js根据php生成的js变量a=1表示有某种动作的权限，这样安全吗-PHP Tutorial-php.cn

Table of Contents

回复讨论(解决方案)

Home

Backend Development

PHP Tutorial

js根据php生成的js变量a=1表示有某种动作的权限，这样安全吗

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 23, 2016 pm 02:04 PM

js根据php生成的js变量a=1表示有某种动作的权限，这样安全吗？
比如ajax请求后台某种动作，得到php生成的js变量 var permission=1;
然后前台js根据这个permission去执行某种操作。

回复讨论(解决方案)

问题不大，如果担心有问题可以加一些验证。

js根据php生成的js变量a=1表示有有某种动作的权限，这样安全吗？
比如ajax请求后台某种动作，得到php生成的js变量 var permission=1;
然后前台js根据这个permission去执行某种操作。

                  ajax
                  权限

…… 你这样做问题不大，很多网站的注册就是通过ajax的方法来返回信息给页面的。
不过我还是建议在：有某种动作的权限的时候在动作做做权限判断，毕竟js验证在客户端，谁知道会有神马问题呢。

为什么不安全？
ajax 不能跨域，所以指令只能来自你自己的服务器
如果你连自己的服务器都不信任了，那还有什么搞头？

如果在页面伪造一个全局变量var permission=1;
那然后前台js根据这个permission去执行某种操作。

这样是否可行

是谁伪造呢？

如果在页面伪造一个全局变量var permission=1;
那然后前台js根据这个permission去执行某种操作。

是谁伪造呢？

引用 4 楼 nowphp 的回复:
如果在页面伪造一个全局变量var permission=1;
那然后前台js根据这个permission去执行某种操作。

我知识面比较少，也不知道前端的JS会不会被黑客改写，比如我var a = 'xx'; 他能不能将我的脚本代码强行改成 var a = 'yy'; 什么的，如果不能的话那么就只剩下黑客自己制作的页面提交JS变量了

但你上面提到AJAX无法跨域我就安心了，然而实际上我却百度到好多ajax跨域提交的相关文章，那请问是怎么回事呢？

可以这么做。
但"根据这个permission去执行某种操作"，这个也需做好权限判断。

毕竟js客户端可以修改。

加密解密...

涉及到安全问题的数据都要考虑这个问题.几乎任何时候我们都不要信任从客户端发送回来的数据.

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)

2 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

Repo: How To Revive Teammates

1 months ago By 尊渡假赌尊渡假赌尊渡假赌

Hello Kitty Island Adventure: How To Get Giant Seeds

4 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

How Long Does It Take To Beat Split Fiction?

3 weeks ago By DDD

R.E.P.O. Save File Location: Where Is It & How to Protect It?

4 weeks ago By DDD

Hot Tools

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Hot Topics

Where is the login entrance for gmail email?

7351

Java Tutorial

1628

CakePHP Tutorial

1353

Laravel Tutorial

1265

PHP Tutorial

1214

Related knowledge

11 Best PHP URL Shortener Scripts (Free and Premium) Mar 03, 2025 am 10:49 AM

Long URLs, often cluttered with keywords and tracking parameters, can deter visitors. A URL shortening script offers a solution, creating concise links ideal for social media and other platforms. These scripts are valuable for individual websites a

Working with Flash Session Data in Laravel Mar 12, 2025 pm 05:08 PM

Laravel simplifies handling temporary session data using its intuitive flash methods. This is perfect for displaying brief messages, alerts, or notifications within your application. Data persists only for the subsequent request by default: $request-

Build a React App With a Laravel Back End: Part 2, React Mar 04, 2025 am 09:33 AM

This is the second and final part of the series on building a React application with a Laravel back-end. In the first part of the series, we created a RESTful API using Laravel for a basic product-listing application. In this tutorial, we will be dev

Simplified HTTP Response Mocking in Laravel Tests Mar 12, 2025 pm 05:09 PM

Laravel provides concise HTTP response simulation syntax, simplifying HTTP interaction testing. This approach significantly reduces code redundancy while making your test simulation more intuitive. The basic implementation provides a variety of response type shortcuts: use Illuminate\Support\Facades\Http; Http::fake([ 'google.com' => 'Hello World', 'github.com' => ['foo' => 'bar'], 'forge.laravel.com' =>

cURL in PHP: How to Use the PHP cURL Extension in REST APIs Mar 14, 2025 am 11:42 AM

The PHP Client URL (cURL) extension is a powerful tool for developers, enabling seamless interaction with remote servers and REST APIs. By leveraging libcurl, a well-respected multi-protocol file transfer library, PHP cURL facilitates efficient execution of various network protocols, including HTTP, HTTPS, and FTP. This extension offers granular control over HTTP requests, supports multiple concurrent operations, and provides built-in security features.

12 Best PHP Chat Scripts on CodeCanyon Mar 13, 2025 pm 12:08 PM

Do you want to provide real-time, instant solutions to your customers' most pressing problems? Live chat lets you have real-time conversations with customers and resolve their problems instantly. It allows you to provide faster service to your custom

Announcement of 2025 PHP Situation Survey Mar 03, 2025 pm 04:20 PM

The 2025 PHP Landscape Survey investigates current PHP development trends. It explores framework usage, deployment methods, and challenges, aiming to provide insights for developers and businesses. The survey anticipates growth in modern PHP versio

Notifications in Laravel Mar 04, 2025 am 09:22 AM

In this article, we're going to explore the notification system in the Laravel web framework. The notification system in Laravel allows you to send notifications to users over different channels. Today, we'll discuss how you can send notifications ov

See all articles