Ajax中的安全性:如何防止cURL发布数据? [英] Security in Ajax: How to prevent cURL to post data?
问题描述
我一直到处寻找这种解决方案,这是我的问题。
I've gone around and looked for this solution for forever, here is my problem:
我有一个文件调用函数PHP,它将接收POST数据并根据数据执行PHP,例如:
I have a file call function.PHP, which will receive POST data and execute PHP according to data, example:
if ($_POST["data"] == "delete") //Do something to delete something
if ($_POST["data"] == "reset") //Do something here
因此,基本上,我可以从同一域中的Ajax使文件根据我的数据运行。 Ajax绝对不能在这里跨域。我的问题是在PHP中,我找到了一个函数cURL()可以将数据发布到我的PHP网站,并且我在Google上寻找了很多方法,但是我找不到任何解决方案来阻止人们使用cURL访问我的网站。我发现他们可以在Session中使用某些东西,但是即使我使用Session,也总是有一种传递它的方法(我在搜索时就已经看到了它)。
So basically I can Ajax from the same domain to make the file to run according to my data. Ajax absolutely can not cross domain here. My problem is in PHP, I found out a function call cURL() which can post data to my PHP site, and I have looked for a lot of methods on Google, but I can not find any solution to prevent people from cURL my site. I found out that they can use Session something, but even if I use Session, there always is a way to pass it (I've seen it while I made the search).
所以我的问题是:是否有阻止人们将数据发布到我的网站的方法?我很确定他们不能使用Ajax,但是我真的很担心PHP中的cURL。
So my question is: Is there anyway to prevent people to post data to my site? I'm pretty sure they can not using Ajax, but I really am worried about cURL in PHP.
我很感谢任何建议。
谢谢各位。
[x]
Thank you guys in advanced. [x]
推荐答案
在执行操作之前-检查当前用户是否具有执行此操作的权限。
Before you perform an action - check if current user has permissions to do that.
因此,没有任何特殊保护,只需编写您的普通代码(是的,在普通代码中,您必须检查权限)。
So there is no any special protection, just write your normal code (yes, in normal code you have to check permissions).
实际上(感谢@alex)浏览器完成了与curl完全相同的工作,因此甚至无法检测到您是从浏览器还是从作弊者那里获得请求。
Actually (thanks to @alex) browser does the absolutely same work like curl does, so it is not even possible to detect whether you get request from browser or from cheater.
这篇关于Ajax中的安全性:如何防止cURL发布数据?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
