AJAX的安全VS常规表单数据 [英] Security of ajax vs regular form data

问题描述

只是想知道在安全的差异

Just wondering on the difference in security of

<input type="hidden" name="id" value="<?php echo $id; ?>">

VS

jQuery(this).ajaxSubmit({
data: { id: '<?php echo $id; ?> }
});

发送表单数据时。有个方法更容易受到黑客攻击比其他？什么是安全地发送表单数据，因此外人无法篡改或更改ID号的最佳方式？

when sending form data. Is one method more vulnerable to hacking than the other? What is the best way to securely send form data so outsiders can't tamper with or change the id number?

推荐答案

有一个在安全没有区别。在这两种情况下，HTTP POST请求被发送到服务器，并且响应从所述服务器接收的。除了请求或许有些头，服务器甚至没有真的知道也不关心所不同的是，两者之间有什么。

There is no difference in the security. In both cases, an HTTP POST request is sent to the server and a response is received from the server. Aside from perhaps some headers in the request, the server doesn't even really know or care what the difference is between the two.

要说明这一点，看看在你的浏览器调试工具提交常规表单POST时（萤火虫或Chrome浏览器的工具）和AJAX POST的网络请求。这两个非常接近相同，保存浏览器也许增加一个头两个为AJAX之一。

To illustrate, take a look at the Network requests in your browser debugging tools (Firebug or Chrome tools) when submitting a regular form POST and an AJAX POST. The two are very close to identical, save for the browser maybe adding another header or two for the AJAX one.

什么是安全地发送表单数据，因此外人无法篡改或更改ID号的最佳方式？

What is the best way to securely send form data so outsiders can't tamper with or change the id number?

没有。任何精明的用户可以手动工艺HTTP POST请求，包括他们想要的任何数据。浏览器，这些天甚至有方便的工具来帮助本作的开发和调试。一般的规则是服务器端code到的永远的从客户端发送隐含信任的请求。始终验证用户具有访问权限做他们正在尝试做的，数据是没有恶意的，或正在使用它（特别是在数据库查询作为一个常见的​​例子），等等，否则前正确过滤。

There isn't. Any savvy user can manually craft an HTTP POST request to include any data they want. Browsers these days even have handy tools to help with this for development and debugging purposes. The general rule is for the server-side code to never implicitly trust requests sent from a client. Always validate that the user has access to do what they're trying to do, that the data isn't malicious or is otherwise properly sanitized before using it (particularly in database queries as a common example), and so on.

这篇关于AJAX的安全VS常规表单数据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！