如何检测调用是否通过jQuery进行
[英]How to detect if the call is made through jQuery
问题描述
I use 
我用
$.post('ajax/test.php', function(data) { $('.result').html(data);});
to send data and retrieve information and show it to the user. 发送数据并检索信息并将其显示给用户。 But "hackers" can access my file (test.php) just typing it in URL. 但是,“黑客”仅在URL中键入即可访问我的文件(test.php)。 Is it possible to detect if the call is made from jQuery or not? 是否有可能检测调用是否来自jQuery?
2 个解决方案
解决方案1
6 已采纳 2011-12-10 00:03:19
Is it possible to detect if the call is made from jQuery or not?
Yes, but the same "hackers" can as easily fake a jQuery call. 是的,但是相同的“黑客”可以很容易地伪造jQuery调用。 There is no reliable way to detect whether a call was made from jQuery, or using other means. 没有可靠的方法来检测是从jQuery发出的呼叫,还是使用其他方式发出的消息。 Anybody can make a request to a resource. 任何人都可以请求资源。
If you have sensitive data on the web, you need to protect it using classical means like a user login, HTTP basic auth, or IP limitations - just like a normal web page. 如果网络上有敏感数据,则需要使用常规方式(例如用户登录,HTTP基本身份验证或IP限制)来保护它,就像普通网页一样。
解决方案2
0 2011-12-10 00:33:23
Check the referrer on the server side. 检查服务器端的引荐来源网址。 If not from your host, reject. 如果不是来自您的主机,请拒绝。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.