PHP Security-balancing risk and availability

Balancing risk and availability

The friendliness of user actions and security measures is a contradiction, while increasing security often reduces usability. When you write code for illogical users, you have to take into account the normal user who is logical. It's hard to get the right balance, but you have to do it and no one can replace you because it's your software.

Try to make the security measures transparent to the user so that they do not feel the existence of it. If it is impossible, try to use the user more common and familiar ways to do. For example, it is a good way for a user to enter a user name and password before they access the controlled information or service.

When you suspect that there may be illegal operations, you must be aware that you may be borrowing. For example, if the system is in doubt about the user's identity when the user is operating, it is usually used to let the user enter the password again. This is only a slight inconvenience for legitimate users, and bastion for attackers. Technically, this is the same as prompting the user to re-login, but in the user experience, there is a world of difference.

There is no need to kick users out of the system and accuse them of being a so-called attacker. When you make a mistake, these processes can greatly reduce the usability of the system, and errors are unavoidable.

In this book, I highlight transparent and commonly used security measures, and I recommend that you respond with caution and wisdom to suspected attacks.

The above is the PHP security-balance risk and usability content, more relevant content please pay attention to topic.alibabacloud.com (www.php.cn)!

