一聚教程网:一个值得你收藏的教程网站

热门教程

php防止伪造跨站请求实现程序

时间:2022-06-24 15:55:07 编辑:袖梨 来源:一聚教程网

浏览器的安全缺陷

现在的Web应用程序几乎都是使用Cookie来识别用户身份以及保存会话状态,但是所有的浏览器在最初加入Cookie功能时并没有考虑安全因素,从 WEB页面产生的文件请求都会带上COOKIE,如下图所示,Web页面中的一个正常的图片所产生的请求也会带上COOKIE:


GET http://website.com/log.jpg

Cookie: session_id

客户端 ——————————————————-服务器

咱们按照这个思路,山寨一个crumb的实现,代码如下:

 

 代码如下 复制代码
class Crumb {                                                                                                                                                                                                          
    CONST SALT = "your-secret-salt";                                                        
                                                                
    static $ttl = 7200;                                                                                          
                                                                                                     
    static public function challenge($data) {                                                                    
        return hash_hmac('md5', $data, self::SALT);                                                              
    }                                                                                                            
                                                                                                                 
    static public function issueCrumb($uid, $action = -1) {                                                      
        $i = ceil(time() / self::$ttl);                                                                          
        return substr(self::challenge($i . $action . $uid), -12, 10);                                            
    }                                                                                                            
                                                                                                                 
    static public function verifyCrumb($uid, $crumb, $action = -1) {                                             
        $i = ceil(time() / self::$ttl);                                                                          
                                                                                                                 
        if(substr(self::challenge($i . $action . $uid), -12, 10) == $crumb ||                                    
            substr(self::challenge(($i - 1) . $action . $uid), -12, 10) == $crumb)                               
            return true;                                                                                         
                                                                                                                 
        return false;                                                                                            
    }                                                                                                            
                                                                                                                 
}

代码中的$uid表示用户唯一标识,而$ttl表示这个随机串的有效时间。

应用示例

在表单中插入一个隐藏的随机串crumb

 代码如下 复制代码





处理表单 demo.php
对crumb进行检查

 代码如下 复制代码

if(Crumb::verifyCrumb($uid, $_POST['crumb'])) {
    //按照正常流程处理表单
} else {
    //crumb校验失败,错误提示流程
}

注意:

CSRF攻击和相关web蠕虫的爆发,并且针对这类web攻击制定有效的应急措施。同建议程序员不要滥用$_REQUEST类变量,在必要的情况下给某些敏感的操作加上水印,考虑使用类似DISCUZ论坛的formhash技术提高黑客预测请求参数的难度,注意JSON数据接口的安全问题等

热门栏目