锘??xml version="1.0" encoding="utf-8" standalone="yes"?>三国杀天梯:BlogJava - 4399三国杀ol官网|三国杀传奇武将//www.lmlez.icu/hello-yun/蹇箰鎴愰暱zh-cnMon, 14 Oct 2019 13:57:44 GMTMon, 14 Oct 2019 13:57:44 GMT60鏀跺綍錛氫竴涓ц兘杈冨ソ鐨刯vm鍙傛暟閰嶇疆浠ュ強jvm鐨勭畝浠?/title><link>//www.lmlez.icu/hello-yun/archive/2015/07/19/426314.html</link><dc:creator>浜戜簯</dc:creator><author>浜戜簯</author><pubDate>Sun, 19 Jul 2015 14:57:00 GMT</pubDate><guid>//www.lmlez.icu/hello-yun/archive/2015/07/19/426314.html</guid><wfw:comment>//www.lmlez.icu/hello-yun/comments/426314.html</wfw:comment><comments>//www.lmlez.icu/hello-yun/archive/2015/07/19/426314.html#Feedback</comments><slash:comments>0</slash:comments><wfw:commentRss>//www.lmlez.icu/hello-yun/comments/commentRss/426314.html</wfw:commentRss><trackback:ping>//www.lmlez.icu/hello-yun/services/trackbacks/426314.html</trackback:ping><description><![CDATA[杞嚜錛//blog.csdn.net/jeffreynicole/article/details/46953059 <br /><br /><br /><p style="margin: 0px; padding: 0px; color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;">涓涓ц兘杈冨ソ鐨剋eb鏈嶅姟鍣╦vm鍙傛暟閰嶇疆錛?/p><p style="margin: 0px; padding: 0px; color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;"><br /></p><p style="margin: 0px; padding: 0px; color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;"></p><div bg_plain"="" style="width: 938.515625px; overflow: hidden; border-color: #cccccc; color: #555555; line-height: 35px;"><div class="znkp"><div class="znkp"><strong class="znkp">[plain]</strong> <a title="view plain" style="padding: 1px; color: #0c89cf; display: inline-block; width: 16px; height: 16px; text-indent: -2000px; background-image: url(//static.blog.csdn.net/scripts/SyntaxHighlighter/styles/images/default/ico_plain.gif); background-position: 0% 0%; background-repeat: no-repeat;">view plain</a><a title="copy" style="padding: 1px; color: #0c89cf; display: inline-block; width: 16px; height: 16px; text-indent: -2000px; background-image: url(//static.blog.csdn.net/scripts/SyntaxHighlighter/styles/images/default/ico_copy.gif); background-position: 0% 0%; background-repeat: no-repeat;">copy</a><div style="position: absolute; left: 472px; top: 696px; width: 18px; height: 18px; z-index: 99;"></div></div></div><ol start="1"><li style="line-height: 18px;">-server //鏈嶅姟鍣ㄦā寮?nbsp; </li><li style="line-height: 18px;">-Xmx2g //JVM鏈澶у厑璁稿垎閰嶇殑鍫嗗唴瀛橈紝鎸夐渶鍒嗛厤  </li><li style="line-height: 18px;">-Xms2g //JVM鍒濆鍒嗛厤鐨勫爢鍐呭瓨錛屼竴鑸拰Xmx閰嶇疆鎴愪竴鏍蜂互閬垮厤姣忔gc鍚嶫VM閲嶆柊鍒嗛厤鍐呭瓨銆?nbsp; </li><li style="line-height: 18px;">-Xmn256m //騫磋交浠e唴瀛樺ぇ灝忥紝鏁翠釜JVM鍐呭瓨=騫磋交浠?nbsp;+ 騫磋佷唬 + 鎸佷箙浠?nbsp; </li><li style="line-height: 18px;">-XX:PermSize=128m //鎸佷箙浠e唴瀛樺ぇ灝?nbsp; </li><li style="line-height: 18px;">-Xss256k //璁劇疆姣忎釜綰跨▼鐨勫爢鏍堝ぇ灝?nbsp; </li><li style="line-height: 18px;">-XX:+DisableExplicitGC //蹇界暐鎵嬪姩璋冪敤GC, System.gc()鐨勮皟鐢ㄥ氨浼氬彉鎴愪竴涓┖璋冪敤錛屽畬鍏ㄤ笉瑙﹀彂GC  </li><li style="line-height: 18px;">-XX:+UseConcMarkSweepGC //騫跺彂鏍囪娓呴櫎錛圕MS錛夋敹闆嗗櫒  </li><li style="line-height: 18px;">-XX:+CMSParallelRemarkEnabled //闄嶄綆鏍囪鍋滈】  </li><li style="line-height: 18px;">-XX:+UseCMSCompactAtFullCollection //鍦‵ULL GC鐨勬椂鍊欏騫磋佷唬鐨勫帇緙?nbsp; </li><li style="line-height: 18px;">-XX:LargePageSizeInBytes=128m //鍐呭瓨欏電殑澶у皬  </li><li style="line-height: 18px;">-XX:+UseFastAccessorMethods //鍘熷綾誨瀷鐨勫揩閫熶紭鍖?nbsp; </li><li style="line-height: 18px;">-XX:+UseCMSInitiatingOccupancyOnly //浣跨敤鎵嬪姩瀹氫箟鍒濆鍖栧畾涔夊紑濮婥MS鏀墮泦  </li><li style="line-height: 18px;">-XX:CMSInitiatingOccupancyFraction=70 //浣跨敤cms浣滀負鍨冨溇鍥炴敹浣跨敤70錛呭悗寮濮婥MS鏀墮泦  </li></ol></div><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><p style="margin: 0px; padding: 0px; color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;"></p><span style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;">璇存槑錛?/span><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><p style="margin: 0px; padding: 0px; color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;">-Xmn鍜?Xmx涔嬫瘮澶ф鏄?:9錛屽鏋滄妸鏂扮敓浠e唴瀛樿緗緱澶ぇ浼氬鑷磞oung gc鏃墮棿杈冮暱</p><p style="margin: 0px; padding: 0px; color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;">涓涓ソ鐨刉eb緋葷粺搴旇鏄瘡嬈ttp璇鋒眰鐢寵鍐呭瓨閮借兘鍦▂oung gc鍥炴敹鎺夛紝full gc姘鎬笉鍙戠敓錛屽綋鐒惰繖鏄渶鐞嗘兂鐨勬儏鍐?/p><p style="margin: 0px; padding: 0px; color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;">xmn鐨勫煎簲璇ユ槸淇濊瘉澶熺敤錛堝http騫跺彂璇鋒眰涔嬬敤錛夌殑鍓嶆彁涓嬭緗緱灝介噺灝?/p><p style="margin: 0px; padding: 0px; color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;">web鏈嶅姟鍣ㄥ拰娓告垙鏈嶅姟鍣ㄧ殑閰嶇疆鎬濊礬涓嶅お涓鏍鳳紝鏈閲嶈鐨勫尯鍒槸瀵規父鎴忔湇鍔″櫒鐨剎mn鍗沖勾杞諱唬璁劇疆姣旇緝澶э紝鍜孹mx澶ф1:3鐨勫叧緋伙紝鍥犱負娓告垙鏈嶅姟鍣ㄤ竴鑸槸闀胯繛鎺ワ紝鍦ㄤ繚鎸佷竴瀹氱殑騫跺彂閲忓悗闇瑕佽緝澶х殑騫磋交浠e爢鍐呭瓨錛屽鏋滆緗緱澶у皬浜嗕細緇忓父寮曞彂young gc</p><p style="margin: 0px; padding: 0px; color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;"><br /></p><p style="margin: 0px; padding: 0px; color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;"></p><ul style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;"><li class="znkp">瀵笿VM鐨勭畝浠?/li></ul><p style="margin: 0px; padding: 0px; color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;"></p><p style="margin: 0px; padding: 0px; color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;"><img src="//img.blog.csdn.net/20150719105526584?watermark/2/text/aHR0cDovL2Jsb2cuY3Nkbi5uZXQv/font/5a6L5L2T/fontsize/400/fill/I0JBQkFCMA==/dissolve/70/gravity/Center" alt="" style="border: none; max-width: 602px; height: auto;" /><br /></p><p style="margin: 0px; padding: 0px; color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;">鐢變笂鍥懼彲浠ョ湅鍑簀vm鍫嗗唴瀛樼殑鍒嗙被鎯呭喌錛孞VM鍐呭瓨琚垎鎴愬涓嫭绔嬬殑閮ㄥ垎銆?br />騫挎硾鍦拌錛孞VM鍫嗗唴瀛樿鍒嗕負涓ら儴鍒?#8212;—騫磋交浠o紙Young Generation錛夊拰鑰佸勾浠o紙Old Generation錛夈?br /><br /><br /></p><ul style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;"><li class="znkp"><strong class="znkp">騫磋交浠?/strong></li></ul><span style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;">騫磋交浠f槸鎵鏈夋柊瀵硅薄浜х敓鐨勫湴鏂廣傚綋騫磋交浠e唴瀛樼┖闂磋鐢ㄥ畬鏃訛紝灝變細瑙﹀彂鍨冨溇鍥炴敹銆傝繖涓瀮鍦懼洖鏀跺彨鍋歁inor GC銆傚勾杞諱唬琚垎涓?涓儴鍒?#8212;—Enden鍖哄拰涓や釜Survivor鍖恒?/span><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><strong style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;">騫磋交浠g┖闂寸殑瑕佺偣錛?/strong><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><span style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;">澶у鏁版柊寤虹殑瀵硅薄閮戒綅浜嶦den鍖恒?/span><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><span style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;">褰揈den鍖鴻瀵硅薄濉弧鏃訛紝灝變細鎵цMinor GC銆傚茍鎶婃墍鏈夊瓨媧諱笅鏉ョ殑瀵硅薄杞Щ鍒板叾涓竴涓猻urvivor鍖恒?