您好,谢谢... 我正在研究一个项目,我需要澄清一些信息,以便以高度安全的方式在两个站点之间共享数据.目前,我正在使用Form Post共享数据.但是我考虑是否可以从site-2获取site-1会话数据,因为我认为使用会话更安全.我不知道如何在两个站点之间使用会话,但是我希望这里的人会知道.
Hi thanks in advance... I am Working on a Project, I need some clarification to share data between two sites in a high secure manner. Currently I am using Form Post to share data. But I think about if there is an option to get site-1 session-data from site-2, because I think using a session is more secure. I don't know how to use a sessions between two sites, but I hope someone here will know.
赞: 站点1编码
$_SESSION['customer_id'] = 'XYZ'; $_SESSION['total_amount'] = '100'; <a href=site2/do.php?session_id=<?=$_SESSION['session_id']?>>Click Here</a>do.php中的站点2代码
$session_id = $_REQUEST['session_id']; $shared_data = bla_bla_bla_function($session_id); $customer_id = $shared_data['customer_id']; $total_amount = $shared_data['total_amount'];或者除了表单发布外,还有什么方法可以在两个网站之间进行安全的数据共享,请告诉我. 谢谢 您的 Kaartikeyan R
or is there any way to do the secure data sharing between two website other than form post, please tell me. Thank you Yours, Kaartikeyan R
找到解决方案
我已通过CURL将客户ID和金额发送到第二个网站,为此在表中创建记录,并生成带有记录ID的加密ID,然后返回加密ID.
I have send the Customer ID and Amount via CURL to the Second Website, in that create a Record in Table for this and generate Encrypted ID with the Record ID, and return the encrypted ID.
因此,在第一个网站中,我获得了加密ID,并将其用于URL重定向到第二个网站.
So in the First website i get the Encrypted ID, and use it on URL redirection to Second website.
在具有加密ID的第二个网站上,我获得了客户ID和金额.
On the Second Website with the Encrypted ID i get the Customer ID and Amount.
推荐答案Urk.首先,永远不要:
$session_id = $_REQUEST['session_id'];这会导致我们称之为会话固定"的安全漏洞(更多信息: en.wikipedia/wiki/Session_fixation ).
This causes a security truck-hole we refer to as 'session fixation' ( read more: en.wikipedia/wiki/Session_fixation ).
看来您对安全性的要求很高.如果您需要从站点1到站点2共享数据,则应通过一个消费网桥进行操作:
It seems you're pretty heavy on security. If you need to share data from site 1 to site 2, you should do it through a single consumption bridge:
1).单击站点1上指向处理程序文件的链接,我们将其称为redir.php.
1). Click on a link on Site 1 to a handler file, let's call it redir.php.
2). Redir.php首先检查现有的会话数据.
2). Redir.php first checks the existing session data.
3). Redir.php将相关信息以及某种标识符(例如,用户ID的MD5哈希+'_'+当前时间)以及一个'consumed'标志写入数据库行中,设置为false.
3). Redir.php writes relevant info into a DB row, along with some sort of identifier (say, an MD5 hash of the user ID + '_'+ current time), plus a 'consumed' flag, set false.
4). Redir.php和标识符一起进行301重定向到站点2.
4). Redir.php does a 301 redirect to Site 2, along with the identifier.
5).站点2从数据库中读取相关行.
5). Site 2 reads the relevant row out of the DB.
6).如果数据良好并且尚未消耗",则返回成功并将数据标记为已使用.
6). If the data is good and has not yet been 'consumed', return a success and mark the data as consumed.
7).如果数据已被消耗,则抛出某种错误.
7). If the data has been consumed, throw some sort of error.
执行此操作的方法比较复杂,但是我认为这可以解决您要尝试执行的操作.
There are more complex ways of doing this, but I think this handles what you're trying to do.
更多推荐
两个网站之间的共享会话
发布评论