How to prevent HTTP spoofing?

Question

How to prevent HTTP spoofing?

We created a database-based website using PHP with cookies installed, and now you need to prevent HTTP spoofing, any ideas on how to do this? we are beginners with this, so any help would be helpful

+5

php spoofing

Jermain Feb 21 '10 at 23:39

source share

5 answers

? HTTP - , , - .

, , , . cookie , , cookie.

:

, , , . cookie .

, , , . cookie , , . . , cookie.

: http://jaspan.com/improved_persistent_login_cookie_best_practice

+2

Derek H 21 . '10 23:41

man-in-the-middle , HTTPS, , , .

: . , cookie.

+2

Daniel Vassallo 21 . '10 23:46

? - cookie.

, , cookie HTTP-, IP-, . :

<?php
session_start();
$rec = db_query('select count(*), ip from session where session_id = "' . session_id() . '"');

list ($last_count, $last_ip) = $rec[0];

if (! $last_count) {
    # add it into the database
    db_query('insert into session (session_id, ip) values (' .
        '"' . session_id() . '", ' .
        '"' . $_SERVER['REMOTE_ADDR'] . '"' . 
    ')');
} else {
    if ($last_ip != $_SERVER['REMOTE_ADDR']) {
        print "user has stolen a cookie!";
    }
}
?>

, - IP-.

0

amphetamachine 21 . '10 23:54

, , , , . , .

Thus, if the session is hijacked, the hijacker should also be able to gain entry to the directory.

I use this technique to administer the forum. Some forums are easily hacked, and this reduces the likelihood of a hacker penetrating and causing serious problems.

DC

0

Developerchris Feb 22 '10 at 3:41

source share

Andrew Moore · Accepted Answer · 2010-02-21T23:48:02+0000

You cannot "spoof" HTTP requests. You send a request to the server, and the server responds accordingly.

I think what you are trying to prevent is the pushing of cookies. Given that cookies are stored on the client side, you can’t do anything to prevent users from changing their content.

cookie. .

PHP-. , , .

, :

session_id X , , id.
IP / User-Agent , . , .

, session_id , .

, . .

How to prevent HTTP spoofing?

More articles: