[英]Using PHP, how can I tell if a request originates on the hosting server?
Is there a reliable way, using PHP, to determine if a request comes from the same host that the PHP script is hosted on? 是否有使用PHP的可靠方法来确定请求是否来自托管PHP脚本的主机? In other words, is there a way to determine if the client and server computer are the same?
换句话说,有没有办法确定客户端计算机和服务器计算机是否相同?
您可以定义一个仅服务器知道的秘密令牌,您可以将其与请求一起发送。
Hmm, it sounds like a token mechanism that is commonly used to prevent CSRF (Cross-Site Request Forgery) might be a solution to your problem. 嗯,这听起来像是一种令牌机制,通常用于防止CSRF (跨站请求伪造)可能是您解决问题的方法。 This will allow you to be sure the request is coming from a source by comparing tokens, etc. Here are a couple links with more implementation details: here and here
通过比较令牌等,您可以确保请求来自某个源。这是带有更多实现详细信息的几个链接: 此处和此处
This is the sort of question where I think we should step back and ask why are you doing what you're doing? 我认为这是我们应该退后一步并问您为什么要做什么的问题?
Determining if the request came from the local machine by your stated method has problems, not hte least of which is virtual interfaces and multi-homing (meaning a machine can have many IP addresses and a server may be bound to only some of them). 用您确定的方法确定请求是否来自本地计算机时会遇到问题,其中最重要的是虚拟接口和多宿主(这意味着一台计算机可以有许多IP地址,而服务器可能只绑定到其中一些)。
If you're going to use a request coming locally as some kind of check for certain privileges, my advice is don't. 如果您打算使用本地发出的请求作为对某些特权的某种检查,那么我的建议是不要这样做。 yes someone can spoof IP address (but they won't get a reply) but that may still be sufficient.
是的,有人可以欺骗IP地址(但他们不会得到答复),但这仍然足够。
If what you're doing is creating some kind of admin page or site then my advice is bind that to localhost (127.0.0.1) and problem solved (pretty much). 如果您正在做的是创建某种管理页面或站点,那么我的建议是将其绑定到localhost(127.0.0.1)并解决问题(相当多)。
Also if the client and server are on the same machine and you're not doing some kind of special page or site then why do they need to communicate via the Website? 另外,如果客户端和服务器在同一台计算机上,而您没有在做某种特殊的页面或站点,那么为什么它们需要通过网站进行通信? You could just run scripts locally instead.
您可以只在本地运行脚本。
Basically it depends on the situation. 基本上,这取决于情况。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.