Ulwazi Lokubhalwa Kwendawo Yesiphambano

Leli khasi liqukethe ulwazi mayelana nenkinga yezokuphepha ye-Cross Site Scripting, ukuthi iyithinta kanjani i-Apache ngokwayo, nokuthi ungayivikela kanjani ngokufanelekile uma usebenzisa ubuchwepheshe obuhlobene ne-Apache.

Ukuze uthole ukwaziswa okwengeziwe, sicela ubheke i-CERT Advisory CA-2000-02 ekhishwe ngalolu daba. Kufanele futhi ubuyekeze okuhlobene Ukuqonda Ukunciphisa Okuqukethwe Okunonya Konjiniyela Bewebhu Idokhumenti yamathiphu ezobuchwepheshe. Ukwelulekwa kwe-CERT kuphinde kube nezixhumanisi zemibhalo eminingi iMicrosoft eyibeke odabeni okufanele ibuyekezwe uma le nkinga ikuthinta. Ulwazi oluqukethwe kule mibhalo ngeke luphindwe lapha; lolu lwazi luthatha ngokuthi ufunde le mibhalo futhi ujwayelene nenkinga

Sithanda ukugcizelela ukuthi lokhu akukona ukuhlasela kunoma yisiphi isiphazamisi kucezu oluthile lwesofthiwe. Akuyona inkinga ye-Apache. Akuyona inkinga ye-Microsoft. Akuyona inkinga ye-Netscape. Eqinisweni, akuyona ngisho inkinga engachazwa ngokucacile ukuthi inkinga yeseva noma inkinga yeklayenti. Kuyindaba eyinkundla ephambene ngempela futhi ingumphumela wokusebenzelana okungalindelekile nokungalindelekile phakathi kwezingxenye ezihlukahlukene zeqoqo lezinhlelo eziyinkimbinkimbi ezixhumene.

Kunezimbungulu ezithile kuhlu olubanzi lwemikhiqizo yeseva yewebhu, okuhlanganisa i-Apache, evumela noma enomthelela ekuxhashazweni kwale nkinga yezokuphepha. Lezi zinambuzane akufanele zibe khona futhi zidinga ukulungiswa. Kodwa kubalulekile ukuqaphela ukuthi lokhu kuyingxenye encane yenkinga ephelele. Inkinga ebucayi kakhulu ikuwo wonke amakhodi esayithi akhiqiza okuqukethwe okuguquguqukayo. Sikulethela lolu lwazi ukuze sikufundise ngezindaba ezitholwe ku-Apache ezihlobene nale nkinga yezokuphepha kodwa, okubaluleke nakakhulu, sikusize ukukufundisa ukuthi lokhu kungaba nomthelela kanjani ekhodi yakho yendawo ethuthukiswe kusetshenziswa ubuchwepheshe obuhlobene ne-Apache nokuthi uwenza kanjani. angayilungisa

Asikho "ichashazi legolide"iseva noma abathengisi beklayenti abangasikhulula esizolungisa le nkinga ngomlingo kuwo wonke amaseva ewebhu noma amaklayenti asebenzisa lowo mkhiqizo.


Sithanda futhi ukuveza ukuthi kubalulekile ukuqonda ukuthi lena akuyona indaba endala, eyaziwa kahle, ukuthi uma isayithi livumela umsebenzisi A ukuthi athumele okuqukethwe okubukwa umsebenzisi B, kufanele kufakwe ikhodi ngendlela efanele. Lokhu kuba sengcupheni yilapho okuqukethwe kuhanjiswa futhi kubukwa umsebenzisi u-A ngokuqinile. Ngenxa yobunzima bokukhipha ikhodi ngokufanelekile kuzo zonke izimo, amasayithi amaningi awakhathazeki ngedatha yombhalo wekhodi eboniswa kuphela kumsebenzisi othumele idatha esicelweni sakhe. ngenxa yokuqagela okuyiphutha ukuthi lokhu akulona usongo lokuphepha

Ingabe lokhu kuthinta iwebhusayithi yami?