/span><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><span style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;">Minor GC鍚屾牱浼氭鏌ュ瓨媧諱笅鏉ョ殑瀵硅薄錛屽茍鎶婂畠浠漿縐誨埌鍙︿竴涓猻urvivor鍖恒傝繖鏍峰湪涓孌墊椂闂村唴錛屾諱細鏈変竴涓┖鐨剆urvivor鍖恒?/span><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><span style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;">緇忚繃澶氭GC鍛ㄦ湡鍚庯紝浠嶇劧瀛樻椿涓嬫潵鐨勫璞′細琚漿縐誨埌騫磋佷唬鍐呭瓨絀洪棿銆傞氬父榪欐槸鍦ㄥ勾杞諱唬鏈夎祫鏍兼彁鍗囧埌騫磋佷唬鍓嶉氳繃璁懼畾騫撮緞闃堝兼潵瀹屾垚鐨勩?/span><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><strong style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;"><br /></strong><p style="margin: 0px; padding: 0px; color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;"></p><p style="margin: 0px; padding: 0px; color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;"></p><ul style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;"><li class="znkp"><strong class="znkp">騫磋佷唬</strong></li></ul><span style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;">騫磋佷唬鍐呭瓨閲屽寘鍚簡闀挎湡瀛樻椿鐨勫璞″拰緇忚繃澶氭Minor GC鍚庝緷鐒跺瓨媧諱笅鏉ョ殑瀵硅薄銆傞氬父浼氬湪鑰佸勾浠e唴瀛樿鍗犳弧鏃惰繘琛屽瀮鍦懼洖鏀躲傝佸勾浠g殑鍨冨溇鏀墮泦鍙仛Major GC銆侻ajor GC浼氳姳璐規洿澶氱殑鏃墮棿銆?/span><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><strong style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;">Stop the World浜嬩歡</strong><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><span style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;">鎵鏈夌殑鍨冨溇鏀墮泦閮芥槸“Stop the World”浜嬩歡錛屽洜涓烘墍鏈夌殑搴旂敤綰跨▼閮戒細鍋滀笅鏉ョ洿鍒版搷浣滃畬鎴愶紙鎵浠ュ彨“Stop the World”錛夈?/span><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><span style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;">鍥犱負騫磋交浠i噷鐨勫璞¢兘鏄竴浜涗復鏃訛紙short-lived 錛夊璞★紝鎵цMinor GC闈炲父蹇紝鎵浠ュ簲鐢ㄤ笉浼氬彈鍒幫紙“Stop the World”錛夊獎鍝嶃?/span><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><span style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;">鐢變簬Major GC浼氭鏌ユ墍鏈夊瓨媧葷殑瀵硅薄錛屽洜姝や細鑺辮垂鏇撮暱鐨勬椂闂淬傚簲璇ュ敖閲忓噺灝慚ajor GC銆傚洜涓篗ajor GC浼氬湪鍨冨溇鍥炴敹鏈熼棿璁╀綘鐨勫簲鐢ㄥ弽搴旇繜閽濓紝鎵浠ュ鏋滀綘鏈変竴涓渶瑕佸揩閫熷搷搴旂殑搴旂敤鍙戠敓澶氭Major GC錛屼綘浼氱湅鍒拌秴鏃墮敊璇?/span><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><span style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;">鍨冨溇鍥炴敹鏃墮棿鍙栧喅浜庡瀮鍦懼洖鏀剁瓥鐣ャ傝繖灝辨槸涓轟粈涔堟湁蹇呰鍘葷洃鎺у瀮鍦炬敹闆嗗拰瀵瑰瀮鍦炬敹闆嗚繘琛岃皟浼樸備粠鑰岄伩鍏嶈姹傚揩閫熷搷搴旂殑搴旂敤鍑虹幇瓚呮椂閿欒銆?/span><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><ul style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;"><li class="znkp"><strong class="znkp">姘鎬箙浠?/strong></li></ul><span style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;">姘鎬箙浠f垨鑰?#8220;Perm Gen”鍖呭惈浜咼VM闇瑕佺殑搴旂敤鍏冩暟鎹紝榪欎簺鍏冩暟鎹弿榪頒簡鍦ㄥ簲鐢ㄩ噷浣跨敤鐨勭被鍜屾柟娉曘傛敞鎰忥紝姘鎬箙浠d笉鏄疛ava鍫嗗唴瀛樼殑涓閮ㄥ垎銆?/span><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><span style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;">姘鎬箙浠e瓨鏀綣VM榪愯鏃朵嬌鐢ㄧ殑綾匯傛案涔呬唬鍚屾牱鍖呭惈浜咼ava SE搴撶殑綾誨拰鏂規硶銆傛案涔呬唬鐨勫璞″湪full GC鏃惰繘琛屽瀮鍦炬敹闆嗐?/span><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><strong style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;">鏂規硶鍖?/strong><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><span style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;">鏂規硶鍖烘槸姘鎬箙浠g┖闂寸殑涓閮ㄥ垎錛屽茍鐢ㄦ潵瀛樺偍綾誨瀷淇℃伅錛堣繍琛屾椂甯擱噺鍜岄潤鎬佸彉閲忥級鍜屾柟娉曚唬鐮佸拰鏋勯犲嚱鏁頒唬鐮併?