Nkhaniyi ithana ndi vuto lodziwika bwino la outh. Owerenga adzaphunziranso momwe angagwiritsire ntchito chilolezo chotetezeka komanso chotetezeka mu intaneti.
Outh ndi protocol wodalirika, koma kuchuluka kwake kwa chitetezo kumadalira kuzindikirika kwa opanga mawebusayiti akamakhazikitsa chilolezo. Izi zimapangitsa kuti nkhaniyi ikhale yofunika kwambiri kwa akatswiri achitetezo. Afunika kupereka chitetezo chambiri cha ogwiritsa ntchito awo. Yakwana nthawi yodziwana ndi akatswiri ogwira mtima omwe angakuthandizeni kuchepetsa ngozi yogulitsa osauka.
ChiyambiMa protocol 2.0 pano amagwiritsidwa ntchito kwambiri pamapulogalamu osiyanasiyana. Kugwiritsa ntchito, mawonekedwe ogwiritsa ntchito ogwiritsa ntchito amapezeka, kutsimikizika komanso chilolezo chotsimikizika poyerekeza ndi njira zachikhalidwe zolowera lolowera ndi chinsinsi. Ndi kukhazikitsa koyenera, protocol ya Outh ikhale yotetezeka kuposa chilolezo chachikhalidwe, popeza ogwiritsa ntchito safunikira kugawana deta yawo yowerengera akaunti ndi pulogalamu yachitatu kuti mupeze gwero lachitatu. Ogwiritsa ntchito nthawi zambiri amakonda kulowa kugwiritsa ntchito akaunti yawo ya Google, Facebook kapena LinkedIn, m'malo mopanga akaunti yatsopano nthawi iliyonse yomwe mukufuna kulembetsa patsamba lina. Chifukwa chake, protocol yamawu imasavuta kwambiri miyoyo yathu.
Mwambiri, othandizira otchuka a Outh amaugwiritsa ntchito ndi odalirika kwambiri. Lowani mu akaunti ya Google kapena Facebook kapena Facebook imalimbikitsa malingaliro ena otetezeka, ndipo ndi zolondola. Protocol imayesedwa mosamala ndi akatswiri. Zosowa zonse zomwe zilipo zimakonzedwa mwachangu ndi gulu la wopanga. Komabe, ndikofunikira kudziwa kuti kumverera kwa chitetezo chathunthu kumatha kukhala abodza.
Outh Outh Atumiki Othandizira adasiyidwa kuti agwiritse ntchito pazifukwa zambiri zolimbana ndi chitetezo chamapulogalamu awo. M'malo mwake, ovomerezeka otetezedwa omwe adaloledwa, adakhazikitsidwa molakwika pakukhazikitsa kwake, akhoza kukhala chinthu chosavuta kwa omvera. Kusakhazikika koteroko kumabweretsa kugunda kwa zomwe ogwiritsa ntchito.
Kenako, muyenera kuganizira zomwe ziphonya zomwe zimakumana ndi mapulogalamu a m'chipani chachitatu zomwe zimakhazikitsa protocol ya Outh kuti muvomereze ogwiritsa ntchito. Tiyenera kukumbukira kuti protocol yokha ndi yotetezeka komanso yodalirika. Pokhapokha kukhazikitsa molakwika, zimayamba kusokonekera.
Kuba kwa outh tocket pogwiritsa ntchito wamkulu wabwanaPulogalamuyo ikapempha chilolezo m'malo mwa wogwiritsa ntchito pa seva ya Outh, munthu amalandira nambala yolowera ndikubwerera ku seva kuti isayang'anire. Ngati pa ntchito yomwe wogwiritsa ntchito adzatumizidwa patsamba lina, nambala idzaonedwa mu "Mbiri" ya Pempho la HTTP. Chifukwa chake, nambala idzagwera pa tsamba lakunja, lomwe lingawopseze kuti ogwiritsa ntchito omwe atumizidwa pa seva ya Outh.
Dziwani: Mtsogoleri wa Referer ndi mutu wa HTTP, imatumiza ulalo womwe pempho latumizidwa.
Kuti muchepetse zotsatira za vutoli, wopanga izi ayenera kuonetsetsa kuti ntchito yake ilibe jakisoni wa HTML. Ngati jakisoni adapezeka, wowukira amatha kukhazikitsa chithunzithunzi cha seva yake ya pa intaneti ndikupeza njira yobwezera wosutayo pa iyo. Chifukwa chake, adzapeza mwayi wobera malamulowo kuchokera kwa "amene wabwana" wa pempho la HTTP.
Kuba kwa Outh Kubera Kugwiritsa Ntchito Kubwezeretsa_chizindikiroNtchito imayambitsa njira yovomerezeka potumiza pempho la outh:
https://www.exatheple.com/sign/urotizen. Pathey.
Funsoli nthawi zonse limakhala ndi "Redrectoct_uri" lauri "lomwe limagwiritsidwa ntchito ndi seva ya Outh kuti atumize ma tokeni atafunsira kuti avomereze. Ngati mtengo wa gawo ili sunayendetsedwe kapena kusayang'aniridwa, womenyerayo amatha kusintha mosavuta ndikuwunikanso tsamba lawebusayiti, pomwe limagwiritsa ntchito pulogalamu yapadera yokonzanso chizindikiro.
