保护SQL Server专用 [英] Protecting SQL Server for Private Usage

问题描述

所以我有一个问题.我有一台服务器，让我们称之为(testserver.net).现在，要更改数据库，我的应用程序将运行"testserver.net \ add.php".问题是任何人都可以运行它并更改我的数据库中的内容.在运行add.php中的代码之前，如何使它需要某种验证，因此没有人可以访问我的服务器?(就像密码之类的东西.)

So I have an issue. I have a server, lets call it (testserver.net). Right now, to change the database, from my application, my app runs "testserver.net\add.php". The problem is anyone can run that and change things in my database. How do I make it that needs some sort of verification before running the code in add.php so no one can just have access to my server? (Like a password or something).

推荐答案

创建令牌:1MBASFDFACAUYTUG ^％(！@ UUIASNSR * _- + LASQWFVSA4QWYUI12670，将该令牌安全地保存在您的应用程序中.

create a token : 1MBASFDFACAUYTUG^%(!@UUIASNSR*_-+LASQWFVSA4QWYUI12670 ,save this token safely with in your application.

每当您要调用add.php时，都要传递令牌，如:

Whenever you want to call the add.php pass the token like :

testserver.net?token=1MBASFDFACAUYTUG^%(!@UUIASNSR*_-+LASQWFVSA4QWYUI12670

add.php

$secret = $_POST['secret']; //use post or get
if($secret != $mySavedSecret){
    die('intruder!!')
}

这篇关于保护SQL Server专用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！