/span><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><strong style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;">鍐呭瓨姹?/strong><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><span style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;">濡傛灉JVM瀹炵幇鏀寔錛孞VM鍐呭瓨綆$悊浼氫負鍒涘緩鍐呭瓨姹狅紝鐢ㄦ潵涓轟笉鍙樺璞″垱寤哄璞℃睜銆傚瓧絎︿覆姹犲氨鏄唴瀛樻睜綾誨瀷鐨勪竴涓緢濂界殑渚嬪瓙銆傚唴瀛樻睜鍙互灞炰簬鍫嗘垨鑰呮案涔呬唬錛岃繖鍙栧喅浜嶫VM鍐呭瓨綆$悊鐨勫疄鐜般?/span><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><strong style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;">榪愯鏃跺父閲忔睜</strong><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><span style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;">榪愯鏃跺父閲忔睜鏄瘡涓被甯擱噺姹犵殑榪愯鏃朵唬琛ㄣ傚畠鍖呭惈浜嗙被鐨勮繍琛屾椂甯擱噺鍜岄潤鎬佹柟娉曘傝繍琛屾椂甯擱噺姹犳槸鏂規硶鍖虹殑涓閮ㄥ垎銆?/span><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><strong style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;">Java鏍堝唴瀛?/strong><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><span style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;">Java鏍堝唴瀛樼敤浜庤繍琛岀嚎紼嬨傚畠浠寘鍚簡鏂規硶閲岀殑涓存椂鏁版嵁銆佸爢閲屽叾瀹冨璞″紩鐢ㄧ殑鐗瑰畾鏁版嵁銆?/span><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><strong style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;">Java鍨冨溇鍥炴敹</strong><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><span style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;">Java鍨冨溇鍥炴敹浼氭壘鍑烘病鐢ㄧ殑瀵硅薄錛屾妸瀹冧粠鍐呭瓨涓Щ闄ゅ茍閲婃斁鍑哄唴瀛樼粰浠ュ悗鍒涘緩鐨勫璞′嬌鐢ㄣ侸ava紼嬪簭璇█涓殑涓涓渶澶т紭鐐規槸鑷姩鍨冨溇鍥炴敹錛屼笉鍍忓叾浠栫殑紼嬪簭璇█閭f牱闇瑕佹墜鍔ㄥ垎閰嶅拰閲婃斁鍐呭瓨錛屾瘮濡侰璇█銆?/span><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><span style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;">鍨冨溇鏀墮泦鍣ㄦ槸涓涓悗鍙拌繍琛岀▼搴忋傚畠綆$悊鐫鍐呭瓨涓殑鎵鏈夊璞″茍鎵懼嚭娌¤寮曠敤鐨勫璞°傛墍鏈夌殑榪欎簺鏈紩鐢ㄧ殑瀵硅薄閮戒細琚垹闄わ紝鍥炴敹瀹冧滑鐨勭┖闂村茍鍒嗛厤緇欏叾浠栧璞°?/span><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><span style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;">涓涓熀鏈殑鍨冨溇鍥炴敹榪囩▼娑夊強涓変釜姝ラ錛?/span><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><span style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;">鏍囪錛氳繖鏄涓姝ャ傚湪榪欎竴姝ワ紝鍨冨溇鏀墮泦鍣ㄤ細鎵懼嚭鍝簺瀵硅薄姝e湪浣跨敤鍜屽摢浜涘璞′笉鍦ㄤ嬌鐢ㄣ?/span><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><span style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;">姝e父娓呴櫎錛氬瀮鍦炬敹闆嗗櫒娓呬細闄や笉鍦ㄤ嬌鐢ㄧ殑瀵硅薄錛屽洖鏀跺畠浠殑絀洪棿鍒嗛厤緇欏叾浠栧璞°?/span><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><span style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;">鍘嬬緝娓呴櫎錛氫負浜嗘彁鍗囨ц兘錛屽帇緙╂竻闄や細鍦ㄥ垹闄ゆ病鐢ㄧ殑瀵硅薄鍚庯紝鎶婃墍鏈夊瓨媧葷殑瀵硅薄縐誨埌涓璧楓傝繖鏍峰彲浠ユ彁楂樺垎閰嶆柊瀵硅薄鐨勬晥鐜囥?/span><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><span style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;">綆鍗曟爣璁板拰娓呴櫎鏂規硶瀛樺湪涓や釜闂錛?/span><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><span style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;">鏁堢巼寰堜綆銆傚洜涓哄ぇ澶氭暟鏂板緩瀵硅薄閮戒細鎴愪負“娌$敤瀵硅薄”銆?/span><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><span style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;">緇忚繃澶氭鍨冨溇鍥炴敹鍛ㄦ湡鐨勫璞″緢鏈夊彲鑳藉湪浠ュ悗鐨勫懆鏈熶篃浼氬瓨媧諱笅鏉ャ?/span><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><span style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;">涓婇潰綆鍗曟竻闄ゆ柟娉曠殑闂鍦ㄤ簬Java鍨冨溇鏀墮泦鐨勫垎浠e洖鏀剁殑錛岃屼笖鍦ㄥ爢鍐呭瓨閲屾湁騫磋交浠e拰騫磋佷唬涓や釜鍖哄煙銆?