开发者

Is there any benefit to cryptically naming your form fields?

开发者 https://www.devze.com 2023-03-31 14:02 出处：网络

Is there any security benefit to using cryptic names for your form fields like so: if (isset($_POST[\'submit_jw58dplem42pd45r\'])){$submit = $_POST[\"submit_jw58dplem42pd45r\"];} else {$submit =\"\";

相关专题：forms

Is there any security benefit to using cryptic names for your form fields like so:

if (isset($_POST['submit_jw58dplem42pd45r'])){$submit = $_POST["submit_jw58dplem42pd45r"];} else {$submit ="";}
if (isset($_POST['txt_textbox_f48yjdp429plwdhp'])){$txt_textbox = $_POST["txt_textbox_f48yjdp429plwdhp"];} else {$txt_textbox ="";}

if ($submit=="submi开发者_运维技巧t"){

echo "$txt_textbox";

}

echo "<form method='post'>" 
. "<input type='text' name='txt_textbox_f48yjdp429plwdhp' size='45' maxlength='45'       value='Text Value Here'>" 
. "<input type='hidden' name='submit_jw58dplem42pd45r' value='submit'>" 
. "<input type='submit' value=' Submit '>" 
. "</form>";

No.

Security through obfuscation doesn't work, in this case there's absolutely no benefit whatsoever, you're just complicating things for no reason. The sites visitors still need to know what information to input, those indicators would be trivial to find using a bot (not that they are needed).