zhangyuqing
/
awesome-interview
mirror of https://github.com/HZFE/awesome-interview.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
awesome-interview/assets/js/99c95826.7efad0bb.js

1 line
22 KiB
JavaScript
Raw Blame History

"use strict";(self.webpackChunkjjbook=self.webpackChunkjjbook||[]).push([[2575],{3905:function(t,e,n){n.d(e,{Zo:function(){return u},kt:function(){return s}});var r=n(7294);function l(t,e,n){return e in t?Object.defineProperty(t,e,{value:n,enumerable:!0,configurable:!0,writable:!0}):t[e]=n,t}function a(t,e){var n=Object.keys(t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(t);e&&(r=r.filter((function(e){return Object.getOwnPropertyDescriptor(t,e).enumerable}))),n.push.apply(n,r)}return n}function i(t){for(var e=1;e<arguments.length;e++){var n=null!=arguments[e]?arguments[e]:{};e%2?a(Object(n),!0).forEach((function(e){l(t,e,n[e])})):Object.getOwnPropertyDescriptors?Object.defineProperties(t,Object.getOwnPropertyDescriptors(n)):a(Object(n)).forEach((function(e){Object.defineProperty(t,e,Object.getOwnPropertyDescriptor(n,e))}))}return t}function p(t,e){if(null==t)return{};var n,r,l=function(t,e){if(null==t)return{};var n,r,l={},a=Object.keys(t);for(r=0;r<a.length;r++)n=a[r],e.indexOf(n)>=0||(l[n]=t[n]);return l}(t,e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(t);for(r=0;r<a.length;r++)n=a[r],e.indexOf(n)>=0||Object.prototype.propertyIsEnumerable.call(t,n)&&(l[n]=t[n])}return l}var o=r.createContext({}),k=function(t){var e=r.useContext(o),n=e;return t&&(n="function"==typeof t?t(e):i(i({},e),t)),n},u=function(t){var e=k(t.components);return r.createElement(o.Provider,{value:e},t.children)},m={inlineCode:"code",wrapper:function(t){var e=t.children;return r.createElement(r.Fragment,{},e)}},c=r.forwardRef((function(t,e){var n=t.components,l=t.mdxType,a=t.originalType,o=t.parentName,u=p(t,["components","mdxType","originalType","parentName"]),c=k(n),s=l,N=c["".concat(o,".").concat(s)]||c[s]||m[s]||a;return n?r.createElement(N,i(i({ref:e},u),{},{components:n})):r.createElement(N,i({ref:e},u))}));function s(t,e){var n=arguments,l=e&&e.mdxType;if("string"==typeof t||l){var a=n.length,i=new Array(a);i[0]=c;var p={};for(var o in e)hasOwnProperty.call(e,o)&&(p[o]=e[o]);p.originalType=t,p.mdxType="string"==typeof t?t:l,i[1]=p;for(var k=2;k<a;k++)i[k]=n[k];return r.createElement.apply(null,i)}return r.createElement.apply(null,n)}c.displayName="MDXCreateElement"},7136:function(t,e,n){n.r(e),n.d(e,{frontMatter:function(){return p},contentTitle:function(){return o},metadata:function(){return k},toc:function(){return u},default:function(){return c}});var