/span><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><br style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;" /><ul style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;"><li class="znkp"><strong class="znkp">Java鍨冨溇鍥炴敹綾誨瀷</strong></li></ul><span style="color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;">榪欓噷鏈変簲縐嶅彲浠ュ湪搴旂敤閲屼嬌鐢ㄧ殑鍨冨溇鍥炴敹綾誨瀷銆?/span><p style="margin: 0px; padding: 0px; color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;"></p><p style="margin: 0px; padding: 0px; color: #555555; font-family: 'microsoft yahei'; font-size: 15px; line-height: 35px; background-color: #ffffff;">浠呴渶瑕佷嬌鐢↗VM寮鍏沖氨鍙互鍦ㄦ垜浠殑搴旂敤閲屽惎鐢ㄥ瀮鍦懼洖鏀剁瓥鐣ャ?br /><br /><strong class="znkp">Serial GC錛?XX:+UseSerialGC錛?/strong>錛歋erial GC浣跨敤綆鍗曠殑鏍囪銆佹竻闄ゃ佸帇緙╂柟娉曞騫磋交浠e拰騫磋佷唬榪涜鍨冨溇鍥炴敹錛屽嵆Minor GC鍜孧ajor GC銆係erial GC鍦╟lient妯″紡錛堝鎴風妯″紡錛夊緢鏈夌敤錛屾瘮濡傚湪綆鍗曠殑鐙珛搴旂敤鍜孋PU閰嶇疆杈冧綆鐨勬満鍣ㄣ傝繖涓ā寮忓鍗犳湁鍐呭瓨杈冨皯鐨勫簲鐢ㄥ緢綆$敤銆?br /><strong class="znkp">Parallel GC錛?XX:+UseParallelGC錛?/strong>錛氶櫎浜嗕細浜х敓N涓嚎紼嬫潵榪涜騫磋交浠g殑鍨冨溇鏀墮泦澶栵紝Parallel GC鍜孲erial GC鍑犱箮涓鏍楓傝繖閲岀殑N鏄郴緇烠PU鐨勬牳鏁般傛垜浠彲浠ヤ嬌鐢?-XX:ParallelGCThreads=n 榪欎釜JVM閫夐」鏉ユ帶鍒剁嚎紼嬫暟閲忋傚茍琛屽瀮鍦炬敹闆嗗櫒涔熷彨throughput鏀墮泦鍣ㄣ傚洜涓哄畠浣跨敤浜嗗CPU鍔犲揩鍨冨溇鍥炴敹鎬ц兘銆侾arallel GC鍦ㄨ繘琛屽勾鑰佷唬鍨冨溇鏀墮泦鏃朵嬌鐢ㄥ崟綰跨▼銆?br /><strong class="znkp">Parallel Old GC錛?XX:+UseParallelOldGC錛?/strong>錛氬拰Parallel GC涓鏍楓備笉鍚屼箣澶勶紝Parallel Old GC鍦ㄥ勾杞諱唬鍨冨溇鏀墮泦鍜屽勾鑰佷唬鍨冨溇鍥炴敹鏃墮兘浣跨敤澶氱嚎紼嬫敹闆嗐?br /><strong class="znkp">騫跺彂鏍囪娓呴櫎錛圕MS錛夋敹闆嗗櫒錛?XX:+UseConcMarkSweepGC)</strong>錛欳MS鏀墮泦鍣ㄤ篃琚О涓虹煭鏆傚仠欏垮茍鍙戞敹闆嗗櫒銆傚畠鏄騫磋佷唬榪涜鍨冨溇鏀墮泦鐨勩侰MS鏀墮泦鍣ㄩ氳繃澶氱嚎紼嬪茍鍙戣繘琛屽瀮鍦懼洖鏀訛紝灝介噺鍑忓皯鍨冨溇鏀墮泦閫犳垚鐨勫仠欏褲侰MS鏀墮泦鍣ㄥ騫磋交浠h繘琛屽瀮鍦懼洖鏀朵嬌鐢ㄧ殑綆楁硶鍜孭arallel鏀墮泦鍣ㄤ竴鏍楓傝繖涓瀮鍦炬敹闆嗗櫒閫傜敤浜庝笉鑳藉繊鍙楅暱鏃墮棿鍋滈】瑕佹眰蹇熷搷搴旂殑搴旂敤銆傚彲浣跨敤 -XX:ParallelCMSThreads=n JVM閫夐」鏉ラ檺鍒禖MS鏀墮泦鍣ㄧ殑綰跨▼鏁伴噺銆?br /><strong class="znkp">G1鍨冨溇鏀墮泦鍣紙-XX:+UseG1GC) G1錛圙arbage First錛?/strong>錛氬瀮鍦炬敹闆嗗櫒鏄湪Java 7鍚庢墠鍙互浣跨敤鐨勭壒鎬э紝瀹冪殑闀胯繙鐩爣鏃朵唬鏇緾MS鏀墮泦鍣ㄣ侴1鏀墮泦鍣ㄦ槸涓涓茍琛岀殑銆佸茍鍙戠殑鍜屽閲忓紡鍘嬬緝鐭殏鍋滈】鐨勫瀮鍦炬敹闆嗗櫒銆侴1鏀墮泦鍣ㄥ拰鍏朵粬鐨勬敹闆嗗櫒榪愯鏂瑰紡涓嶄竴鏍鳳紝涓嶅尯鍒嗗勾杞諱唬鍜屽勾鑰佷唬絀洪棿銆傚畠鎶婂爢絀洪棿鍒掑垎涓哄涓ぇ灝忕浉絳夌殑鍖哄煙銆傚綋榪涜鍨冨溇鏀墮泦鏃訛紝瀹冧細浼樺厛鏀墮泦瀛樻椿瀵硅薄杈冨皯鐨勫尯鍩燂紝鍥犳鍙?#8220;Garbage First”銆?/p><img src ="//www.lmlez.icu/hello-yun/aggbug/426314.html" width = "1" height = "1" /><br><br><div align=right><a style="text-decoration:none;" href="//www.lmlez.icu/hello-yun/" target="_blank">浜戜簯</a> 2015-07-19 22:57 <a href="//www.lmlez.icu/hello-yun/archive/2015/07/19/426314.html#Feedback" target="_blank" style="text-decoration:none;">鍙戣〃璇勮</a></div>]]></description></item><item><title>linux 緋誨垪 - 4399三国杀ol官网|三国杀传奇武将//www.lmlez.icu/hello-yun/archive/2014/09/28/418366.html浜戜簯浜戜簯Sun, 28 Sep 2014 15:45:00 GMT//www.lmlez.icu/hello-yun/archive/2014/09/28/418366.html//www.lmlez.icu/fancydeepin/archive/2014/09/28/linux.html

17錛巙buntu 闃茬伀澧?/a>
16錛巙buntu 寮鍚?ssh 鏈嶅姟
15錛巙buntu jdk 瀹夎涓庨厤緗?/a>
14錛巙buntu tomcat 瀹夎涓庨厤緗?/a>
13錛巙buntu mysql 瀹夎
12錛巙buntu root 鍜?user 鐢ㄦ埛鍒囨崲
11錛巐inux more 鍛戒護
10錛巐inux tar 鍛戒護
09錛巐inux chmod 鍛戒護
08錛巐inux touch 鍛戒護
07錛巐inux cat 鍛戒護
06錛巐inux mv 鍛戒護
05錛巐inux rm 鍛戒護
04錛巐inux cp 鍛戒護
03錛巐inux mkdir 鍛戒護
02錛巐inux cd 鍛戒護
01錛巐inux ls 鍛戒護

浜戜簯 2014-09-28 23:45 鍙戣〃璇勮
]]>
Java鍔ㄦ佷唬鐞嗘満鍒惰瑙o紙JDK 鍜孋GLIB錛孞avassist錛孉SM錛塠杞琞 - 4399三国杀ol官网|三国杀传奇武将//www.lmlez.icu/hello-yun/archive/2014/09/28/418365.html浜戜簯浜戜簯Sun, 28 Sep 2014 15:44:00 GMT//www.lmlez.icu/hello-yun/archive/2014/09/28/418365.html闃呰鍏ㄦ枃

浜戜簯 2014-09-28 23:44 鍙戣〃璇勮
]]>
