阻止用户使用ajax提交自己的图像? [英] Prevent users from submitting their own image with ajax?
问题描述
我一直在努力让人们在画布上绘制内容并将其上传到服务器。
除了能够插入自己的图像的人(我的朋友测试过它)之外它工作正常。
I've been working on this way for people to draw stuff on canvas and upload it to the server. It works fine except for people being able to insert their own images (my friend tested it)
这是它的作用:
-
人员点击提交他们的画布保存到base64并使用$ .post()发送
Person clicks "submit" their canvas is saved into base64 and is sent using $.post()
$ .post()中的php文件运行并将文件保存到服务器中的文件
php file in the $.post() runs and saves the file to a file in the server
有没有办法阻止用户提交自己的图片,我已经检查了图片尺寸等等,但他们只是调整大小并提交。 (我不认为php绘制图像的能力会因我的小服务器而起作用)
Is there any way from preventing the user to be able to submit their own images, I already check image dimensions and so on but they'd just resize it and submit it. (I don't think php's ability to draw image rects would work due to my small servers)
推荐答案
<是否有任何阻止用户提交自己图像的方法
Is there any way from preventing the user to be able to submit their own images
不。
任何人都可以通过完全绕过客户端代码来上传他们想要的任何内容。除了hacky启发式之外,你无能为力。 (他们已经在页面上了一段时间吗?是否检测到鼠标移动或屏幕触摸?他们真的画了什么吗?)这些东西也可以伪造,这只是一个头发更麻烦的黑客。不要为此烦恼,你会为自己创造更多的问题,而不是你要解决的问题。
Anyone can upload whatever they want by completely bypassing your client-side code. There's nothing you can do about this, outside of hacky heuristics. (Have they been on the page awhile? Were mouse movements or screen touches detected? Did they actually draw something?) These sorts of things can also be faked, it's just a hair more hassle to hack around. Don't bother with this, you'll create more problems for yourself than you will solve.
这篇关于阻止用户使用ajax提交自己的图像?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
