如何建立到我网站上页面的安全链接? [英] How do I make a secure link to a page on my website?
问题描述
所以我想要做的是在外部网站(例如:externalsite.com)上有一个链接到mywebsite.com/page.php,我只需要点击链接externalsite.com将允许您访问mywebsite.com/page.php。
用户不能简单地在他们的浏览器中输入它,我该怎么做?
so what I would like to do is have a link on an external website (example: externalsite.com) that will go to mywebsite.com/page.php, and I need to make it so ONLY clicking on the link from externalsite.com will allow you to access mywebsite.com/page.php. The user cannot simply type it in their browser to get there, how would I go about doing this?
推荐答案
鉴于没有任何方法是100%安全的,我将向您展示一个非常简单,过于不安全的方法,它可以在任何框架中工作,因为它是纯JavaScript。请记住,这只是作为一般规则而设计的,绝不是黑客证明。
Given that no method is 100% secure, I'll show you a very easy, overtly insecure method that will work in any framework because it's pure JavaScript. Keep in mind that this is designed to work only as a general rule and is in no way "hacker proof".
只需将此脚本添加到 mywebsite.com/page.php
。它将重定向任何未被 externalside.com
上的页面引用的请求。
Simply add this script to your mywebsite.com/page.php
. It will redirect any request that isn't referred by a page on externalside.com
.
var referrer = document.referrer;
referrer = referrer.toLowerCase();
if (referrer.indexOf("/externalsite.com") == -1) && referrer.indexOf(".externalsite.com") == -1) {
window.location.href = "http://mysite.com/accessdenied.php"
} else {
document.findElementById("myBody").style.display = "block";
}
要绕过整个如果你禁用JavaScript,这不会工作,你白痴困境,将 id =myBodystyle =display:none;
添加到你网页的< ; body>
tag:除非启用JavaScript并验证引用URL,否则不会显示该页面。另外,我不是白痴。
To get around the whole "if you disable JavaScript, this doesn't work, you idiot" dilemma, add id="myBody" style="display: none;"
to your page's <body>
tag: the page will not be displayed unless JavaScript is enabled and validates the referring URL. Also, I'm not an idiot.
有几种方法可以绕过这种方法:欺骗引用网址,使用FireBug删除显示:无
,查看页面的来源并在本地计算机上重新创建,等等。这种方法比安全功能更具威慑力。
There are several ways to bypass this method: spoof the referring url, use FireBug to remove display: none
, view the source of the page and recreate it on your local machine, etc. This method is more of a deterrent than a security feature.
这篇关于如何建立到我网站上页面的安全链接?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!