鍚庡彴 xss 鎺у埗 - 4399三国杀ol官网|三国杀传奇武将//www.lmlez.icu/hello-yun/archive/2014/09/28/418353.html浜戜簯浜戜簯Sun, 28 Sep 2014 05:49:00 GMT//www.lmlez.icu/hello-yun/archive/2014/09/28/418353.html//www.lmlez.icu/hello-yun/comments/418353.html//www.lmlez.icu/hello-yun/archive/2014/09/28/418353.html#Feedback0//www.lmlez.icu/hello-yun/comments/commentRss/418353.html//www.lmlez.icu/hello-yun/services/trackbacks/418353.html 
package com.qiyi.appstore.util;
import java.lang.reflect.Field;
import java.lang.reflect.InvocationTargetException;
import org.apache.commons.beanutils.BeanUtils;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.qiyi.appstore.exception.AppStoreException;
import com.qiyi.cloud.user.ApiCode;
public class XssUtils {
private static final Logger logger=LoggerFactory.getLogger(XssUtils.class);
public static String getSafeStringXSS(String s){
      if (StringUtils.isBlank(s)) {  
          return s;  
      }  
      StringBuilder sb = new StringBuilder(s.length() + 16);  
      for (int i = 0; i < s.length(); i++) {  
          char c = s.charAt(i);  
          switch (c) {  
          case '<':  
              sb.append("&lt;");  
              break; 
          case '>':  
              sb.append("&gt;");  
              break;  
          case '\'':  
              sb.append("&prime;");// &acute;");  
              break;  
          case '′':  
              sb.append("&prime;");// &acute;");  
              break;  
          case '\"':  
              sb.append("&quot;");  
              break;  
          case '錛?:  
              sb.append("&quot;");  
              break;  
          case '&':  
              sb.append("錛?);  
              break;  
          case '#':  
              sb.append("錛?);  
              break;  
          case '\\':  
              sb.append('錕?);  
              break; 
          case '=':  
              sb.append("=");  
              break;
          default:  
              sb.append(c);  
              break;  
          }  
      }  
      return sb.toString(); 
  }
public static <T> void getXssSaftBean(Class<?> clz,T bean) throws IllegalAccessException, InvocationTargetException, NoSuchMethodException{
String classname = clz.getSimpleName();
logger.info("map target class name is {} .",classname);
Field[] fields = clz.getDeclaredFields();
for(Field field : fields){
Class<?> type = field.getType();
if(type.equals(String.class)){
String fieldname = field.getName();
String value = BeanUtils.getProperty(bean, fieldname);
if(StringUtils.isNotBlank(value)){
BeanUtils.setProperty(bean, fieldname, getSafeStringXSS(value));
}
}
}
}
}


浜戜簯 2014-09-28 13:49 鍙戣〃璇勮
]]>
鎻愬崌tomcat 鎬ц兘 apr鎵╁睍lib - 4399三国杀ol官网|三国杀传奇武将//www.lmlez.icu/hello-yun/archive/2014/01/16/409026.html浜戜簯浜戜簯Thu, 16 Jan 2014 06:50:00 GMT//www.lmlez.icu/hello-yun/archive/2014/01/16/409026.html//www.lmlez.icu/hello-yun/comments/409026.html//www.lmlez.icu/hello-yun/archive/2014/01/16/409026.html#Feedback0//www.lmlez.icu/hello-yun/comments/commentRss/409026.html//www.lmlez.icu/hello-yun/services/trackbacks/409026.html鎻愬崌tomcat 鎬ц兘 apr鎵╁睍lib
浣跨敤apr綾誨簱 鍙互璁﹖omcat鐨勬ц兘鎻愬崌鍒?鍒?鍊? 
