保护页面免受服务器外部的外部访问
[英]Protect a page from external access outside the server
问题描述
In a backend panel, in order to populate a datatable, I echo the records in a php page in format JSON, then I parse, format and populate the datatable with JS.
在后端面板中,为了填充数据表,我以 JSON 格式回显 php 页面中的记录,然后我解析、格式化并使用 JS 填充数据表。
The issue is, how do I prevent peoples from accessing that php page and leaking all the informations?问题是,如何防止人们访问 php 页面并泄露所有信息?
This is what my code look like:这是我的代码的样子:
var options = {
data: {
type: 'remote',
source: {
read: {
url: 'http://127.0.0.1/inc/phpscripts/printinfo.php',
},
},
pageSize: 10,
serverPaging: false,
serverFiltering: false,
serverSorting: false,
},
layout: {
scroll: false,
footer: false
},
sortable: true,
pagination: true,
columns: [{
field: 'id',
title: '#',
sortable: false,
width: 20,
selector: {
class: ''
},
textAlign: 'center',
}, {
field: 'name',
title: 'name',
}, {
field: 'surname',
title: 'surname',
}, {
field: 'address',
title: 'address',
}, {
field: 'phone',
title: 'phone',
},
}],
};
This is the code of the printinfo.php这是 printinfo.php 的代码
function datatable($userid){
global $conn;
$total = totalrows($userid);
$pagination = ceil($total/10);
echo '{
"meta": {
"page": 1,
"pages": '.$pagination.',
"perpage": 10,
"total": '.$total.',
"sort": "desc",
"field": "name"
},
"data":';
$rows = array();
$query = $conn->prepare('SELECT * FROM table WHERE id = ? ORDER BY name DESC');
$query->bind_param('i', $userid);
if (!$query->execute());
$res = $query->get_result();
$counter = 0;
//$rows = array();
while ($data = $res->fetch_assoc()) {
$rows[] = $data;
}
print json_encode($rows);
echo '}';
}
datatable(SESSION['id']);
While this is the display content of printinfo.php而这是printinfo.php的显示内容
{ "meta": { "page": 1, "pages": 1, "perpage": 10, "total": 4, "sort": "desc", "field": "level" }, "data":
[{"id":1,"name":"frank","surname":"blank","address":"st andrew","phone":"+1555484845"},
{"id":1,"name":"andrew","surname":"blank","address":"st paroli","phone":"+1555895685"}]}
It works fine, but I don't think this is secure at all.它工作正常,但我认为这根本不安全。
So, how would you approach it in order to secure the datas?那么,您将如何处理它以保护数据?
1 个解决方案
解决方案1
0 2021-06-09 01:14:27
You should build some authentication scheme, in order to validate the identity of user that fetches your data.您应该构建一些身份验证方案,以验证获取您数据的用户的身份。
A simple example (not secure at all, but shows the goal) - send some identification code as post request to that php script and validate it there.一个简单的示例(根本不安全,但显示了目标) - 将一些识别码作为发布请求发送到该 php 脚本并在那里验证它。
Better security can be achieved by creating a database with hashed or encrypted passwords and validating the user at sign in stage.通过使用散列或加密密码创建数据库并在登录阶段验证用户,可以实现更好的安全性。 After that validation, you can store some credentials on the server and check in your php script the identity.验证后,您可以在服务器上存储一些凭据,并在 php 脚本中检查身份。
Again, this is not so simple as described and should be done carefully.同样,这并不像描述的那么简单,应该小心完成。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.