在cakephp中使用“低”安全性的影响是什么？ [英] What are the implications of using 'low' security in cakephp?

问题描述

我在cakephp有一个身份验证问题，当从外部网站设置凭证时，身份验证将工作，然后立即丢失，网站再次提示登录信息。

I had an authentication problem in cakephp, when positing credentials from an external site the authentication would work, and then get immediately lost, with the site prompting for login information again.

这家伙确定cakephp会话cookie正在更改。他的解决方案是将安全性设置为低。

This guy determined that the cakephp session cookie was changing. His solution was to set security to low.

看起来像中或高安全性Cake对
referer进行双重检查。 ..但是低安全性的工作正常时，点击auth-
受保护的链接从外部网站，如hotmail或yahoo

Seems like in medium or high security Cake makes a double check for referer... but with low security works fine when clicking auth- protected links from external sites like hotmail or yahoo

推荐答案

当安全性高时，每个请求都会生成新的会话ID。在这种情况下，通过共享会话cookie，在两个应用程序之间创建单点登录解决方案几乎是不可能的，因为Cake会不断地更改会话ID而不通知其他应用程序。

When security is high, a new session ID get generated on every request. It is practically impossible to create a single-sign-on solution between two applications by sharing a session cookie in this case, since Cake will constantly change the session ID without notifying the other application.

当安全性为中等（或更高）时， session.referer_check 已启用。

When security is medium (or higher), session.referer_check is enabled.

安全性低时，您没有上述任何功能，但它仍然与任何平均PHP网站一样安全/ CMS在那里。

When security is low, you don't have either of the above features, but it is still just as secure as any average PHP website/CMS out there.

这篇关于在cakephp中使用“低”安全性的影响是什么？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！