鐩墠欏圭洰涓兘浣跨敤榪欐牱鐨勯厤緗?br />
<Connector port="8080" protocol="org.apache.coyote.http11.Http11AprProtocol" URIEncoding="UTF-8"
               enableLookups="false"
               acceptCount="300"
               connectionTimeout="20000"
               disableUploadTimeout="true" maxThreads="1000" maxSpareThreads="50" minSpareThreads="25"
               redirectPort="8443" />


catalia.sh 
CATALINA_OPTS="$CATALINA_OPTS -Djava.library.path=/usr/local/apr/lib"


浜戜簯 2014-01-16 14:50 鍙戣〃璇勮
]]>
redis 璁劇疆鍒嗗竷寮忛攣 - 4399三国杀ol官网|三国杀传奇武将//www.lmlez.icu/hello-yun/archive/2014/01/15/408988.html浜戜簯浜戜簯Wed, 15 Jan 2014 11:00:00 GMT//www.lmlez.icu/hello-yun/archive/2014/01/15/408988.html//www.lmlez.icu/hello-yun/comments/408988.html//www.lmlez.icu/hello-yun/archive/2014/01/15/408988.html#Feedback1//www.lmlez.icu/hello-yun/comments/commentRss/408988.html//www.lmlez.icu/hello-yun/services/trackbacks/408988.html闃呰鍏ㄦ枃

浜戜簯 2014-01-15 19:00 鍙戣〃璇勮
]]>
Eclipse鑳屾櫙棰滆壊鍜屽瓧浣撻厤緗?/title><link>//www.lmlez.icu/hello-yun/archive/2014/01/09/408739.html</link><dc:creator>浜戜簯</dc:creator><author>浜戜簯</author><pubDate>Thu, 09 Jan 2014 08:41:00 GMT</pubDate><guid>//www.lmlez.icu/hello-yun/archive/2014/01/09/408739.html</guid><wfw:comment>//www.lmlez.icu/hello-yun/comments/408739.html</wfw:comment><comments>//www.lmlez.icu/hello-yun/archive/2014/01/09/408739.html#Feedback</comments><slash:comments>0</slash:comments><wfw:commentRss>//www.lmlez.icu/hello-yun/comments/commentRss/408739.html</wfw:commentRss><trackback:ping>//www.lmlez.icu/hello-yun/services/trackbacks/408739.html</trackback:ping><description><![CDATA[<div style="margin: 0px; color: #333333; font-family: 寰蔣闆呴粦, Verdana, sans-serif, 瀹嬩綋; font-size: 13px; line-height: 23px; background-color: #ffffff;">瀵筫clipse鐨勯粯璁ら厤緗緢涓嶇埥錛岄粦鑹插瓧浣撶櫧鑹插簳濂藉埡鐪鹼紝鑰屼笖瀛椾綋涔犳儻鐢–ourier New</div><div style="margin: 0px; color: #333333; font-family: 寰蔣闆呴粦, Verdana, sans-serif, 瀹嬩綋; font-size: 13px; line-height: 23px; background-color: #ffffff;"></div><div style="margin: 0px; color: #333333; font-family: 寰蔣闆呴粦, Verdana, sans-serif, 瀹嬩綋; font-size: 13px; line-height: 23px; background-color: #ffffff;"><div style="margin: 0px;">鏀瑰彉鑳屾櫙棰滆壊錛?/div><div style="margin: 0px;">windows->Preferences->General->Editor->Text Editors</div><div style="margin: 0px;">鍙寵竟閫夋嫨Appearance color options </div><div style="margin: 0px;">閫塀ackground color 閫夋嫨鑳屾櫙棰滆壊</div><div style="margin: 0px;">涓漢姣旇緝鑸掓湇鐨勮眴娌欑豢鑹插拰榛戣壊鑳屾櫙錛屼絾榛戣壊鑳屾櫙榪樿鎶婂叾浠栫殑瀛椾綋棰滆壊涔熸敼浜嗘墠濂界湅錛岃屼笖璞嗘矙緇胯壊璺熼粯璁ょ殑瀛椾綋棰滆壊鎼厤鐨勫緢濂姐?/div><div style="margin: 0px;">璞嗘矙緇胯壊錛堣壊璋冿細85   楗卞拰搴︼細123   浜害錛?05 錛?/div><div style="margin: 0px;">鎹榪欎釜鑹茶皟鏄溂縐戜笓瀹墮厤鐨勶紝 鍥犲叾棰滆壊姣旇緝鏌斿拰錛屾嵁璇撮槄璇葷殑鏃跺欑敤榪欑棰滆壊鍋氳儗鏅湁鍒╀簬淇濇姢鐪肩潧錛?word搴曡壊灝辮澶氫漢璁劇疆鎴愯眴娌欑豢鑹層?