Lena inkinga yezokuphepha ebucayi, enemithelela engaba khona eseyaqala ukuqondwa. Kodwa-ke, kubalulekile ukuqaphela ukuthi le nkinga ayivezi noma iyiphi indlela yokungena kuseva ngokwayo. Okukuvumelayo ukuthi abahlaseli abanonya bakwazi ukulawula ukusebenzisana phakathi komsebenzisi newebhusayithi. Uma iwebhusayithi yakho iqukethe izinto ezimile ngokuphelele nalo lonke ulwazi olufinyelelekayo, umhlaseli angathola okuncane kakhulu ngokuthatha lokhu kusebenzisana. Kungenzeka ukuthi into ebucayi umhlaseli angayenza kulesi simo ukushintsha indlela ikhasi elibonakala ngayo kumsebenzisi othile.

Amasayithi lapho lokhu kubeka khona ingozi enkulu kakhulu amasayithi lapho abasebenzisi banohlobo oluthile lwe-akhawunti noma ukungena ngemvume nalapho bengenza khona izenzo ngemiphumela yomhlaba wangempela noma ukufinyelela idatha okungafanele itholakale. Le nkinga yezokuphepha ibeka engcupheni enkulu kumasayithi anjalo; akudingekile ukungena kuseva ukuze ulawule isayithi uma esikhundleni salokho ungathola ukufinyelela ekupheleni komsebenzisi

Kulungile, luphi ulwazi oluhlobene ne-Apache?
âÃÂâ I-Apache 1.3.12, ehlinzeka ngokuvikeleka okuthile kuzimo ezithile zale nkinga

âÃÂâ Isiqephu esindala se-Apache ngokumelene ne-1.3.11 esibhekane nezinkinga ezaziwayo kuleyo nguqulo ye-Apache

âÃÂâ Ikhasi lezibonelo zokufaka ikhodi, elichaza ukuthi ungabhala kanjani kahle okukhiphayo kwakho ukuze uvikeleke kule nkinga usebenzisa ubuchwepheshe obujwayelekile obuhlobene ne-Apache, obufana namamojula we-Apache, i-Perl, ne-PHP

Asilindele ukuthi leli kube yizwi lokugcina ezindleleni zokuxhaphaza le nkinga. Kungenzeka ukuthi kuzoba nezinguquko eziningi ku-Apache ngokuzayo ukusiza abasebenzisi ukubhekana nalolu daba, noma ngabe zingasekho iziphazamisi ezitholakala ku-Apache uqobo. Nakuba sinikeza ulwazi oluningi oludingekayo ukuze amasayithi azivikele kulolu hlobo lokuhlasela, kusenezinkinga eziningi ezivulekile ezihlobene nalolu daba.

Siyaqaphela ukuthi lena inkinga eyinkimbinkimbi futhi silindele ukubuyekeza lawa makhasi ukuze achaze izinkinga nezilungiso ngokujula okwengeziwe njengoba isikhathi sivuma.

Kungani igama elithi "Cross Site Scripting"?

Le nkinga ayigcini nje ngokubhala, futhi asikho isidingo sokuthi kube nesiphambano ngakho. Ngakho kungani igama? Yaqanjwa ekuqaleni lapho inkinga ingaqondakali kahle, futhi yanamathela. Ngikholwe, siye saba nezinto ezibaluleke kakhulu okufanele sizenze kunokucabanga ngegama elingcono.


Ungathumela noma yikuphi ukuphawula noma iziphakamiso mayelana naleli sethi yamakhasi [email protected]. Qaphela ukuthi angikwazi ukuphendula imibuzo noma izicelo zosizo, ngakho-ke uma kuyilokho osuzokuthumela ngakho ngicela uzisindise umzamo.