PHP 多表单令牌
[英]PHP Multiple form tokens
问题描述
I am considering generating a unique form token and storing it in a session, and embedding it as a hidden input in my forms.
我正在考虑生成一个唯一的表单令牌并将其存储在会话中,并将其作为隐藏输入嵌入我的表单中。
Could I make this work for pages containing multiple forms, is it still safe to use the same token for each form?我可以对包含多个表单的页面进行这项工作,对每个表单使用相同的令牌是否仍然安全?
I'm looking to detect bot requests on my website, can these form tokens really safely replace CAPTCHAs?我希望在我的网站上检测机器人请求,这些表单令牌真的可以安全地替代 CAPTCHA 吗?
2 个解决方案
解决方案1
1 已采纳 2010-05-29 13:32:29
Nope, these tokens cannot replace captchas because these things serve different purposes.不,这些令牌不能代替验证码,因为这些东西用于不同的目的。
From your confusion with tokens and captchas I suppose that you don't really understand these tokens.从您对令牌和验证码的混淆来看,我想您并没有真正理解这些令牌。 Are you sure you need separate tokens for every form?您确定每个表单都需要单独的令牌吗? May be one token per session would be enough?每个会话一个令牌就足够了吗?
解决方案2
1 2010-05-29 22:47:43
It's absolutely fine to use the same token for all forms.对所有表单使用相同的标记绝对没问题。 Even on different pages.即使在不同的页面上。 It's OK to generate the token in the very beginning of your users session and stick with it.在用户会话的一开始就生成令牌并坚持使用它是可以的。 Also those tokens only protect you/your users from Cross-site request forgery.此外,这些令牌只能保护您/您的用户免受跨站点请求伪造。
For protection from bots you still need Captchas or something equal.为了免受机器人攻击,您仍然需要验证码或其他类似的东西。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.