我可以重新发布或携带 POST 数据吗(如果可以,我可以通过重定向来实现吗?)
我想将用户重定向到另一个页面以填写验证码,但我想保留发布数据,并且如果验证码通过将其发送“返回”并完成上一页操作。
当/如果用户成功时,我想添加 captchaPass=true 并希望访问发布数据并继续处理。 现在我正在使用重定向,但 ATM 我不需要使用它。
是否可以携带post数据? 请记住,我可能用户访问多个页面,因此必须分离数据并且不要混淆。
一个想法是获取并保存验证码页面上的所有发布数据[1],然后使用此表单数据重新创建一个中间白页,并自动在上一页上发布新帖子。
这可以在没有哈希检查和安全问题的情况下工作吗?
没有这个白色重定向页面还有更好的主意吗?
[1]这里还有一个问题,如何通过重定向发送此发布的数据? 并且不要更改 url - 或使其太大而无法接受。 请记住,服务器传输可能不是个好主意,因为验证码回发的想法变得复杂。
更新 1
这里的基本思想是如何捕获页面的完整回发,显示不同的页面,然后将回发数据发送到原始的第一个页面。
原因是阻止不良用户或攻击者机器人程序试图通过在短时间内从不同页面进行多次回发来关闭页面/服务器。 所有这一切都在没有 JavaScript 的情况下发生,大多数攻击者使用定制程序,将数据一起发布到所有页面,试图瘫痪系统。
例如,如果一个页面有一个搜索框,那么对于大多数站点来说,通过开始使用通配符进行数百个随机搜索(称为使用 SQL 通配符的 Dos 攻击)并使 sql 服务器和计算机进行数百次随机搜索,很容易将其关闭花费他的时间和CPU来搜索和搜索思考。 因此,为了防止这样的攻击,您需要识别来自同一台计算机的多个回发,然后下一步是将他重定向到验证码页面以阻止他,以防这是一个计算机程序。
其他例如,很多页面都有电子邮件提交,很容易你可以提交他的电子邮件数百次并立即充满他的邮箱,数百封电子邮件,或者在商店一次又一次将所有商品放入购物车并填满他的邮箱数据库里有类似的东西。
所以 ajax 和 javascript 在这种情况下不起作用,我们需要一种方法在发布后将他重定向回一个页面,该页面可以检查是否是真实用户或攻击者并阻止他 - 但如果是真实用户则必须返回到他的正常动作。
更新2
这一切都必须以通用方式完成,例如在BasePage、或Global.asax 或独立于任何页面内容的某个地方。 因为我们试图防止 DoS 攻击,或者在任何随机页面的任何随机位置的任何地方多次提交。
是的,我知道如何在联系页面上放置验证码,但这不是这个问题最初提出的问题 - 这个问题询问如何将帖子数据传送到另一个页面,将它们保留在那里,然后将它们重新发送回原始页面一。
显而易见的解决方案是读取所有回发,并将它们保存在表单上,然后回读它们并仅使用该数据动态创建一个表单并进行回发。 在这里我想问一下除了这个解决方案还有没有其他更好的解决方案。
其他应用程序
还有一种情况,用户正在请求身份验证的页面内,但身份验证票证已过期,并且用户进行回发。 在这种情况下,我们需要将所有回发的数据保存在某处,以继续登录页面,并将它们重新发送回请求身份验证的第一页。
I want to redirect the user to another page to fill out a captcha but i would like to keep the post data, and if the captcha pass to send it 'back' and complete the previous page action.
When/if the user succeeds i like to add an captchaPass=true and would like access the post data and continue processing. Right now i am using redirects but ATM i am not required to use it.
Is it possible to carry the post data? keep in mind i may the user access multiple pages so separating data and not having a mixup is necessary.
One idea is to get and save all posted data [1] on the captcha page, and then recreate a middle white page with this form data and automatically make a new post to the previous page.
Can this work with out any issues with hash checks and security ?
Is there a better idea with out this white redirect page ?
[1] One other issue here, how to send this posted data with the redirect ? and not change the url - or make it too big to accept it. Keep in mine that a server transfer may not good idea because is complicate the thinks on captach post back.
Update 1
The basic idea here is how some one capture the full post back of a page, show a different one page and then send the post back data to the original first one.
The reason is to stop a bad user, or an attacker bot program that try to bring down the pages/server by making many post back from different pages in short time. All that happens with out javascript, and most attackers use custom made programs that just make post of data to all page together try to bring down the system.
For example, if a page have a search box, is very easy for most of the the site to bring them down by start making hundred of random search with wildcard (called and Dos Attacks using SQL wildcards) and make the sql server and the computer spend his time and cpu to search and search thinks. So to prevent an attack like this you need to recognize multiple post backs from the same computer, and then the next step is to redirect him to a captcha page to block him out in case that is a computer program.
