如何保护用户页面免受暴力攻击(How can I protect user pages from brute-force attack)
我想获得关于以下内容的建议:
我使用jsp在Tomcat上进行 网络应用程序 ,在这里用户输入登录名和密码后(两者都是自动定义的,在帐户创建后不会更改)能够进入他们的个人页面。
我想使用服务器上的ArrayList和用户的登录ID对用户帐户进行一些保护,其中一些登录ID的登录成功次数将保持不变(一段时间后线程创建量值为零)。
如果金额大于某个定义值 - 阻止登录(直到清除金额)并发送给用户电子邮件链接,在服务器内部单击将内部值设置为0后, 我会研究这个,但是我的问题是关于这种方法是否正确,以及这样的
ArrayList
将满足需求:List<User> users = Collections.synchronizedList(userList);
并使用同步
set
和get
方法访问它。
其目的是为了抵御暴力攻击 (手动或者甚至是服务器驱动)。有没有办法防范访问攻击(在短时间内进行许多登录尝试)?
提前致谢。
I'd like to get your advice about following:
I have web-application on Tomcat using jsp, where users after entering their login and password (both are defined automatically and not changed after account creation) are able to enter their personal page.
I want to make some protection for user accounts using ArrayList on server with users' login ids, where amount of not successful logins for some login ids will be hold (there will be thread making amount value zero after some time period).
In case amount is bigger than some defined value - block login (until amount cleaned) and send to user email link, after clicking on which amount value will be set to 0 internally in server. I will work on that, but my question is about if this approach is correct one and such
ArrayList
will satisfy needs:List<User> users = Collections.synchronizedList(userList);
and access it using synchronized
set
andget
methods.
The aim is to get protection against brute-force attacks (manual or maybe even server driven).Is there a way to defend against access attacks (making many login attempts in short periods of time)?
Thanks in advance.
原文:https://stackoverflow.com/questions/34151920
最满意答案
.htaccess
下行添加到.htaccess
文件中AddHandler application/x-httpd-php .do
这告诉服务器处理以
.do
结尾的所有文件为.php
。Add the following line to your
.htaccess
fileAddHandler application/x-httpd-php .do
This tells the server to process all files ending with
.do
as.php
.
相关问答
更多-
$name = $_FILES["file"]["name"]; $ext = end((explode(".", $name))); # extra () to prevent notice echo $ext; $name = $_FILES["file"]["name"]; $ext = end((explode(".", $name))); # extra () to prevent notice echo $ext;
-
不需要使用字符串函数。 您可以使用实际设计为您想要的东西: pathinfo() : $path = $_FILES['image']['name']; $ext = pathinfo($path, PATHINFO_EXTENSION); No need to use string functions. You can use something that's actually designed for what you want: pathinfo(): $path = $_FILES['image' ...
-
扩展名为.php.xx的PHP文件可以作为PHP执行吗?(Can PHP files with an extension of .php.xx be executed as PHP?)[2022-02-27]
完全由Web服务器决定它如何处理给定的URL。 如果它希望将当月第三个星期四下午2:35访问的20位数字的URL视为PHP脚本,那么这就是它的特权。 试图猜测Web服务器将严格按照请求的URL进行操作是不可能的。 It's completely up to the web server to decide how it wants to handle a given URL. If it wants to treat a URL with a 20-digit number accessed at 2:35 ... -
在这里添加return语句: if ($state) { Yii::$app->session->setFlash('SuccessJob', $message); return $this->redirect('index'); //here } else { Yii::$app->session->setFlash('ErrorJob', $message); return $this->render('create', ['scheduleList' => $sc ...
-
使用 RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^([^\.]+)$ $1.php [NC,L] Use RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^([^\.]+)$ $1.php [NC,L]
-
执行视图中的代码,因为Cake使用include来处理它。 你可以自己做同样的事情: include('any_file_you_want.with_any_extension'); 只要有一个PHP开始标记并且语法正常,该文件中的任何代码都将被执行。 The code inside views is executed because Cake uses include to process it. You can do the same yourself: include('any_file_you_w ...
-
该问题是由该行创建的: $originalName = $file->getFilename(); 使用: $originalName = $file->getClientOriginalName(); 代替。 The problem was created by the line: $originalName = $file->getFilename(); Use: $originalName = $file->getClientOriginalName(); instead.
-
您当前的规则与单个捕获组中的整个路径匹配,然后将.php附加到组的末尾。 你试图将.php插入到路径的中间。 为了达到这个目的,你需要将你想要的部分和你想要的部分匹配在单独的组中。 要实现这一点,您需要一个如下规则: RewriteRule ^([^/]+)(/\d+)$ $1.php$2 [NC,L] (你可能会发现斜杠需要转义,在这种情况下正则表达式是^([^\/]+)(\/\d+)$ ) 解释: ([^/]+)将匹配1个或多个不是/字符,并将它们存储为组1。 (/\d+)将匹配/后跟1个或多个数字, ...
-
.htaccess下行添加到.htaccess文件中 AddHandler application/x-httpd-php .do 这告诉服务器处理以.do结尾的所有文件为.php 。 Add the following line to your .htaccess file AddHandler application/x-httpd-php .do This tells the server to process all files ending with .do as .php.
-
使用下面的代码: $path = $_FILES['files']['name']; $ext = pathinfo($path, PATHINFO_EXTENSION); 希望它会帮助你:) Use below code : $path = $_FILES['files']['name']; $ext = pathinfo($path, PATHINFO_EXTENSION); Hope it will help you :)