Web安全性，隐藏字段(没有敏感数据)是否存在问题? [英] Web security, are there issues with hidden fields (no sensitive data)?

问题描述

我正在与同事讨论.我们必须执行一些安全标准.我们知道不将敏感，地址，出生日期"信息存储在隐藏字段中，但是通常可以在您的应用程序中使用隐藏字段.

I was having a discussion with coworkers. We have to implement some security standards. We know not to store 'sensitive, addresses, date of birth' information in hidden fields but is it OK to use hidden fields for your application, in general.

例如:

action=goback

使用隐藏字段存储此类信息似乎比将其添加到查询字符串中更为安全.黑客可以将这些信息用于您的应用程序.

It seems like it would be safer to use hidden fields for that kind of information as opposed to adding it in the query string. It is one less piece of information that a hacker could use against your application.

推荐答案

通过使用拦截代理(或任何数量的工具)，黑客可以像查询字符串值一样轻松地访问隐藏字段.

A hacker can access hidden fields just as easily as querystring values by using an intercepting proxy (or any number of tools).

我认为使用隐藏字段没有任何问题，只要它们不用于敏感内容，您就可以像对待客户端的其他任何值一样验证它们.

I dont think there is anything wrong with using hidden fields as long as they aren't used for anything sensitive and you validate them like you would any other value from the client.

这篇关于Web安全性，隐藏字段(没有敏感数据)是否存在问题?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！