-3

我有一个表格,其中有两个隐藏字段。我想保护隐藏字段中的数据,以便没有人可以通过页面源看到它并触发错误。我已经使用过会话并且它正在工作,但我不能使用它。我需要替代它请帮忙。

<form name="android" method="post" action="http://apps.createcoolapps.com/c2dm_send.ashx" target="_blank" onSubmit="return valid();">
<table align="center">  
<?php $qry_id=mysql_query("select * from users where u_name='$_SESSION[u_name]'");
                    while($id_fetch=mysql_fetch_assoc($qry_id)){
            ?>

      <input type="hidden" name="publisherid" value="createcoolapps" />
<input type="hidden" name="username" value="<?php echo $query_id[manager_uname];?>" />
<input type="hidden" name="pass" value="<?php echo $query_id[manager_pass];?>" />
    <tr align="center">
    <td style="width: 100px; font-family: Helvetica,Arial,sans-serif; font-weight: bold;">Select Appid:<br>
      <select name="appid" style="border-style:hidden">
    <option value="">Select any one</option>
    <option value="QRScanner">app1</option>
    <option value="app3">app3</option>
    <option value="app4">app4</option>
    </select>
    </tr> 
    <tr align="center">
    <td style="width: 100px; font-family: Helvetica,Arial,sans-serif; font-weight: bold;">Notification Message:<br>
      <textarea name="pushmessage" style="width: 300px;"></textarea><br />
    </tr>
    <?php }?>
4

2 回答 2

3

This is not possible. Firebug just reads the DOM in it's actual state, so even if it's added in a later stage, it can still be retrieved.

This way of security is called Security through obscurity and is a kind of non-security. You would have to solve it another way, like letting the server do the request in stead.

You let the user submit the form to the server. Then with curl, you make the call to the webservice with the correct user code.

For further info Best way to hide a form input field from being accessed using firebug?

于 2013-04-20T07:17:23.500 回答
0

隐藏字段和安全?不可能。会话和服务器端代码是安全的。您可以进行加密和解密。但这可能会被打破。使用带有会话的数据库来处理数据。

于 2013-04-20T07:14:52.507 回答