jQuery $.post 关注
众所周知,jQuery 的 $.post 函数非常棒,但我遇到的问题是,查看页面源代码的人可以查看数据的去向,从而移动前往该页面进行窥探,或者,上帝禁止找到保存所有内容的文件夹。所以我的问题是,谁知道如何隐藏该信息,或者保护该信息的最佳方法,无论采用什么方法,以确保漏洞得到修复。你们提供什么解决方案?
As you all know, the $.post function for jQuery is quite awesome, but the problem I have with that is the person who views the source of the page can view where the data is going, thus moving towards that page to snoop around, or, God forbid find the folder where everything is kept. So my question is, who knows how to hide that, or, the best way to protect that information, no matter what the way is, to make sure that vulnerability is fixed. What solution do you offer?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您需要做的第一件事是安装tamperdata。运行该软件后,您会立即意识到用户可以看到浏览器发出的每个http请求,并且可以修改浏览器发出的每个http请求。
让我说得很清楚:如果您的安全系统依赖于模糊流量,那么您的系统非常不安全。
The very first thing you need to do is install tamperdata. Immediately after running this software you'll realize that the user can see every single http request the browser makes and can modify every single http request the browser makes.
Let me be crystal clear: If you're secuirty system relies on obscuring traffic then your system is very insecure.
无论您使用 jQuery post/get 方法还是您自己创建的方法都没关系。使用 Ajax 从客户端向服务器发送和接收数据将使用户能够轻松查看数据的去向。这就是为什么最佳实践是仅从服务器端保护所有内容。确保研究安全的 PHP 编程策略,这确实是您在使用 Ajax 时所能要求的。
It doesnt matter whether you use the jQuery post/get methods or your own created ones. Using Ajax to send and receive data from client to server will easily enable the user to see where its going. That is why the best practice is to just secure everything from the server side. Make sure to research secure PHP programming tactics, that is really all you can ask for when using Ajax.