Is there a way to prevent the editing of HTML and CSS contents in a page using Firebug-like tools?

有没有办法阻止使用类似Firebug的工具在页面中编辑HTML和CSS内容?

I found that some users are editing some values in hidden fields and some contents which written between a div or span tag for gaining some profits. They are doing mostly by editing with help of tools like firebug. Is there any way to identify such modifications? The problem here is that the values they are editing is generated when the page is compiled. The page is developed in PHP. The editing is done mostly in between the and tags.

我发现有些用户正在编辑隐藏字段中的某些值以及在div或span标记之间写入的一些内容以获得一些利润。他们主要通过使用像firebug这样的工具进行编辑来完成。有没有办法确定这样的修改?这里的问题是它们正在编辑的值是在编译页面时生成的。该页面是用PHP开发的。编辑主要在和标签之间进行。

Thanks in advance for the help.

先谢谢您的帮助。

1 个解决方案

#1

9

There is no way to prevent users from changing the information that is submitted from their browser to your server. You do not have control over their browser.

无法阻止用户将从浏览器提交的信息更改为您的服务器。您无法控制其浏览器。

To fix this problem, you must change the design of your server application so that sensitive information that users should not modify, is not sent to the browser and submitted back to you.

要解决此问题,您必须更改服务器应用程序的设计,以便用户不应修改的敏感信息不会发送到浏览器并提交给您。

The following is a simple example. Suppose you have an online store and are implementing an "Order" button. Suppose you have a form like this:

以下是一个简单的例子。假设您有一个在线商店并正在实施“订单”按钮。假设你有一个这样的表格:

<form action="/order">
    <input type="hidden" name="description" value="Better Mousetrap">
    <input type="hidden" name="price" value="15.00">
    <input type="submit">
</form>

If you have a form like the above, the user could change the price value to whatever they want when submitting the form. That is probably not what you want. Instead, you could do something like:

如果您有上述表单,则用户可以在提交表单时将价格值更改为他们想要的任何值。那可能不是你想要的。相反,你可以这样做:

<form action="/order">
    <input type="hidden" name="item_id" value="1234">
    <input type="submit">
</form>

Then, when this form is submitted, you look up item_id number 1234 in your database, and get the price from that. The only thing the user could change in this case is the item_id, which means they would get a different item than what they wanted.

然后,在提交此表单时,您在数据库中查找item_id编号1234,并从中获取价格。在这种情况下,用户唯一可以改变的是item_id,这意味着他们将获得与他们想要的不同的项目。

更多相关文章

  1. 根据用户时区显示当地时间 php+javascript
  2. Google Maps API v3:如何设置缩放级别和地图中心到用户提交的位置
  3. 在提交表单之前确定重复值
  4. 选择无线电输入时,无法提交带有JavaScript功能的表单
  5. 从列表单击功能获取列表项的值
  6. Ajax的实用技术——用户的注意力从页面的其他区域到转移选择的图
  7. 在单页中使用ajax和php上传多个表单数据
  8. JavaScript表单验证和正则表达式
  9. 阻止用户在表单字段中输入

随机推荐

  1. Mainfest
  2. Android(安卓)分享功能的实现
  3. android 五种Log的意思
  4. Android电话拨号器
  5. arcgis for android 离线切片加载与geoda
  6. Android:如何实现例如iOS的listview 的弹
  7. [Android] 启动无线与网络设置的Action__
  8. 2011.12.06——— android 带边框的Image
  9. Android 默认把触摸屏show touches打开
  10. Android 9.0 (P版本) SystemServer中的服