问题描述
我建立一个网站,到现在为止是纯PHP。我在想,既然很少有人不支持JavaScript(我不知道为什么!)也许我应该创建自己的网站因为没有任何AJAX完全PHP站点。我在想错了吗?
I am creating a website which until now is pure PHP. I was thinking that since very few people do not have JavaScript enabled (which I wonder why!) maybe I should create my website as a fully PHP site without any AJAX. Am I thinking wrong?
只是可以肯定,如果我实现一些AJAX会是增加我的网站得到破坏的风险?
Just to be sure, if I implement some AJAX would it increase the risk of my site getting breached?
我应该会担心这一点,并开始使用AJAX?
Should I be even worried about this and start using AJAX?
推荐答案
AJAX本身并不会增加或减少你的网站的安全性,至少在它的实现是复杂的。在客户端(浏览器)将已打开的JavaScript或关闭。如果它是打开的,也有可能是对的客户的一面更不安全,二这会不会影响到你的服务器,因此你的网站。
AJAX itself will not increase or decrease the security of your site, at least if its implementation is elaborate. The client (browser) will have turned JavaScript on or off. If it is turned on, there may be more insecurities on the client side, bis this won't affect your server and hence your site.
不过,你当然应该执行你的AJAX入口点安全地(即通过AJAX请求访问该服务器端文件)。两个大拇指,你应该记住的最重要的规则是:
Nevertheless, you should of course implement your AJAX entry points securely (this server side files that are accessed by AJAX requests). Two of the most important rules of thumb you should keep in mind are:
- 善待每一位用户输入(无论是通过AJAX进来与否)作为潜在的恶,因此彻底的验证,并利用数据库逃逸,...不依赖于客户端的验证而已!
- 在一个好的网站应该提供所有的JavaScript访问的可能性,也使离不开它。当然,这并不总是可能的,但至少应该尝试。
我会建议使用框架(这取决于后台技术,您正在使用,如PHP,Java和Perl中),支持AJAX,这将使整个事情,你要容易得多。此外,你也许应该寻找类似保护AJAX应用程序,以获取有关主题的详细信息。
I would suggest using a framework (depending on what background technology you are using, like PHP, Java, Perl) supporting AJAX, which will make the whole thing much easier for you. Also, you should maybe search for something like "securing AJAX applications" to get more detailed information on the topic.
这篇关于AJAX是否增加或减少安全?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!