get

is putting token in URL secure to prevent CSRF attacks in PHP applications?

时光怂恿深爱的人放手 提交于 2019-12-06 04:36:09
问题 I want to use a token to prevent CSRF attacks on my website (written with PHP). I've used it in forms and it works well. But logout link is not a form; It is only a hyperlink. Is it secure if I put the token in the query string like this: <a href="logout.php?token=9ae328eea8a72172a2426131a6a41adb">Logout</a> If it has any problem, what is your suggestions and solutions ? 回答1: I think one of main disadvantages of using CSRF-token in GET requests is possibility of incompetent user to easily

PHP switch case $_GET's variables and switch case $_GET's variable's values

旧巷老猫 提交于 2019-12-06 04:06:21
Say I have an URL like www.mysite.com/index.php?login=0 . Is it possible to switch case $_GET's variables and switch case $_GET's variable's values? Something like: switch ($_GET) { case 'login' : switch($_GET['login']) { case '0' : echo 'Login failed!'; break; case '1' : echo 'Login successful.'; break; } break; case 'register' : switch ($_GET['register']) { case '0' : echo 'Registration failed!'; break; case '1' : echo 'Thank you for registering.'; break; } break; default : echo 'Some other message'; break; } I'm not sure if switch case can be used on associative arrays. What am I doing

Https request with XMLHttpRequest

旧街凉风 提交于 2019-12-06 03:31:31
问题 Im able to do Http requests (POST/GET) with XMLHttpRequest. I'm asking how to do requests with URLs like "https://www.gmail.com" I was trying something like this but the status code is 0 var http = new XMLHttpRequest(); var url = "https://www.gmail.com"; http.open("GET", url); http.onreadystatechange = function() {//Call a function when the state changes. if(http.readyState == 4 && http.status == 200) { //alert(http.responseText); print("ok") }else{ print("cannot connect") print("code:" +

Get class by its name in Delphi

房东的猫 提交于 2019-12-06 03:04:56
I would like to write a function that accepts a classname and results the corresponding TClass . I've noticed that, System.Classes.GetClass function doesn't works if the classname isn't registered. Example: if(GetClass('TButton') = nil) then ShowMessage('TButton not found!') else ShowMessage('TButton found!'); The previous code always shows: TButton not found! Is there something missing? You can get unregistered class used in Delphi application via extended RTTI. But you have to use fully qualified class name to find the class. TButton will not be enough, you have to search for Vcl.StdCtrls

Is validating $_GET id in database match secure enough?

戏子无情 提交于 2019-12-06 02:44:33
I have 2 pages on the website, one is index.php and index page list all posts that exist in database, and other page is post.php and post page display single post when clicked on specific post on index page. Now the code that i used to list all posts on index.php is: $postslist = mysqli_query($db, "SELECT * FROM posts"); while ($post = mysqli_fetch_array($postlist)) { echo '<a href="' .SITEURL.'/post.php?p='.$post['postid'].'>'.$post['title'].'</a>'; } And this works and i have all posts displayed on my index.php page and links link to post on post.php page. And on post.php page i have used

GET request with Java sockets

孤人 提交于 2019-12-06 02:28:47
问题 I am writing a simple program to send a get request to a specific url "http://badunetworks.com/about/". The request works if I send it to "http://badunetworks.com" but I need to send it to the about page. package badunetworks; import java.io.*; import java.net.*; public class GetRequest { public static void main(String[] args) throws Exception { GetRequest getReq = new GetRequest(); //Runs SendReq passing in the url and port from the command line getReq.SendReq("www.badunetworks.com/about/",

jQuery AJAX JSON response returns key “d”

痞子三分冷 提交于 2019-12-06 01:43:27
问题 When I make a jQuery AJAX JSON request, it responds with a "d" attribute. Why is this? 回答1: here a good article about it http://encosia.com/2009/06/29/never-worry-about-asp-net-ajaxs-d-again/ “.d” what? If you aren’t familiar with the “.d” I’m referring to, it is simply a security feature that Microsoft added in ASP.NET 3.5’s version of ASP.NET AJAX. By encapsulating the JSON response within a parent object, the framework helps protect against a particularly nasty XSS vulnerability. 回答2: If

AJAX .post async

廉价感情. 提交于 2019-12-06 01:39:18
What exactly does the following do: $.ajax({ type: "POST", async: false, vs $.ajax({ type: "POST", async: true, Meaning what is the difference in the behavior? From the jQuery site : By default, all requests are sent asynchronously (i.e. this is set to true by default). If you need synchronous requests, set this option to false. Cross-domain requests and dataType: "jsonp" requests do not support synchronous operation. Note that synchronous requests may temporarily lock the browser, disabling any actions while the request is active. That's all there is to it. If you need help on a specific

Send GET request with token using Java HttpUrlConnection

隐身守侯 提交于 2019-12-06 00:43:50
I have to work with RESTful web service which uses token-based authentication from Java application. I can successfully get token by this way: import java.io.BufferedReader; import java.io.InputStreamReader; import java.io.OutputStream; import java.net.HttpURLConnection; import java.net.URL; public void getHttpCon() throws Exception{ String POST_PARAMS = "grant_type=password&username=someusrname&password=somepswd&scope=profile"; URL obj = new URL("http://someIP/oauth/token"); HttpURLConnection con = (HttpURLConnection) obj.openConnection(); con.setRequestMethod("POST"); con.setRequestProperty(

ajax 'GET' call returns jsonp okay but callback produces 'undefined' data

北慕城南 提交于 2019-12-05 22:43:53
I'm accessing a cross-domain webservice utilizing an.ajax jquery call from an html page. While I can see the jsonp data using firebug, I am not able to load it into a variable or even display it (for debugging purposes). Attempts to retrieve data using the jsonpCallback, success and complete functions always result in 'undefined' / null data. Ultimately, I need to save the data to variables. Any assistance will be greatly appreciated! $.ajax({ data: { User: UserValue, GUID: GUIDValue }, cache: false, dataType: "jsonp", // tried json type: "GET", crossDomain: true, jsonp: false, // tried true