All geek questions in one place

Protecting a webpage without headings

I just read an article on tdwtf.com . Typically, he describes an archiver that destroys things because it ignores headers. Then I realized that I did not know how to make security on a page WITHOUT headings. So my question is:

What security measures can I use besides using headers?

I mainly develop in php, so I am familiar with the header ("Location:") function. But what else is there?

Ideally, I want to replace the logic

if (!$something_important) header("Location: somehereharmless.php");

with something else (more) safe?

+3
source share
8 answers

header: , . - .

- :

<?php
function redirect($url)
{
    header('Location: ' . $url);
    exit('<a href="' . $url . '">Redirecting you to: ' . $url . '</a>');
}

redirect('somepage.php');
?>

, , .

[]

, POST . GET (, <img src="http://www.example.org/action.php?do=SetAsAdmin&userid=MyUserId" />).

+4

if (!$something_important) {
  header("Location: somehereharmless.php");
  exit();
}

, , , ,

+7

,

Idempotent , , .

+2

, PHP script, , , , , , script, , . , :

if (user_is_authorized()) {
    // restricted code here
}


if (!user_is_authorized()) {
    // send headers or whatever if you want
    exit();
}
// restricted code here

, ... , , ... - , - , HTTP. - , , . , ( , ). , () HTTP- . ( , HTTP-, ), , , , .)

+2

, , exit; header();. , script .

+1
if (!$something_important) {
  header("Location: somehereharmless.php");
  //close all your db connections and other stuff you need to end..parhaps calling a function?
  die("If the redirect doesnt start in 3 seconds, please <a href=\"somehereharmless.php\">click here</a>");
}
+1

<?php
die($errormessage);

Die script, , , .

+1

. ( "" ), . .

if($foo && $bar)
{
    header("Location: somehereharmless.php");
}

if($foo && $baz)
{
    header("Location: someotherplace.php");
}

, 3 , someotherplace.php. (); (); ();

0

Source: https://habr.com/ru/post/1706098/

More articles:


All Articles