Stop Spoofed Form Submissions

后端未结

关注

 11  920

时光说笑 2020-12-21 13:21

I have a question about stopping spoofed form submissions. How about if by using the $_SERVER[\'HTTP_REFERER\'] I only allow submissions to my forms coming from

11条回答

情话喂你 (楼主)

2020-12-21 14:07
A suggestion would be to use a token. If you are using any of the popular MVC architectures, you do not need to worry as spoofing prevention is taken care of. But if you are on a custom MVC Architecture like myself, a token is an approach. In your Database class, for every CRUD(CREATE, READ, UPDATE AND DELETE) function, check for the token. e.g the token can be generated via md5.
```
public function save(){
if(isset($_SESSION['token']){
//proceed with saving
}else{
//kill it,
die;
}
}
```
Alternatively, you can easily integrate your web application with this Cross-Site Request Forgery protection kit. Check it out here
0 讨论(0)

查看其它11个回答
发布评论:

提交评论
- 加载中...