w3pop.com :: ÍøÂçѧԺ :: PHP :: PHP °²È«¼¼ÇÉÁ¬ÔØ #10[Òë]
- PHP
- php ÎÞÏÞ·ÖÀàµÄʵ..
- ³£ÓÃPHP´úÂë
- windowsÏ°²×°ÅäÖ..
- MySQLÊý¾Ý¿â½á¹¹º..
- PHPʵÏÖ IP Whois..
- PHP5 this,selfºÍ..
- PHP °²È«¼¼ÇÉÁ¬ÔØ..
- PHP °²È«¼¼ÇÉÁ¬ÔØ..
- PHP °²È«¼¼ÇÉÁ¬ÔØ..
- PHP °²È«¼¼ÇÉÁ¬ÔØ..
- PHP °²È«¼¼ÇÉÁ¬ÔØ..
- PHP °²È«¼¼ÇÉÁ¬ÔØ..
- PHP °²È«¼¼ÇÉÁ¬ÔØ..
- PHP °²È«¼¼ÇÉÁ¬ÔØ..
- PHP °²È«¼¼ÇÉÁ¬ÔØ..
- PHP °²È«¼¼ÇÉÁ¬ÔØ..
- PHP °²È«¼¼ÇÉÁ¬ÔØ..
- PHP error_report..
- PHP °²È«¼¼ÇÉÁ¬ÔØ..
- ʹÓÃPHP×öLinux/U..
PHP °²È«¼¼ÇÉÁ¬ÔØ #10[Òë]
×÷Õß:Cal Evans ·Òë/ÕûÀí:w3pop.com ·¢²¼:2007-07-26 ä¯ÀÀ:2728 ::
::
ÔÎijö´¦£ºhttp://devzone.zend.com/article/1815-PHP-Security-Tip-10
·Ò룺linyupark@w3pop.com
Even when doing everything correctly, it’s still possible to build PHP applications that are insecure. Security requires constant vigilance. One thing you always have to keep your eye on is any script or form that sends an email based on use input.
ÄÄÅÂÊÇÔÚ½¨Á¢PHP³ÌÐòʱÿÑù¹¤×÷¶¼×öµÄºÜµ½Î»»¹ÊÇÓпÉÄܳöÏÖ°²È«ÎÊÌâ¡£°²È«ÐèÒª×öµ½Ê±¿Ì¾¯¾õ¡£Óиö¶«Î÷ÊÇÐèÒªÄã±ØÐë×¢ÒâµÄ£¬ÄǾÍÊÇÈκλùÓÚ input ·¢ËÍÓʼþµÄ½Å±¾»òÊÇ±íµ¥
Many applications written in PHP use the built-in mail() function to respond to user input by triggering an email.
Óкܶà³ÌÐòͨ¹ýÄÚÖÃµÄ mail() º¯Êýͨ¹ý´¥·¢ÓʼþÀ´·´À¡¸øÓû§¡£
Do not blindly send mail using information entered into a form.
µ±Óõ½¸ø±íµ¥ÊäÈëÐÅÏ¢µÄʱºòÇ벻ҪäĿµÄʹÓ÷¢ËÍÓʼþ
As we’ve discussed in other tips on PHP security, you have to make sure you properly filter and validate your user input. If you do not properly filter your input, it becomes easy for someone to perform an email header injection and spam thousands of people before you’ll even notice.
ÕýÈçÎÒÃÇÔÚÆäËûPHP°²È«¼¼ÇÉÌÖÂÛµ½µÄÒ»Ñù¡£Äã±ØÐëÈ·±£ÄãÕýÈ·µÄ¹ýÂ˲¢¼ìÑé¹ýÄãÓû§µÄÊäÈëÐÅÏ¢¡£Èç¹ûûÓÐÄÇôÉõÖÁÔÚÄã²ì¾õ֮ǰ¶ÔÓÚijЩÈËÀ´ËµÖ´ÐÐÒ»¸öÓʼþ header ×¢Èë¸ø³ÉǧÉÏÍòµÄÈË·¢ËÍÀ¬»øÐÅÏ¢½«±äµÄ·Ç³£ÈÝÒס£
For further reading on email header injection, I recomend this page at securephpwiki.com.
ÒªÁ˽⵽ÓйØÓʼþ header ×¢ÈëÏà¹ØµÄÐÅÏ¢£¬ÎÒÍƼöÔÚsecurephpwiki.comÉ쵀 ÕâÒ³
ÆÀÂÛ (0)
All
