PHP 5 - 保护站点管理区域的安全
我目前正在使用 Kohana 作为框架编写几个 MVC 站点。每个都有一个简单的管理区域,管理员可以在其中上传和编辑内容。我目前正在会话中存储管理员的用户模型,并使用以下方法检查他们是否是管理员:
private function checkAdmin()
{
if (!isset($_SESSION['admin']) || $_SESSION['admin']->Level !== 'admin')
{
header('Location: /admin');
exit;
}
}
我在所有其他管理控制器方法中调用此方法,如下所示:
public function writeReview()
{
$this->checkAdmin();
// rest of the method
}
我只是想知道是否有我可以做任何事情来改善这一点。这似乎只是一个单点故障,让我闻到了难闻的味道,所以在解决这个问题之前我有点厌倦继续前进。
I'm currently writing a couple of MVC sites using Kohana as my framework. Each has a simple admin area where the admin can upload and edit content. I'm currently storing the admin's user model in a session and checking whether or not they're an administrator with the following method:
private function checkAdmin()
{
if (!isset($_SESSION['admin']) || $_SESSION['admin']->Level !== 'admin')
{
header('Location: /admin');
exit;
}
}
I call this method in all of the other Admin controller methods, like so:
public function writeReview()
{
$this->checkAdmin();
// rest of the method
}
I'm just wondering if there's anything I can do to improve this. It just seems like a single point of failure that's giving me a bad smell, so I'm a bit weary to move on before getting this nailed down.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
如果这是 Kohana 版本 2.x,我会移动 $this->checkAdmin();进入控制器的构造函数。如果这是版本 3.x,我会将其放在 before() 方法中。这将确保每条路线都受到保护。
If this is Kohana version 2.x, I would move the $this->checkAdmin(); into the constructor of your controller. If this is version 3.x, I would put it in the before() method. This will ensure that every route will be protected.
仅当用户不是管理员时,您的函数才会重定向到
/admin。如果这是预期的结果,那就没问题了。-- 忘记这个,我的错误。
checkAdmin()函数依赖于重定向,因此仅在您想要重定向的情况下才有用。例如,如果您在处理脚本中使用它(并且您应该在处理脚本中检查它是否是管理员),您只需要返回 true 或返回 false。我建议将其作为基本函数,并调用一个重定向函数,或者替代地,接受和可选参数进行重定向。Your function appears to be redirecting to
/adminonly if the user is not an administrator. If that's the intended result, then fine.-- Forget this, my mistake.
The
checkAdmin()function, as it relies on a redirect, is only useful in situations where you want to redirect. If, for example, you are using this in the processing script (and you should be checking if it's an administrator in the processing script), you just want a return true or return false. I suggest that be the base function, and a redirect function call that, or alternative, accept and optional parameter to redirect.如果您想让用户很好地共享他们的登录信息,但否则生成每个会话/登录密钥并将其存储在数据库中将会进一步锁定事物。这样,如果有人使用您的密码登录,您将被踢出并立即知道它已被泄露。
其他要做的基本事情 - 存储上次登录的日期、IP ......此类内容。这不只是一件事情,而是很多事情! :)
If you want to let users share their logins fine, but otherwise generating a per session/login key and storing it in the DB will lock things down even further. This way, if someone logs in with your password, you'll get kicked out and instantly know that it's been compromised.
Other basic things to do - store dates of last login, IPs.. this kind of stuff. It's not just one single thing, but lots! :)