PHP中的编码和解码算法
[英]encoding and decoding algorithms in php
问题描述
Is is a bad practice to show database values in get method for security point of view? 
从安全角度来看,在get方法中显示数据库值是一种不好的做法吗? for example:- 'http://example.com/user/id/10' where 10 takes value from database. 例如:-'http://example.com/user/id/10',其中10从数据库中获取值。
Please can anyone suggest me a standard encoding and decoding algorithms that takes two parameter (both for encoding and decoding) so that one can be stored as a variable in php file(or in database) and the other parameter being a string to be encoded or decoded. 请任何人向我建议一种标准的编码和解码算法,该算法需要两个参数(用于编码和解码),以便一个可以作为变量存储在php文件(或数据库)中,另一个可以作为要编码的字符串或解码。
Thank you in advance 先感谢您
2 个解决方案
解决方案1
0 已采纳 2010-11-26 07:24:38
I would answer the first part of your question: 我会回答您问题的第一部分:
Is is a bad practice to show database values in get method for security point of view?
Not really, it depends on what the 'page' is doing with the id/10. 并非如此,这取决于“页面”对id / 10的作用。 If you are simply displaying user information (profile), what is the harm? 如果仅显示用户信息(配置文件),会有什么危害? However if you want to mask your URLs that is all up to you. 但是,如果您想屏蔽自己的URL,那完全取决于您。 I have seen masking using encryption, however I'm curious why you think the URL will be 'harmful' ? 我已经看到使用加密进行屏蔽,但是我很好奇您为什么认为URL会“有害”? Do you just not want a user to see id = 10? 您是否只是不想让用户看到id = 10? I would focus on making my php/sql query on that page secure rather than add additional overhead for encrypting something that is harmless (from my point of view). 我将重点放在使该页面上的php / sql查询更安全,而不是增加额外的开销来加密无害的内容(从我的角度来看)。
EDIT: 编辑:
For simplicity sake, you could utilize the php function base64_encode and decode: http://us.php.net/manual/en/function.base64-encode.php 为简单起见,您可以利用php函数base64_encode并解码: http : //us.php.net/manual/en/function.base64-encode.php
That should give you enough. 那应该给你足够的。 But I really would think about WHY you want to hide it in the first place, generally 'easy to read' urls are always a bonus, especially when it comes to search engine optimization. 但是我真的会想到为什么要首先将其隐藏,通常“易于阅读”的URL总是有好处的,尤其是在搜索引擎优化方面。
解决方案2
0 2010-11-26 07:31:39
The only risk is if you don't have your site permissions security setup correctly. 唯一的风险是,如果您没有正确设置网站权限安全性。 Matching your data by database id is fine, it's just easy to understand. 按数据库ID匹配数据很好,这很容易理解。 If someone wants to crawl all your data all they have to do is increment the url. 如果有人想抓取您的所有数据,他们要做的就是增加url。
If you don't want people to be able to access certain "ids" just make sure they have the proper login credentials to see that page. 如果您不希望人们能够访问某些“ id”,只需确保他们具有正确的登录凭据即可查看该页面。
Now if you want to encrypt/decrypt easily, look into using md5 hashes: http://php.net/manual/en/function.md5.php 现在,如果您想轻松地进行加密/解密,请研究使用md5散列: http : //php.net/manual/zh/function.md5.php
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.