r=n(7462),l=n(3366),a=(n(7294),n(3905)),i=["components"],p={sidebar_label:"\u7f51\u7edc\uff1a\u524d\u7aef\u5b89\u5168",sidebar_position:9},o="\u524d\u7aef\u5b89\u5168",k={unversionedId:"book1/network-security",id:"book1/network-security",isDocsHomePage:!1,title:"\u524d\u7aef\u5b89\u5168",description:"\u76f8\u5173\u95ee\u9898",source:"@site/docs/book1/network-security.md",sourceDirName:"book1",slug:"/book1/network-security",permalink:"/awesome-interview/book1/network-security",tags:[],version:"current",sidebarPosition:9,frontMatter:{sidebar_label:"\u7f51\u7edc\uff1a\u524d\u7aef\u5b89\u5168",sidebar_position:9},sidebar:"tutorialSidebar",previous:{title:"\u6837\u5f0f\uff1aBFC \u7684\u5f62\u6210\u548c\u4f5c\u7528",permalink:"/awesome-interview/book1/css-bfc"},next:{title:"\u7f16\u7801\uff1a\u5b9e\u73b0\u4e00\u4e2a Promises/A+",permalink:"/awesome-interview/book1/coding-promise"}},u=[{value:"\u76f8\u5173\u95ee\u9898",id:"\u76f8\u5173\u95ee\u9898",children:[]},{value:"\u56de\u7b54\u5173\u952e\u70b9",id:"\u56de\u7b54\u5173\u952e\u70b9",children:[]},{value:"\u77e5\u8bc6\u70b9\u6df1\u5165",id:"\u77e5\u8bc6\u70b9\u6df1\u5165",children:[{value:"1. XSS\uff08\u8de8\u7ad9\u811a\u672c\u653b\u51fb\uff09",id:"1-xss\u8de8\u7ad9\u811a\u672c\u653b\u51fb",children:[]},{value:"2. CSRF\uff08\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\uff09",id:"2-csrf\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020",children:[]},{value:"3. \u4e2d\u95f4\u4eba\u653b\u51fb\uff08MITM\uff09",id:"3-\u4e2d\u95f4\u4eba\u653b\u51fbmitm",children:[]}]},{value:"\u53c2\u8003\u8d44\u6599",id:"\u53c2\u8003\u8d44\u6599",children:[]}],m={toc:u};function c(t){var e=t.components,n=(0,l.Z)(t,i);return(0,a.kt)("wrapper",(0,r.Z)({},m,n,{components:e,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"\u524d\u7aef\u5b89\u5168"},"\u524d\u7aef\u5b89\u5168"),(0,a.kt)("h2",{id:"\u76f8\u5173\u95ee\u9898"},"\u76f8\u5173\u95ee\u9898"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"\u5982\u4f55\u9632\u8303 XSS / CSRF \u653b\u51fb"),(0,a.kt)("li",{parentName:"ul"},"\u8bf4\u8bf4 HTTPS \u4e2d\u95f4\u4eba\u653b\u51fb\uff0c\u53ca\u5176\u5982\u4f55\u9632\u8303")),(0,a.kt)("h2",{id:"\u56de\u7b54\u5173\u952e\u70b9"},"\u56de\u7b54\u5173\u952e\u70b9"),(0,a.kt)("p",null,(0,a.kt)("inlineCode",{parentName:"p"},"XSS")," ",(0,a.kt)("inlineCode",{parentName:"p"},"CSRF")," ",(0,a.kt)("inlineCode",{parentName:"p"},"\u4e2d\u95f4\u4eba\u653b\u51fb")),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"XSS\uff08\u8de8\u7ad9\u811a\u672c\u653b\u51fb\uff09")," \u662f\u6307\u653b\u51fb\u8005\u5229\u7528\u7f51\u7ad9\u6f0f\u6d1e\u5c06\u4ee3\u7801\u6ce8\u5165\u5230\u5176\u4ed6\u7528\u6237\u6d4f\u89c8\u5668\u7684\u653b\u51fb\u65b9\u5f0f\u3002\u5e38\u89c1\u7c7b\u578b\u6709\uff1a",(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"\u53cd\u5c04\u578b\uff08\u975e\u6301\u4e45\u6027\uff09")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"\u5b58\u50a8\u578b\uff08\u6301\u4e45\u6027\uff09")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"DOM \u578b")))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"CSRF\uff08\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\uff09")," \u662f\u6307\u653b\u51fb\u8005\u53ef\u4ee5\u5728\u7528\u6237\u4e0d\u77e5\u60c5\u7684\u60c5\u51b5\u4e0b\uff0c\u7a83\u7528\u5176\u8eab\u4efd\u5728\u5bf9\u5e94\u7684\u7f51\u7ad9\u8fdb\u884c\u64cd\u4f5c\u3002"),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"\u4e2d\u95f4\u4eba\u653b\u51fb\uff08MITM\uff09")," \u662f\u6307\u653b\u51fb\u8005\u4e0e\u901a\u8baf\u7684\u4e24\u7aef\u5206\u522b\u521b\u5efa\u72ec\u7acb\u7684\u8054\u7cfb\uff0c\u5728\u901a\u8baf\u4e2d\u5145\u5f53\u4e00\u4e2a\u4e2d\u95f4\u4eba\u89d2\u8272\u5bf9\u6570\u636e\u8fdb\u884c\u76d1\u542c\u3001\u62e6\u622a\u751a\u81f3\u7be1\u6539\u3002")),(0,a.kt)("h2",{id:"\u77e5\u8bc6\u70b9\u6df1\u5165"},"\u77e5\u8bc6\u70b9\u6df1\u5165"),(0,a.kt)("h3",{id:"1-xss\u8de8\u7ad9\u811a\u672c\u653b\u51fb"},"1. XSS\uff08\u8de8\u7ad9\u811a\u672c\u653b\u51fb\uff09"),(0,a.kt)("h4",{id:"11-\u53cd\u5c04\u578b\u975e\u6301\u4e45\u6027"},"1.1 \u53cd\u5c04\u578b\uff08\u975e\u6301\u4e45\u6027\uff09"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"\u539f\u7406"),"\uff1a\u653b\u51fb\u8005\u901a\u8fc7\u5728 URL \u63d2\u5165\u6076\u610f\u4ee3\u7801\uff0c\u5176\u4ed6\u7528\u6237\u8bbf\u95ee\u8be5\u6076\u610f\u94fe\u63a5\u65f6\uff0c\u670d\u52a1\u7aef\u5728 URL \u53d6\u51fa\u6076\u610f\u4ee3\u7801\u540e\u62fc\u63a5\u81f3 HTML \u4e2d\u8fd4\u56de\u7ed9\u7528\u6237\u6d4f\u89c8\u5668\u3002"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"\u8981\u70b9"),"\uff1a"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"\u901a\u8fc7 URL \u63d2\u5165\u6076\u610f\u4ee3\u7801\u3002"),(0,a.kt)("li",{parentName:"ul"},"\u6709\u670d\u52a1\u7aef\u53c2\u4e0e\u3002"),(0,a.kt)("li",{parentName:"ul"},"\u9700\u8981\u7528\u6237\u8bbf\u95ee\u7279\u5b9a\u94fe\u63a5\u3002")),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"\u4f8b\u5b50"),"\uff1a"),(0,a.kt)("p",null,"\u653b\u51fb\u8005\u8bf1\u5bfc\u88ab\u5bb3\u8005\u6253\u5f00\u94fe\u63a5 ",(0,a.kt)("inlineCode",{parentName:"p"},'hzfe.org?name=<script src="http://a.com/attack.js"/>'),"\u3002"),(0,a.kt)("p",null,"\u88ab\u653b\u51fb\u7f51\u7ad9\u670d\u52a1\u5668\u6536\u5230\u8bf7\u6c42\u540e\uff0c\u672a\u7ecf\u5904\u7406\u76f4\u63a5\u5c06 URL \u7684 name \u5b57\u6bb5\u76f4\u63a5\u62fc\u63a5\u81f3\u524d\u7aef\u6a21\u677f\u4e2d\uff0c\u5e76\u8fd4\u56de\u6570\u636e\u3002"),(0,a.kt)("p",null,"\u88ab\u5bb3\u8005\u5728\u4e0d\u77e5\u60c5\u7684\u60c5\u51b5\u4e0b\uff0c\u6267\u884c\u4e86\u653b\u51fb\u8005\u6ce8\u5165\u7684\u811a\u672c\uff08\u53ef\u4ee5\u901a\u8fc7\u8fd9\u4e2a\u83b7\u53d6\u5bf9\u65b9\u7684 Cookie \u7b49\uff09\u3002"),(0,a.kt)("h4",{id:"12-\u5b58\u50a8\u578b\u6301\u4e45\u6027"},"1.2 \u5b58\u50a8\u578b\uff08\u6301\u4e45\u6027\uff09"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"\u539f\u7406"),"\uff1a\u653b\u51fb\u8005\u5c06\u6ce8\u5165\u578b\u811a\u672c\u63d0\u4ea4\u81f3\u88ab\u653b\u51fb\u7f51\u7ad9\u6570\u636e\u5e93\u4e2d\uff0c\u5f53\u5176\u4ed6\u7528\u6237\u6d4f\u89c8\u5668\u8bf7\u6c42\u6570\u636e\u65f6\uff0c\u6ce8\u5165\u811a\u672c\u4ece\u670d\u52a1\u5668\u8fd4\u56de\u5e76\u6267\u884c\u3002"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"\u8981\u70b9"),"\uff1a"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"\u6076\u610f\u4ee3\u7801\u5b58\u50a8\u5728\u76ee\u6807\u7f51\u7ad9\u670d\u52a1\u5668\u4e0a\u3002"),(0,a.kt)("li",{parentName:"ul"},"\u6709\u670d\u52a1\u7aef\u53c2\u4e0e\u3002"),(0,a.kt)("li",{parentName:"ul"},"\u53ea\u8981\u7528\u6237\u8bbf\u95ee\u88ab\u6ce8\u5165\u6076\u610f\u811a\u672c\u7684\u9875\u9762\u65f6\uff0c\u5c31\u4f1a\u88ab\u653b\u51fb\u3002")),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"\u4f8b\u5b50"),"\uff1a"),(0,a.kt)("p",null,"\u653b\u51fb\u8005\u5728\u76ee\u6807\u7f51\u7ad9\u7559\u8a00\u677f\u4e2d\u63d0\u4ea4\u4e86",(0,a.kt)("inlineCode",{parentName:"p"},'<script src="http://a.com/attack.js"/>'),"\u3002"),(0,a.kt)("p",null,"\u76ee\u6807\u7f51\u7ad9\u670d\u52a1\u7aef\u672a\u7ecf\u8f6c\u4e49\u5b58\u50a8\u4e86\u6076\u610f\u4ee3\u7801\uff0c\u524d\u7aef\u8bf7\u6c42\u5230\u6570\u636e\u540e\u76f4\u63a5\u901a\u8fc7 innerHTML \u6e32\u67d3\u5230\u9875\u9762\u4e2d\u3002"),(0,a.kt)("p",null,"\u5176\u4ed6\u7528\u6237\u5728\u8bbf\u95ee\u8be5\u7559\u8a00\u677f\u65f6\uff0c\u4f1a\u81ea\u52a8\u6267\u884c\u653b\u51fb\u8005\u6ce8\u5165\u811a\u672c\u3002"),(0,a.kt)("h4",{id:"13-dom-\u578b"},"1.3 DOM \u578b"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"\u539f\u7406"),"\uff1a\u653b\u51fb\u8005\u901a\u8fc7\u5728 URL \u63d2\u5165\u6076\u610f\u4ee3\u7801\uff0c\u5ba2\u6237\u7aef\u811a\u672c\u53d6\u51fa URL \u4e2d\u7684\u6076\u610f\u4ee3\u7801\u5e76\u6267\u884c\u3002"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"\u8981\u70b9"),"\uff1a"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"\u5728\u5ba2\u6237\u7aef\u53d1\u751f\u3002")),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"\u4f8b\u5b50"),"\uff1a"),(0,a.kt)("p",null,"\u653b\u51fb\u8005\u8bf1\u5bfc\u88ab\u5bb3\u8005\u6253\u5f00\u94fe\u63a5 ",(0,a.kt)("inlineCode",{parentName:"p"},'hzfe.org?name=<script src="http://a.com/attack.js"/>'),"\u3002"),(0,a.kt)("p",null,"\u88ab\u653b\u51fb\u7f51\u7ad9\u524d\u7aef\u53d6\u51fa URL \u7684 name \u5b57\u6bb5\u540e\u672a\u7ecf\u8f6c\u4e49\u76f4\u63a5\u901a\u8fc7 innerHTML \u6e32\u67d3\u5230\u9875\u9762\u4e2d\u3002"),(0,a.kt)("p",null,"\u88ab\u5bb3\u8005\u5728\u4e0d\u77e5\u60c5\u7684\u60c5\u51b5\u4e0b\uff0c\u6267\u884c\u4e86\u653b\u51fb\u8005\u6ce8\u5165\u7684\u811a\u672c\u3002"),(0,a.kt)("h4",{id:"14-\u9632\u8303-xss"},"1.4 \u9632\u8303 