为什么会" / ID"作为一个HTTP GET参数将是一个安全漏洞? [英] Why would "/id" as a HTTP GET parameter would be a security breach?
问题描述
在试图调试我与谷歌,里面存放返回Apache的406错误的OpenID实现,我最终发现,我的托管公司不允许通过包含/ ID作为一个GET参数(像例如一个字符串的.php?anyattribute =%2Fid一旦URL连接codeD)。
While trying to debug my openid implementation with Google, which kept returning Apache 406 errors, I in the end discovered that my hosting company does not allow to pass a string containing "/id" as a GET parameter (something like "example.php?anyattribute=%2Fid" once URL encoded).
这是相当恼人的,因为谷歌OpenID端点包括该字的死亡/ ID( https://开头谷歌。 COM /帐号/ O8 / ID ),所以我的应用程序将返回每次我与谷歌登录,因为这在时间上406错误。我联系了我是谁告诉我的托管公司这已经为安全起见取消。
That's rather annoying as Google openid endpoint includes this death word "/id" (https://google.com/accounts/o8/id) so my app is returning 406 errors every time I log in with Google because of this. I contacted my hosting company who told me this has been deactivated for security purposes.
我可以使用POST,肯定的。但是,有没有人有一个想法,为什么这可能会导致安全问题???
I could use POST instead, for sure. But has anyone got an idea why this could cause security problems ???
推荐答案
它不能,您的主机是愚蠢。有什么魔力字符串 / ID 。
It can't, your host is being stupid. There's nothing magical about the string /id.
有时候,人们做蠢事与字符串 / ID ,就像假设没有人会猜到接下来,让 example.com/ mysensitivedata / ID / 3 / 显示我的数据,因为我的用户有 ID 3,而作为偷偷摸摸的排序,我不知道如果我定位到发生了什么 example.com/mysensitivedata/id/4 / ,和你的网站一味让我通过看别人的东西。
Sometimes people do stupid things with the string /id, like assuming no one is going to guess what follows, so that example.com/mysensitivedata/id/3/ shows my data because my user has id 3, and being the sneaky sort, I wonder what happens if I navigate to example.com/mysensitivedata/id/4/, and your site blindly lets me through to see someone else's stuff.
如果那种攻击伤了你的网站,您的主机没有mollycoddling的金额将帮助你啦。
If that sort of attack breaks your site, no amount of mollycoddling by your host will help you anyway.
这篇关于为什么会" / ID"作为一个HTTP GET参数将是一个安全漏洞?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
