请教怎么判断请求是否由网站提交.安全有关问题
日期:2014-05-18 浏览次数:20591 次
请问如何判断请求是否由网站提交.安全问题
我想将一切由站外提交的请求全部拒绝.请问应该如何实现.所有请求只能通过网站里的超链接实现.禁外在本地构造一个form表单向网站提交数据.也有点想是防盗链接一样.一定要从网站的链接点击打开本网站的网页.
------解决方案--------------------
用
request.getHeader( "Rerferer ");
判断
------解决方案--------------------
login.asp
以下内容为程序代码:
……
<form action= "verify.asp " method= "post " name= "login ">
<input type= "hidden " name= "referer " value= " <%=Request.ServerVariables( "HTTP_REFERER ")%> ">
<input type= "hidden " name= "ser_name " value= " <%=Request.ServerVariables( "SERVER_NAME%> ">
用户名 <input type=text name=name value= " " maxlength= "20 ">
密码 <input type=password name=pwd value= " " maxlength= "20 ">
<input type=submit name=bt value= "确认 ">
<input type=reset name=bt value= "重置 ">
</form>
……
这里传递了2个参数referer,ser_name
verify.asp
以下内容为程序代码:
……
dim referer,ser_name
'取这2个参数
referer=Cstr(Request.ServerVariables( "HTTP_REFERER "))
ser_name=Cstr(Request.ServerVariables( "SERVER_NAME "))
'判断浏览器位置
if mid(referer,8,len(ser_name)) <> ser_name then
response.redirect "login.asp "
end if
……
jsp
out.println( "session.isNew(): "+session.isNew()+ " <br> ");
out.println( "session.getCreationTime(): "+session.getCreationTime()+ " <br> ");
out.println( "session.getId(): "+session.getId()+ " <br> ");
out.println( "request.getContextPath() "+request.getContextPath()+ " <br> ");
out.println( "request.getRemoteAddr() "+request.getRemoteAddr()+ " <br> ");
out.println( "request.getRemoteHost() "+request.getRemoteHost()+ " <br> ");
out.println( "request.getRemoteUser() "+request.getRemoteUser()+ " <br> ");
out.println( "request.getRequestURI() "+request.getRequestURI()+ " <br> ");
out.println( "request.getRequestURL() "+request.getRequestURL()+ " <br> ");
out.println( "request.getServerName() "+request.getServerName()+ " <br> ");
这样,如果你不是在该网站提交的数据,就不能够顺利登陆。
我想将一切由站外提交的请求全部拒绝.请问应该如何实现.所有请求只能通过网站里的超链接实现.禁外在本地构造一个form表单向网站提交数据.也有点想是防盗链接一样.一定要从网站的链接点击打开本网站的网页.
------解决方案--------------------
用
request.getHeader( "Rerferer ");
判断
------解决方案--------------------
login.asp
以下内容为程序代码:
……
<form action= "verify.asp " method= "post " name= "login ">
<input type= "hidden " name= "referer " value= " <%=Request.ServerVariables( "HTTP_REFERER ")%> ">
<input type= "hidden " name= "ser_name " value= " <%=Request.ServerVariables( "SERVER_NAME%> ">
用户名 <input type=text name=name value= " " maxlength= "20 ">
密码 <input type=password name=pwd value= " " maxlength= "20 ">
<input type=submit name=bt value= "确认 ">
<input type=reset name=bt value= "重置 ">
</form>
……
这里传递了2个参数referer,ser_name
verify.asp
以下内容为程序代码:
……
dim referer,ser_name
'取这2个参数
referer=Cstr(Request.ServerVariables( "HTTP_REFERER "))
ser_name=Cstr(Request.ServerVariables( "SERVER_NAME "))
'判断浏览器位置
if mid(referer,8,len(ser_name)) <> ser_name then
response.redirect "login.asp "
end if
……
jsp
out.println( "session.isNew(): "+session.isNew()+ " <br> ");
out.println( "session.getCreationTime(): "+session.getCreationTime()+ " <br> ");
out.println( "session.getId(): "+session.getId()+ " <br> ");
out.println( "request.getContextPath() "+request.getContextPath()+ " <br> ");
out.println( "request.getRemoteAddr() "+request.getRemoteAddr()+ " <br> ");
out.println( "request.getRemoteHost() "+request.getRemoteHost()+ " <br> ");
out.println( "request.getRemoteUser() "+request.getRemoteUser()+ " <br> ");
out.println( "request.getRequestURI() "+request.getRequestURI()+ " <br> ");
out.println( "request.getRequestURL() "+request.getRequestURL()+ " <br> ");
out.println( "request.getServerName() "+request.getServerName()+ " <br> ");
这样,如果你不是在该网站提交的数据,就不能够顺利登陆。
免责声明: 本文仅代表作者个人观点,与爱易网无关。其原创性以及文中陈述文字和内容未经本站证实,对本文以及其中全部或者部分内容、文字的真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
