我正在开发一个网络应用程序,该软件将设在一个“因特网”而不是局域网的服务器上。
该信相当一部分是AJAX电话,约有12个Ajax助手档案用于这些功能。
我的问题是,不要要求这里的任何人撰写关于阿富汗复兴共和与民主军安全的教学材料,任何人都知道能够帮助我获得这些档案的任何良好资源(网站、书籍,不管怎样)。
现在,只要你知道其寻找你时的变称,就可以自由从数据库获取数据。
I was thinking maybe session validation, or something along those lines for the logged in user.
如果你拥有任何良好的资源,我就亲自做家务。
增 编
宇宙航空研究开发机构电话一般用于上网服务,这是你在这里使用网络服务的情况。 如果是这样的话,那么你需要关注的是你用你使用的服务器边描述语言提供的安保层(如你按照你的问答器使用购买力平价)。
The same way that you do authentication and protection for other pages on your site that aren t accessed via AJAX calls you can implement for your web services. For instance, if you require authentication for your application then you can store the user s ID in $_SESSION. From there you can check to make sure the user is logged in via $_SESSION whenever one of your web services is requested.
我经常看到美国宇宙航空研究开发机构呼吁检查<代码>X-RE RequestSTED-WITH。 HTTP头盔是“核实”这一请求源自日本宇宙航空研究开发机构。 视你如何重新发送自动协调机制电话(XmlHttpRequest或联合材料图书馆)而定,你可以使用该负责人的标准价值,或将其设定为惯例价值。 这样,你就可以在菲律宾皇家警察部队中采取类似做法,检查是否要求该网页与日本宇宙航空研究开发机构联系:
http://davidwalsh.name/detect-ajax
if( !empty($_SERVER[ HTTP_X_REQUESTED_WITH ]) &&
strtolower($_SERVER[ HTTP_X_REQUESTED_WITH ]) == xmlhttprequest )
必须指出,由于它是一个吉大港定居地的头目,它可能受到骗局,因此绝不是完全不受干扰的。
https://rads.stackoverflow.com/amzn/click/com/0596529317“rel=“nofollow noreferer” 职称=“Securing Ajax Applications: 确保动态网络的安全” Securing Ajax Applications: 确保动态网站的安全
然而,一种非常简单的方法是使用具有私人钥匙的MD5。 e.g. USER_NAME+PRIVATE_KEY。 如果你知道网站/博客上的用户名称,你可以提供5千兆瓦字塔变数中的关键数字。 然后,简单地将用户名称传递给你们的美国宇宙航空研究开发机构的请求,而阿拉伯遥感技术局只能使用同样的私人钥匙加上用户名称,并对两轮 has进行比较。 你只是寄出一根 has子,然后是用户名称。 它简单而有效。 除非你有简单的私人钥匙,否则几乎不可能逆转。
因此,在您的解说中,你可能会有这一套:
var user= username ;
var hash= 925c35bae29a5d18124ead6fd0771756
然后,当你发出请求时,你会发出这样的要求:
myService.php?user=username&hash=925c35bae29a5d18124ead6fd0771756&morerequests=goodthings
When you check it, in the service you would do something like this
<?php
if(md5($_REQUEST[ user ]."_privatekey")==$_REQUEST[ hash ]){
echo passed validation ;
}else{
echo sorry charlie ;
}?>
Obviously you would need to use PHP or something else to generate the hash with the private key, but I think you get the general idea. _privatekey should be something complex in the event you do have a troll that tries to hack it.
I am trying to develop my login script to give feedback to the user if the login is valid or not. Basically if it isn t correct a div box will show saying its wrong, if its correct it will show its ...
I m trying to find a reusable way to set focus from one text box to another upon enter using ASP.NET, but using client-side JavaScript to do so. The only reason I mention this is to be done in ASP....
I have some Javascript JQuery code that does an Ajax call to the server every 5 mins, it s to keep the server session alive and keep the user logged in. I m using $.ajax() method in JQuery. This ...
Why are my AJAX requests failing? I have a website www.foo.com, and I m running Tomcat on the same server, www.foo.com:8080/services. However, when a file on foo.com makes an ajax call as such: $....
I want to know if there are existing technology that make your 3d models in sketch into virtual tours, using either Ajax or Flash for web presentation. If there s none, which will be a good approach ...
I have a entry form. Below it, I want to show a grid containing existing records. As the user clicks on a row of the grid, the values must get filled in the fields of the form above. Is there any way ...
I have asp.net application where i have a div which showing the value from other site. The value of that site is changing continuously. I want that my div will automatically update in some interval ...
Ok, I m stumped. Basically, this script works fine in FF, but not in IE (6,7 or 8) - in which it returns an "Object doesn t support this property or method" error. Any ideas?: function ...