这是安全的做法吗?
首先是代码,然后是解释:
<?php
header("Content-Type: application/octet-stream");
header("Content-Disposition: attachment; filename=\"".$_POST['filename']."\"");
$key = md5(rand());
echo $key;
$key = str_repeat($key,ceil(strlen($_POST['data'])/32));
echo $_POST['data'] ^ $key;
?>
它的作用是允许我通过表单(动态生成)POST 数据并将发布的数据作为文件下载。
我使用非常基本的 XOR 加密,将(固定长度,32 字节)密钥放在文件的开头。其目的不是为了保护数据,而是为了混淆数据。
拥有这样的文件意味着可能任何人都可以向其发布他们想要的任何数据,并且它将作为下载提供到用户的计算机,但我相信用户必须接受下载,并且数据通过 XOR 传递使用一次性密钥,足以防止恶意使用。
我有什么理由不应该使用这样的文件吗?有比我正在做的更好的选择吗? application/octet-stream 是适当的 MIME 类型吗?
Code first, then an explanation:
<?php
header("Content-Type: application/octet-stream");
header("Content-Disposition: attachment; filename=\"".$_POST['filename']."\"");
$key = md5(rand());
echo $key;
$key = str_repeat($key,ceil(strlen($_POST['data'])/32));
echo $_POST['data'] ^ $key;
?>
What this does is allow me to POST data through a form (dynamically generated) and have the posted data be downloaded as a file.
I'm using a very basic XOR encryption that puts the (fixed-length, 32-byte) key at that start of the file. The intention is not to secure the data, but rather to obfuscate it.
Having such a file means that potentially anyone could POST whatever data they wanted to it and it would be offered as a download to the user's computer, but I believe a combination of the user having to accept the download, and the data being passed through XOR with a one-time key, is enough to prevent malicious use.
Is there any reason why I should not use such a file? Are there better alternatives to what I'm doing? Is application/octet-stream the appropriate MIME-type?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
从用户的角度来看,它是完全安全的 - 因为用户伤害自己是没有意义的,并且 POST 不能通过潜在的恶意 url 或重定向来传递。即使可以,也只有一个脚本返回要下载的文件。根据定义,这不会伤害任何人。
但您应该记住,在将其发送给用户之后,如果您接受数据以进行反混淆并以某种方式使用,则您永远不能信任该数据。
只要您返回二进制数据 - 是的,它是适当的
It is completely safe from user's perspective - because it makes no sense for user to harm itself and POST cannot be passed by potentially malicious url or redirect. And even if it could - there is just a script that returns a file to download. This cannot harm anyone by definition.
But you should keep in mind that after you sent it to user - you can never trust the data in case that you accept the data to deobfuscate and use in some way.
As long as you return binary data - yes, it is appropriate