HTTPS://www.example.com/ssugn/urotizen. Bend...
Nthawi zina ma ura ofananira amatsekedwa. Wowukirayo amatha kuwongolera zomwe zalandilidwazo pa URL yotseguka, monga chonchi:
https://www.exatheple.com/uthing20_urthothoct.
Kapena izi:
https://www.exatheple.com/outh2/urotive? [...]% =)
Mukakhazikitsa Outh, simungathe kuphatikiza madongosolo onse mu mndandanda wazoyera. Ulalo wochepa wokha uyenera kuwonjezeredwa kuti "ubwezeretse - sunatumize pempho lotsegulira.
Kupanga kwa zopempha za pamtandaKukakamira kwa zofunsira kukhazikika kungachitike pamene wowukira amapambana kuti adziwe ulalo wake ndipo, motero, kuti apereke pempho kuti asapereke. Kusintha kwa zopempha pamtanda nthawi zambiri kumakhazikika ndi Chizindikiro cha CSRF, chomwe chimalumikizidwa ndi gawo la wogwiritsa ntchito. Zimathandizira kugwiritsa ntchito kuti muwone munthu amene watumiza pempholo. Ndondomeko ya "boma" mu protocol ya Outh imagwira ntchito ngati CSRF.
Ndizofunikira kuwona momwe ma CSRF kuukirira kumachitika ndi outh ndipo monga "boma" lingagwiritsidwe ntchito kuthetsa mavuto omwe ali pachiwopsezo.
Hacker amatsegula pulogalamu yogwiritsira ntchito intaneti ndikukhazikitsa njira yovomerezeka kuti mupeze wopereka ntchito pogwiritsa ntchito Outh. Pulogalamuyi ikupempha wopereka chithandizo kuti apeze zofunika kuti aperekedwe. Hacker adzatumizidwa ku Westermer Westermer Webusayiti, pomwe nthawi zambiri mumafunikira lowe dzina lanu lolowera ndi mawu achinsinsi kuti mulole. M'malo mwake, agunda a Hacker ndipo amalepheretsa pempholi ndikusunga URL. Hacker mwanjira ina imapangitsa kuti wolakyuluyo atsegule ulalowu. Ngati wovulalayo adalowa mu dongosolo la wopereka ntchito pogwiritsa ntchito akaunti yake, ndiye kuti zitsimikiziro zake zidzagwiritsidwa ntchito popereka nambala yovomerezeka. Code yovomerezeka yomwe imasinthana mwayi wofikira. Tsopano akaunti ya Hacker mu pulogalamuyi imavomerezedwa. Itha kupeza akaunti ya wozunzidwayo.
Ndiye, ndingapewe bwanji kuti izi zikugwiritsa ntchito gawo la "boma"?
Pulogalamuyi iyenera kupanga mtengo womwe ukukhala mwanjira ina malinga ndi akaunti (mwachitsanzo, gwiritsani ntchito wogwiritsa ntchito hash kiyi). Sizofunika kwambiri, chinthu chachikulu ndichakuti mtengo wake ndi wapadera ndipo umapangidwa pogwiritsa ntchito chinsinsi chokhudza wogwiritsa ntchito. Imaperekedwa kwa "boma".
Mtengo uwu umafalikira kwa wopereka ntchito poperekanso. Tsopano wogonjera amaitana wozunzidwayo kuti atsegule ulalowo, womwe adasunga.
Nambala yovomerezeka imaperekedwa ndikutumizidwa kwa kasitomala mu gawo limodzi ndi "boma".
Makasitomala amapanga mtengo wokhazikika pazinthu zingapo ndikufanizira ndi mtengo wa "boma", womwe udatumizidwa ku Pempho Lovomerezeka kwa Wopereka Ntchito. Mtengo uwu sugwirizana ndi gawo la "State" mu funsoli, chifukwa chapangidwa pokhapokha pazidziwitso zaposachedwa. Zotsatira zake, mtengo wopezeka sulandiridwa ndi kachitidwe.
Zosowa zina zomwe zadziwika kuti zimakhazikitsa outh ngati njira yothana ndi XSS (yodutsa-ikuluikulu) yogwiritsa ntchito njira yam'manja (nthawi yovomerezeka) Khodi yovomerezeka imatha kugwiritsidwa ntchito kangapo kutulutsa zikwangwani zingapo. Izi sizili zofala kwambiri kuposa zomwe tafotokozazi, koma sizipangitsa kuti iwo akhale owopsa. Wopanga mapulogalamuwo ayenera kudziwa machitidwe onse ofunikira kuti atsimikizire ntchito yodalirika ya intaneti.
Wolemba ntchito yomasuliridwa: Simoni saiba.
Chofunika! Chidziwitso chokhacho. Chonde tsatirani malamulo ndipo musagwiritse ntchito izi popewa zosaloledwa.
Zinthu zosangalatsa kwambiri pa Cisoclub.ru. Alembetsa ku US: Facebook | VK | Twitter | Instagram | Telegraph | Zen | Nthumwi | ICQ yatsopano | Youtube | .