我正在建造一个用户可以登录的新网站。 我看到三种可能的选择:
1,经典类型标识:
<form action="/login.php" method="POST">
</form>
提交年份改为<代码>login.php,如果成功,则予以确认和重新指示
2. ajax type login:
Same as above but do an ajax call instead and then the javascript redirects.
3. iframelogin:
1. 组合/开放式
这是什么最安全、最妥善的方法?
在我看来,备选方案1 &办法2应当使用员额,在你的法典中,你应当确保请求是员额。 如果你希望申请是多余的,那么你还应在其它届会上补充反对偷窃的逻辑,但这是对开发商和申请的优惠。 i 发现影响是邪恶,许多黑客利用 if果来 ha住用户账户。 开放是一种值得信赖的标志,正在得到更广泛的采纳,也是开放式版面。 i 知道它们使用iframe方法,但核查增加了一倍,而且i 相信需要https来执行这些类型的记录。
again all of this is just my opinion and mostly reliant on the developer s design and business needs/requirements of the application.
希望这将有助于:
I installed this instant messenger program called IM+ that keeps your accounts online even when you exit the application (you know... touch: only one app at a time) it accepts push deliveries to ...
I am trying to develop my login script to give feedback to the user if the login is valid or not. Basically if it isn t correct a div box will show saying its wrong, if its correct it will show its ...
Suppose I am writing a server for a particular network protocol. If I know that the client is running on a Windows machine, is it possible for my server to authenticate the Windows user that owns the ...
The infrastructure team wants to update the authentication protocol to NTLMv2 and Kerberos. Will this affect CRM 4.0 on-premise installation. What would need to be changed in order to use the ...
I m developing an ASP.NET MVC site that utilizes forms authentication for part of the application. During development, I need to be able to give external parties access to a development server hosting ...
If I have a type like: public class Context { public Context() { } public IQueryable<Record> Records { get { if (user == someone) //psuedocode ...
We recently attempted to add ip address validation to our website s login security. So in addition to having a cookie with valid credentials, we checked that your ip address on page request matched ...
While looking into forms authorizing/authentication, I found that it is possible to do role based authorizing by adding an array of roles to a FormsAuthenticationTicket. That way I can write User....