XSS"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"\u5bf9\u4e8e\u5916\u90e8\u4f20\u5165\u7684\u5185\u5bb9\u8fdb\u884c\u5145\u5206\u8f6c\u4e49\u3002"),(0,a.kt)("li",{parentName:"ul"},"\u5f00\u542f CSP\uff08Content Security Policy\uff0c\u5185\u5bb9\u5b89\u5168\u7b56\u7565\uff09\uff0c\u89c4\u5b9a\u5ba2\u6237\u7aef\u54ea\u4e9b\u5916\u90e8\u8d44\u6e90\u53ef\u4ee5\u52a0\u8f7d\u548c\u6267\u884c\uff0c\u964d\u4f4e XSS \u98ce\u9669\u3002"),(0,a.kt)("li",{parentName:"ul"},"\u8bbe\u7f6e Cookie httpOnly \u5c5e\u6027\uff0c\u7981\u6b62 JavaScript \u8bfb\u53d6 Cookie \u9632\u6b62\u88ab\u7a83\u53d6\u3002")),(0,a.kt)("h3",{id:"2-csrf\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020"},"2. CSRF\uff08\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\uff09"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"\u539f\u7406"),"\uff1a\u653b\u51fb\u8005\u8bf1\u5bfc\u53d7\u5bb3\u8005\u8fdb\u5165\u7b2c\u4e09\u65b9\u7f51\u7ad9\uff0c\u5728\u7b2c\u4e09\u65b9\u7f51\u7ad9\u4e2d\u5411\u88ab\u653b\u51fb\u7f51\u7ad9\u53d1\u9001\u8de8\u7ad9\u8bf7\u6c42\u3002\u5229\u7528\u53d7\u5bb3\u8005\u5728\u88ab\u653b\u51fb\u7f51\u7ad9\u5df2\u7ecf\u83b7\u53d6\u7684\u8eab\u4efd\u51ed\u8bc1\uff0c\u8fbe\u5230\u5192\u5145\u7528\u6237\u5bf9\u88ab\u653b\u51fb\u7684\u7f51\u7ad9\u6267\u884c\u67d0\u9879\u64cd\u4f5c\u7684\u76ee\u7684\u3002"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"\u8981\u70b9"),"\uff1a"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"\u5229\u7528\u6d4f\u89c8\u5668\u5728\u53d1\u9001 HTTP \u8bf7\u6c42\u65f6\u4f1a\u81ea\u52a8\u5e26\u4e0a Cookie \u7684\u539f\u7406\uff0c\u5192\u7528\u53d7\u5bb3\u8005\u8eab\u4efd\u8bf7\u6c42\u3002"),(0,a.kt)("li",{parentName:"ul"},"\u653b\u51fb\u4e00\u822c\u53d1\u751f\u5728\u7b2c\u4e09\u65b9\u7f51\u7ad9\u4e0a\u3002"),(0,a.kt)("li",{parentName:"ul"},"\u653b\u51fb\u8005\u53ea\u80fd\u201c\u5192\u7528\u201d\u53d7\u5bb3\u8005\u7684\u8eab\u4efd\u51ed\u8bc1\uff0c\u5e76\u4e0d\u80fd\u83b7\u53d6\u3002"),(0,a.kt)("li",{parentName:"ul"},"\u8de8\u7ad9\u8bf7\u6c42\u6709\u591a\u79cd\u65b9\u5f0f\uff0c\u5e38\u89c1\u7684\u6709\u56fe\u7247 URL\uff0c\u8d85\u94fe\u63a5\uff0cForm \u63d0\u4ea4\u7b49\u3002")),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"\u4f8b\u5b50"),"\uff1a"),(0,a.kt)("p",null,"\u653b\u51fb\u8005\u5728\u7b2c\u4e09\u65b9\u7f51\u7ad9\u4e0a\u653e\u7f6e\u4e00\u4e2a\u5982\u4e0b\u7684 img"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-html"},'<img src="http://hzfe.org/article/delete" />\n')),(0,a.kt)("p",null,"\u53d7\u5bb3\u8005\u8bbf\u95ee\u8be5\u9875\u9762\u540e\uff08\u524d\u63d0\uff1a\u53d7\u5bb3\u8005\u5728 hzfe.org \u767b\u5f55\u8fc7\u4e14\u4ea7\u751f\u4e86 Cookie \u4fe1\u606f\uff09\uff0c\u6d4f\u89c8\u5668\u4f1a\u81ea\u52a8\u53d1\u8d77\u8fd9\u4e2a\u8bf7\u6c42\uff0chzfe.org \u5c31\u4f1a\u6536\u5230\u5305\u542b\u53d7\u5bb3\u8005\u8eab\u4efd\u51ed\u8bc1\u7684\u4e00\u6b21\u8de8\u57df\u8bf7\u6c42\u3002"),(0,a.kt)("p",null,"\u82e5\u76ee\u6807\u7f51\u7ad9\u6ca1\u6709\u4efb\u4f55\u9632\u8303\u63aa\u65bd\uff0c\u90a3\u653b\u51fb\u8005\u5c31\u80fd\u5192\u5145\u53d7\u5bb3\u8005\u5b8c\u6210\u8fd9\u4e00\u6b21\u8bf7\u6c42\u64cd\u4f5c\u3002"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"\u9632\u8303"),"\uff1a"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"\u4f7f\u7528 CSRF Token \u9a8c\u8bc1\u7528\u6237\u8eab\u4efd",(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"\u539f\u7406\uff1a\u670d\u52a1\u7aef\u751f\u6210 CSRF Token \uff08\u901a\u5e38\u5b58\u50a8\u5728 Session \u4e2d\uff09\uff0c\u7528\u6237\u63d0\u4ea4\u8bf7\u6c42\u65f6\u643a\u5e26\u4e0a Token\uff0c\u670d\u52a1\u7aef\u9a8c\u8bc1 Token \u662f\u5426\u6709\u6548\u3002"),(0,a.kt)("li",{parentName:"ul"},"\u4f18\u70b9\uff1a\u80fd\u6bd4\u8f83\u6709\u6548\u7684\u9632\u5fa1 CSRF \uff08\u524d\u63d0\u662f\u6ca1\u6709 XSS \u6f0f\u6d1e\u6cc4\u9732 Token\uff09\u3002"),(0,a.kt)("li",{parentName:"ul"},"\u7f3a\u70b9\uff1a\u5927\u578b\u7f51\u7ad9\u4e2d Session \u5b58\u50a8\u4f1a\u589e\u52a0\u670d\u52a1\u5668\u538b\u529b\uff0c\u4e14\u82e5\u4f7f\u7528\u5206\u5e03\u5f0f\u96c6\u7fa4\u8fd8\u9700\u8981\u4e00\u4e2a\u516c\u5171\u5b58\u50a8\u7a7a\u95f4\u5b58\u50a8 Token\uff0c\u5426\u5219\u53ef\u80fd\u7528\u6237\u8bf7\u6c42\u5230\u4e0d\u540c\u670d\u52a1\u5668\u4e0a\u5bfc\u81f4\u7528\u6237\u51ed\u8bc1\u5931\u6548\uff1b\u6709\u4e00\u5b9a\u7684\u5de5\u4f5c\u91cf\u3002"))),(0,a.kt)("li",{parentName:"ul"},"\u53cc\u91cd Cookie \u9a8c\u8bc1",(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"\u539f\u7406\uff1a\u5229\u7528\u653b\u51fb\u8005\u4e0d\u80fd\u83b7\u53d6\u5230 Cookie \u7684\u7279\u70b9\uff0c\u5728 URL \u53c2\u6570\u6216\u8005\u81ea\u5b9a\u4e49\u8bf7\u6c42\u5934\u4e0a\u5e26\u4e0a Cookie \u6570\u636e\uff0c\u670d\u52a1\u5668\u518d\u9a8c\u8bc1\u8be5\u6570\u636e\u662f\u5426\u4e0e Cookie \u4e00\u81f4\u3002"),(0,a.kt)("li",{parentName:"ul"},"\u4f18\u70b9\uff1a\u65e0\u9700\u4f7f\u7528 Session\uff0c\u4e0d\u4f1a\u7ed9\u670d\u52a1\u5668\u538b\u529b\u3002"))),(0,a.kt)("li",{parentName:"ul"},"\u8bbe\u7f6e\u767d\u540d\u5355\uff0c\u4ec5\u5141\u8bb8\u5b89\u5168\u57df\u540d\u8bf7\u6c42"),(0,a.kt)("li",{parentName:"ul"},"\u589e\u52a0\u9a8c\u8bc1\u7801\u9a8c\u8bc1")),(0,a.kt)("h3",{id:"3-\u4e2d\u95f4\u4eba\u653b\u51fbmitm"},"3. \u4e2d\u95f4\u4eba\u653b\u51fb\uff08MITM\uff09"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"\u539f\u7406"),"\uff1a\u4e2d\u95f4\u4eba\u653b\u51fb\u662f\u4e00\u79cd\u901a\u8fc7\u5404\u79cd\u6280\u672f\u624b\u6bb5\u5165\u4fb5\u4e24\u53f0\u8bbe\u5907\u901a\u4fe1\u7684\u7f51\u7edc\u653b\u51fb\u65b9\u6cd5\u3002"),(0,a.kt)("p",null,(0,a.kt)("img",{parentName:"p",src:"https://user-images.githubusercontent.com/13888962/126036193-20b08345-f37d-40ff-9c76-c9c0993f5068.png",alt:"man in the middle mitm attack"})),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},"\u56fe\u7247\u6765\u6e90 ",(0,a.kt)("a",{parentName:"p",href:"https://www.imperva.com/learn/application-security/man-in-the-middle-attack-mitm/"},"Man in the middle (MITM) attack"))),(0,a.kt)("p",null,"\u6210\u529f\u7684\u4e2d\u95f4\u4eba\u653b\u51fb\u4e3b\u8981\u6709\u4e24\u4e2a\u4e0d\u540c\u7684\u9636\u6bb5\uff1a",(0,a.kt)("strong",{parentName:"p"},"\u62e6\u622a"),"\u548c",(0,a.kt)("strong",{parentName:"p"},"\u89e3\u5bc6"),"\u3002"),(0,a.kt)("h4",{id:"31-\u62e6\u622a"},"3.1 \u62e6\u622a"),(0,a.kt)("p",null,"\u5373\u653b\u51fb\u8005\u9700\u8981\u7528\u6237\u6570\u636e\u5728\u5230\u8fbe\u76ee\u6807\u8bbe\u5907\u524d\u62e6\u622a\u5e76\u901a\u8fc7\u653b\u51fb\u8005\u7684\u7f51\u7edc\u3002\u5206\u4e3a\u88ab\u52a8\u653b\u51fb\u548c\u4e3b\u52a8\u653b\u51fb\u3002"),(0,a.kt)("p",null,"\u5e38\u89c1\u7684\u88ab\u52a8\u653b\u51fb\uff08\u4e5f\u662f\u6700\u7b80\u5355\uff09\u7684\u65b9\u6cd5\uff0c\u653b\u51fb\u8005\u5411\u516c\u4f17\u63d0\u4f9b\u514d\u8d39\u7684\u6076\u610f WiFi \u70ed\u70b9\uff0c\u4e00\u65e6\u6709\u53d7\u5bb3\u8005\u8fde\u63a5\u4e86\u8be5\u70ed\u70b9\uff0c\u653b\u51fb\u8005\u5c31\u80fd\u5b8c\u5168\u4e86\u89e3\u5176\u6240\u6709\u7684\u5728\u7ebf\u6570\u636e\u4ea4\u6362\u3002"),(0,a.kt)("p",null,"\u5e38\u89c1\u7684\u4e3b\u52a8\u653b\u51fb\u6709\u4e24\u79cd\uff1a"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("strong",{parentName:"li"},"ARP \u6b3a\u9a97\uff1a")," \u653b\u51fb\u8005\u5229\u7528 ARP \u7684\u6f0f\u6d1e\uff0c\u901a\u8fc7\u5192\u5145\u7f51\u5173\u6216\u5176\u4ed6\u4e3b\u673a\uff0c\u4f7f\u5f97\u5230\u8fbe\u7f51\u5173\u6216\u5176\u4ed6\u4e3b\u673a\u7684\u6d41\u91cf\u901a\u8fc7\u653b\u51fb\u8005\u4e3b\u673a\u8fdb\u884c\u8f6c\u53d1\u3002"),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("strong",{parentName:"li"},"DNS \u6b3a\u9a97\uff1a")," \u653b\u51fb\u8005\u5192\u5145\u57df\u540d\u670d\u52a1\u5668\uff0c\u5c06\u53d7\u5bb3\u8005\u67e5\u8be2\u7684 IP \u5730\u5740\u8f6c\u53d1\u5230\u653b\u51fb\u8005\u7684 IP \u5730\u5740\u3002")),(0,a.kt)("h4",{id:"32-\u89e3\u5bc6"},"3.2 \u89e3\u5bc6"),(0,a.kt)("p",null,"\u62e6\u622a\u540e\uff0c\u82e5\u8fde\u63a5\u662f\u4f7f\u7528 HTTPS \u534f\u8bae\u5373\u4f20\u9012\u7684\u6570\u636e\u7528\u4e86 SSL / TLS \u52a0\u5bc6\uff0c\u8fd9\u65f6\u8fd8\u9700\u8981\u5176\u4ed6\u624b\u6bb5\u53bb\u89e3\u5bc6\u7528\u6237\u6570\u636e\u3002"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"SSL \u52ab\u6301\uff08\u4f2a\u9020\u8bc1\u4e66\uff09")),(0,a.kt)("p",null,"\u653b\u51fb\u8005\u5728 TLS \u63e1\u624b\u671f\u95f4\u62e6\u622a\u5230\u670d\u52a1\u5668\u8fd4\u56de\u7684\u516c\u94a5\u540e\uff0c\u5c06\u670d\u52a1\u5668\u7684\u516c\u94a5\u66ff\u6362\u6210\u81ea\u5df1\u7684\u516c\u94a5\u5e76\u8fd4\u56de\u7ed9\u5ba2\u6237\u7aef\uff0c\u8fd9\u6837\u653b\u51fb\u8005\u5c31\u80fd\u7528\u81ea\u5df1\u7684\u79c1\u94a5\u53bb\u89e3\u5bc6\u7528\u6237\u6570\u636e\uff0c\u4e5f\u53ef\u4ee5\u7528\u670d\u52a1\u5668\u516c\u94a5\u89e3\u5bc6\u670d\u52a1\u5668\u6570\u636e\u3002"),(0,a.kt)("p",null,"\u56e0\u4e3a\u662f\u4f2a\u9020\u7684\u8bc1\u4e66\uff0c\u6240\u4ee5\u5ba2\u6237\u7aef\u5728\u6821\u9a8c\u8bc1\u4e66\u8fc7\u7a0b\u4e2d\u4f1a\u63d0\u793a\u8bc1\u4e66\u9519\u8bef\uff0c\u82e5\u7528\u6237\u4ecd\u9009\u62e9\u7ee7\u7eed\u64cd\u4f5c\uff0c\u6b64\u65f6\u4e2d\u95f4\u4eba\u4fbf\u80fd\u83b7\u53d6\u4e0e\u670d\u52a1\u7aef\u7684\u901a\u4fe1\u6570\u636e\u3002"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"SSL \u5265\u79bb")),(0,a.kt)("p",null,"\u653b\u51fb\u8005\u62e6\u622a\u5230\u7528\u6237\u5230\u670d\u52a1\u5668\u7684\u8bf7\u6c42\u540e\uff0c\u653b\u51fb\u8005\u7ee7\u7eed\u548c\u670d\u52a1\u5668\u4fdd\u6301 HTTPS \u8fde\u63a5\uff0c\u5e76\u4e0e\u7528\u6237\u964d\u7ea7\u4e3a\u4e0d\u5b89\u5168\u7684 HTTP \u8fde\u63a5\u3002"),(0,a.kt)("p",null,"\u670d\u52a1\u5668\u53ef\u4ee5\u901a\u8fc7\u5f00\u542f HSTS\uff08HTTP Strict Transport Security\uff09\u7b56\u7565\uff0c\u544a\u77e5\u6d4f\u89c8\u5668\u5fc5\u987b\u4f7f\u7528 HTTPS \u8fde\u63a5\u3002\u4f46\u662f\u6709\u4e2a\u7f3a\u70b9\u662f\u7528\u6237\u9996\u6b21\u8bbf\u95ee\u65f6\u56e0\u8fd8\u672a\u6536\u5230 HSTS \u54cd\u5e94\u5934\u800c\u4e0d\u53d7\u4fdd\u62a4\u3002"),(0,a.kt)("h4",{id:"33-\u4e2d\u95f4\u4eba\u653b\u51fb\u9632\u8303"},"3.3 \u4e2d\u95f4\u4eba\u653b\u51fb\u9632\u8303"),(0,a.kt)("p",null,"\u5bf9\u4e8e\u5f00\u53d1\u8005\u6765\u8bf4\uff1a"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"\u652f\u6301 HTTPS\u3002"),(0,a.kt)("li",{parentName:"ul"},"\u5f00\u542f HSTS \u7b56\u7565\u3002")),(0,a.kt)("p",null,"\u5bf9\u4e8e\u7528\u6237\u6765\u8bf4\uff1a"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"\u5c3d\u53ef\u80fd\u4f7f\u7528 HTTPS \u94fe\u63a5\u3002"),(0,a.kt)("li",{parentName:"ul"},"\u907f\u514d\u8fde\u63a5\u4e0d\u77e5\u540d\u7684 WiFi \u70ed\u70b9\u3002"),(0,a.kt)("li",{parentName:"ul"},"\u4e0d\u5ffd\u7565\u4e0d\u5b89\u5168\u7684\u6d4f\u89c8\u5668\u901a\u77e5\u3002"),(0,a.kt)("li",{parentName:"ul"},"\u516c\u5171\u7f51\u7edc\u4e0d\u8fdb\u884c\u6d89\u53ca\u654f\u611f\u4fe1\u606f\u7684\u4ea4\u4e92\u3002"),(0,a.kt)("li",{parentName:"ul"},"\u7528\u53ef\u4fe1\u7684\u7b2c\u4e09\u65b9 CA \u5382\u5546\uff0c\u4e0d\u4e0b\u8f7d\u6765\u6e90\u4e0d\u660e\u7684\u8bc1\u4e66\u3002")),(0,a.kt)("h2",{id:"\u53c2\u8003\u8d44\u6599"},"\u53c2\u8003\u8d44\u6599"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("a",{parentName:"li",href:"https://developer.mozilla.org/en-US/docs/Glossary/Cross-site_scripting"},"Cross-site scripting")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("a",{parentName:"li",href:"https://www.imperva.com/learn/application-security/man-in-the-middle-attack-mitm/"},"Man in the middle (MITM) attack"))))}c.isMDXComponent=!0}}]);
Reference in New Issue View Git Blame Copy Permalink