防止隐藏的输入被改变 [英] Prevent hidden input from being altered

问题描述

 < input type =hiddenvalue =North Miaminame =city> 
  

在提交表单之前，我通过JavaScript填充了有效城市名称的隐藏输入。假设有人想提交香蕉而不是城市名称。罪魁祸首可以通过像Firebug这样的DOM检查器轻松改变输入值。

如何确保隐藏的输入不会被篡改？我已经验证输入是针对攻击的，但只要我接受字母字符，就可以提交任何内容，因此 banana ...

编辑：我指的是一般隐藏的输入，而不仅仅是城市名称。任何由脚本填充的值和必须提交的值保持不变。

解决方案

有些想法：
$ b

仅限服务器端。这样做的最简单方法是使用会话变量（如 $ _ SESSION ），以便保留在服务器端的所有数据，但管理它并为用户保留单独的选项卡有开放分开可以得到一点棘手。此选项可防止用户查看或编辑信息。 使客户端携带加密的blob。把所有临时但受保护的数据，以某种方式组合起来（例如JSON），然后用只有服务器知道的秘密密钥加密整个事物。 Base64的结果并将其放入隐藏字段值。 （请注意，对于高安全性应用程序，您还需要在此过程中使用HMAC，以验证密文是否未被修饰。）此选项还可防止用户查看或编辑信息，但使用户可以轻松打开多个标签页。 。因此，当页面正在生成时，将所有现有的受保护变量，以某种方式与服务器端秘密值相结合，并将它们散列[修正：HMAC]。将散列存储在其自己的隐藏字段中。然后在用户提交之后，重复该过程并检查哈希是否匹配。如果没有，请在违反安全的页面上输入所有内容。 与所有加密技术一样，采用正确方式可能会非常棘手，并且取决于您加密/验证。在密码和密码模式等方面存在很多缺陷。最后，请记住，防止用户修改它并不意味着用户无法复制所有内容并在晚些时候或在另一个帐户下重复使用，除非您采取措施包括时间戳等。



This has been stressing me out.. I have a hidden input:

<input type="hidden" value="North Miami" name="city">

I'm populating the hidden input with valid city names via javascript prior to submitting the form. Suppose someone wants to submit Banana instead of a city name. The culprit can easily alter the input value via DOM inspectors like Firebug.

How can I ensure that the hidden inputs are not tampered with? I'm already validating the input against attacks but as long as I'm accepting alphabetical characters, anything can be submitted, hence banana...

Edit: I'm referring to hidden inputs in general, not just city names. Any value populated by a script and a value that must be submitted unaltered.

解决方案

Some ideas:

1. Server-side only. The easiest way to do this is to use session variables (like $_SESSION) so that all the data kept on the server side, but managing it and keeping separate tabs a user might have open separate can get a little tricky. This option prevents the user from seeing or editing the information.

2. Make the client carry an encrypted blob. Take all your "temporary but protected" data, combine it somehow (e.g. JSON) and then encrypt* the whole thing with a secret key known only to the server. Base64 the result and put that into the hidden field value. (Note that for a high-security application, you'll also want to work an HMAC into this process, which validates that the ciphertext hasn't been tinkered with.) This option also prevents the user from seeing or editing the information, but makes it easier to handle cases where one user has many tabs open.

3. Still use not-so-secret hidden input fields, but add an anti-tampering mechanism. So when the page is being generated, take all of your existing "protected" variables, combine them somehow with a server-side secret value, and hash [correction: HMAC] them. Store the hash in its own hidden field. Then after the user submits, you repeat the process and check if the hash matches. If it doesn't, have everything error with security-violation page.

*As with all cryptography, doing this the "right" way can be tricky and depends a lot on how you encrypt/verify. There are lot of pitfalls in terms of ciphers and cipher-modes etc.

Finally, remember that preventing people from modifying it doesn't mean a user can't copy everything and re-use it later or under another account, unless you take steps to include a "timestamp" etc.

这篇关于防止隐藏的输入被改变的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！