Other example, many page have email submit, very easy you can submit hundred times the email of his and full his mail box in no time with hundred of emails, or on a store to place all items on the cart again and again and full the database with stuff like that.
So ajax and javascript is not working in this case, and we need a way to redirect him after the post back to a page that can check if is a real user or an attacker and stop him - but if is a real user must return back to his normal action.
Update 2
This all must be done in a general way, eg on BasePage, or on Global.asax or somewhere that is independed from the content of any page. Because we try to prevent a DoS attack, or multiple submit anywhere on any random place of any random page.
Yes I know how you can place a captcha on the contact page, but this is not what this question was first asked for - this questions asked how can carry post data to one different page, keep them there and then resend them back to the original one.
The obvious solution is to read all post back, and save them on the form, and then read them back and make on fly a form only with that data and make the post back. Here I am asking if there are any other better than this solution.
Other Applications
There is also the case that a user is inside a page that request authentication, but the authentication ticket has expired, and the user make post back. In this case we need to keep somewhere all the posted back data, to proceed with the login page, and resend them back to the first page that request the authentication.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
Server.Transfer与MultiViews、类似控件的面板适合您吗? 这样,就无需担心数据维护和回发。 您可以在 javascript 中进行验证。您可以将这两种功能保留在同一页面中,以避免将数据从一个页面移动到另一页面/将数据带回原始页面。 您可以利用
Session来执行此中间操作。 将其设置回跨回发的关联控件。 您可以创建一个类,实例化它并在该类对象中初始化控制值。 将类对象保存在Session中。 在回发时,您可以将值重新分配给关联的控件。 这肯定会让事情变得简单并且不会太复杂。疑问?
Server.TransferwithMultiViews, Panels like controlis fine with you? In this way, no need to bother about theData MaintenanceandPostbacks. You can do the validations in javascript.You can keep both functionality in the same page to avoid moving data from one page to another page/Bring the data back to original page. You can utilize
Sessionfor this intermediate operation. Set it back to associated controls across Postback. You can create aclass,Instantiateit andInitialize the control valuesin this class object. Save class object inSession. On Postback, You can reassign the values to theassociated controls. This will definitely keep the things simple and without much complexity.Doubts ?
当然,只需将表单数据写入隐藏元素中的验证码页面,并将附加验证码字段添加到表单中即可。 让您的提交操作将整个内容发布回原始状态。 使用 ASP.NET,将验证码写入同一页面并隐藏表单字段可能会更容易,但您可以按照我上面的描述进行跨页面回发。
Sure, just write the form data out to the captcha page in hidden elements with the additional captcha fields added to the form. Have your submit action post the whole thing back to the original. Using ASP.NET it's probably easier to have the captcha written to the same page with the form fields hidden, but you can do cross-page postbacks as I've described above.
跨页发布可能会对您有所帮助。
Cross Page Posting might help you.
为什么不使用 AJAX 来实现验证码? 在可能显示灯箱样式的 div 中使用 Javascript 加载验证码对象和表单,接受用户输入并将其发布到服务器进行验证,因此继续用户发布请求或将其保留在那里,直到他们得到正确的结果(或取消)。
更具体的情况示例:
为表单提交按钮提供某个 Javascript 函数的 onClientClick 值。 此函数决定此特定表单是否需要验证码。 如果确实如此,它会加载一个用于获取验证码的界面(您需要使用一些服务器端代码来完成此操作)并将验证码的输入元素插入到用户单击提交的表单中。
一旦用户输入验证码并单击某个按钮(其单击事件必然返回到您的第一个 JS 函数),Javascript 就会拦截此操作并发布完整的表单、原始表单中的所有数据以及用于验证的验证码。 您的服务器脚本现在可以立即处理所有这些!
这是我能想到的最好的解决方案,其工作原理与您所要求的方式类似,但我无法想象您为什么要在不同的页面上执行验证码。
Why not implement the CAPTCHA with AJAX? Load the captcha object and form with Javascript in a div perhaps displayed lightbox style, accept the user input and post it to your server for validation, hence continue with the users post request or keep them there until they get it right (or cancel).
A more specific situation example:
Give the form submittal button an onClientClick value of some Javascript function. This function decides if this particular form needs a CAPTCHA. If it does it loads an interface for taking the CAPTCHA (which you'd need to do with some server-side code) and inserts the CAPTCHA's input element to the form that the user clicked to submit.
Once the user has entered the CAPTCHA input and clicks some button whose click event is bound to return to your first JS function, the Javascript intercepts this action and posts the full form, all the data from the original form and the CAPTCHA for validation. Your server script can now process all this at once!
This is the best solution I can think of that works similar to how you've asked, but I can't imagine why you want to perform the CAPTCHA on a different page.