从跨站点发布请求中识别用户
[英]identify the user from cross-site post request
问题描述
In my app, I will provide my client a javascript plugin, which will collect some HTML data and send to my server. 
在我的应用程序中,我将为我的客户端提供一个JavaScript插件,该插件将收集一些HTML数据并将其发送到我的服务器。 I wonder what's the best way to identify my client. 我想知道识别客户的最佳方法是什么。 Say someone copied the javascript and put into his website. 假设有人复制了javascript并将其放到他的网站中。 A similar case is the live chat plugin. 类似的情况是实时聊天插件。
1 个解决方案
解决方案1
0 已采纳 2011-11-17 13:05:46
Really your questions it is not very clear to me. 真的,您的问题对我来说不是很清楚。 I am monitoring it from the beginning, so as no one answers I can say the following: 我从一开始就对其进行监视,因此没有人可以回答以下问题:
1.- If your javascript plugin is to plug in websites, as a jquery plugin, then you don't be sure about nothing because the code can easily be modified to remove any security procedure. 1.-如果您的JavaScript插件是作为jquery插件插入网站的,则您不确定什么,因为可以轻松地修改代码以删除任何安全性程序。
2.- If your javascript plugin is to plug in browsers, as a FF addon. 2.-如果您的JavaScript插件是要插入浏览器的,则为FF插件。 Well, indeed can be modified too, but in the most of cases you can track simply with cookies or a login procedure. 好吧,的确可以修改,但是在大多数情况下,您可以使用Cookie或登录过程进行简单跟踪。
Said that I think that if the case is the first (plug in websites) you could identify the websites asking for a authentication token stored in the server's website (requested by AJAX) and add it to the HTML data that is send to your server. 据说,我认为如果是第一种情况(插入网站),则可以标识要求存储在服务器网站中的身份验证令牌的网站(由AJAX请求),并将其添加到发送到服务器的HTML数据中。
Hopefully you can understand my Emglizch :) and do not say pure garbage. 希望您能理解我的Emglizch :)并且不要说纯垃圾。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.