使用 mysql 表中的凭据运行 javascript 脚本
[英]Using credentials from a mysql table to run javascript scripts
问题描述
I have a javascript that automatically creates form elements on the fly using createElement.
我有一个 javascript,它使用 createElement 自动动态创建表单元素。 One of the elements is a simple input form box that is disabled by default.其中一个元素是默认禁用的简单输入表单框。 Below I have code that will run through items (which is a counter that counts the number of rows of form elements I have created (I create 4 form elements, QTY, DESCRIPTION, PRICE, DISCOUNT) per row).下面我的代码将遍历项目(这是一个计数器,用于计算我创建的表单元素的行数(我每行创建 4 个表单元素,数量、描述、价格、折扣))。
function enablediscount(){
for (x = 1 ; x <= items; x++){
var discount = document.getElementById("discount"+x)
discount.disabled=false;
}
}
Now, I want to run the above code upon a check against users and passwords in a mysql table.现在,我想在检查 mysql 表中的用户和密码时运行上述代码。 (Basically a manager) (基本上是经理)
Basically, I want maybe a small popup window that will ask for a username and password of a manager to enable the discount field so the user (in this case, a cashier) can input the discount基本上,我可能想要一个小的弹出窗口 window 会要求管理员的用户名和密码以启用折扣字段,以便用户(在这种情况下为收银员)可以输入折扣
Any ideas?有任何想法吗?
1 个解决方案
解决方案1
3 2011-06-11 16:51:25
A sophisticated hacker would be able to look at your source code and simply enter the value of discount manually, for example, by typing javascript:document.getElementById("discount1").value = 500;一个老练的黑客将能够查看您的源代码并简单地手动输入折扣值,例如,通过键入 javascript:document.getElementById("discount1").value = 500; in their address bar.在他们的地址栏中。
What you need to do is have them already logged in by the time they reach this page, or have them log in and then apply any discounts that they have available on a step 2.您需要做的是让他们在到达此页面时已经登录,或者让他们登录然后应用他们在第 2 步中可用的任何折扣。
The current way you have suggested is easily bypassed.您建议的当前方式很容易绕过。 Any authentication and authorization needs to be done on the server side.任何身份验证和授权都需要在服务器端完成。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.