
   data-source="">dfg</a>

这使用了x可编辑的[bootstrap]- http://vitalets.github.io/x-editable/

This uses x-editable [bootstrap] - http://vitalets.github.io/x-editable/

我就是奇怪的是，如果客户端更改了数据的 PK主键，该如何提高我的应用程序的安全性。应该在哪里放置ID或我将采取什么其他安全措施来阻止ID这样做？

I am just curious how to improve my security for my application if ever the client changes the "PK" primary key of the data. Where should the ID must be placed or what other security measures I would create to prevent them in doing it?

我使用：Bootstrap和Codeigniter。

I use: Bootstrap and Codeigniter.

推荐答案

您必须在服务器端检查是否允许当前用户编辑此条目。不要试图保护客户端，这是不可能的。人们将始终能够在其计算机上编辑数据，当数据到达您控制的位置时，您有责任对其进行控制。

You'll have to check on the server side if the current user is allowed to edit this entry. Do not try to secure the client side, it is impossible. People will always be able to edit data on their computer, it is your responsibility to control it when it arrives at a place you control.

这篇关于PHP-防止客户端篡改表单ID的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！