/div><div style="margin: 0px;"></div><div style="margin: 0px;">xml鐨勫瓧浣撹皟鏁達細 </div><div style="margin: 0px;">window--preferences--General--appearance--colors and fonts--Basic-- "Text font "  </div><div style="margin: 0px;">鐒跺悗鐐筩hange,鍙互璁劇疆瀛椾綋錛屾垜鍠滄Courier New</div><div style="margin: 0px;"></div><div style="margin: 0px;">Java鐨勫瓧浣撹皟鏁達細 </div><div style="margin: 0px;">window--preferences--General--appearance--colors and fonts--java </div></div><img src ="//www.lmlez.icu/hello-yun/aggbug/408739.html" width = "1" height = "1" /><br><br><div align=right><a style="text-decoration:none;" href="//www.lmlez.icu/hello-yun/" target="_blank">浜戜簯</a> 2014-01-09 16:41 <a href="//www.lmlez.icu/hello-yun/archive/2014/01/09/408739.html#Feedback" target="_blank" style="text-decoration:none;">鍙戣〃璇勮</a></div>]]></description></item><item><title>鍒犻櫎鏂囦歡鐨剆vn淇℃伅 瑙e喅浠庡叾瀹冭礬寰勬嫹榪囨潵鐨勬枃浠跺甫鏈夎礬寰勪俊鎭?鏃犳硶鎻愪氦鐨勯棶棰?/title><link>//www.lmlez.icu/hello-yun/archive/2013/12/05/407259.html</link><dc:creator>浜戜簯</dc:creator><author>浜戜簯</author><pubDate>Thu, 05 Dec 2013 09:17:00 GMT</pubDate><guid>//www.lmlez.icu/hello-yun/archive/2013/12/05/407259.html</guid><wfw:comment>//www.lmlez.icu/hello-yun/comments/407259.html</wfw:comment><comments>//www.lmlez.icu/hello-yun/archive/2013/12/05/407259.html#Feedback</comments><slash:comments>0</slash:comments><wfw:commentRss>//www.lmlez.icu/hello-yun/comments/commentRss/407259.html</wfw:commentRss><trackback:ping>//www.lmlez.icu/hello-yun/services/trackbacks/407259.html</trackback:ping><description><![CDATA[<p align="left">鏈夋椂鍊欏湪欏圭洰涓?浼氬彉鍖栬礬寰?鎶婂師鏈夎礬寰勭殑鏂囦歡鎷峰埌鏂扮殑璺緞涓嬮潰<br />鍐嶅垹闄ゅ師鏉ヤ笉鎯崇殑璺緞鍐嶆彁浜や竴嬈?榪欐牱浠ユ潵 鍘熸潵鐨勮礬寰勭‘瀹炰笉瀛樺湪浜?br />浣嗘槸鎷瘋繃鏉ョ殑鏂囦歡甯︽湁鍘熸潵璺緞鐨剆vn淇℃伅 榪欐牱浠ユ潵 鍦ㄦ彁浜ょ殑鏃跺?灝辨棤娉曟彁浜?br />鎯寵鏂囦歡鎸夌収鐨勮礬寰勬彁浜?浣嗗緇坰vn榪樻槸鍐嶅線浠ュ墠鐨勮礬寰勬彁浜?騫舵彁紺轟綘璺緞涓嶅瓨鍦?br />鍦ㄧ綉涓婃悳浜嗕笅 濡備綍鍒犻櫎鏂囦歡鑷甫鐨剆vn璺緞淇℃伅 <br />鎸夌収涓嬮潰鐨勬柟寮忔潵鎿嶄綔鍗沖彲</p> <p style="text-align: left; padding-bottom: 0px; text-transform: none; background-color: rgb(255,255,255); text-indent: 0px; margin: 0px 0px 10px; padding-left: 0px; padding-right: 0px; font: 16px/28px 'Hiragino Sans GB W3', 'Hiragino Sans GB', Arial, Helvetica, simsun, u5b8bu4f53; white-space: normal; letter-spacing: normal; color: rgb(13,13,13); word-spacing: 0px; padding-top: 0px; -webkit-text-stroke-width: 0px">Windows Registry Editor Version 5.00<br style="line-height: 28px" />[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\DeleteSVN]<span class="Apple-converted-space"> </span><br style="line-height: 28px" />@="鍒犻櫎璇ョ洰褰曚笅闈?svn鏂囦歡"<br style="line-height: 28px" />[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\DeleteSVN\command]<span class="Apple-converted-space"> </span><br style="line-height: 28px" />@="cmd.exe /c \"TITLE Removing SVN Folders in %1 && COLOR 9A && FOR /r \"%1\" %%f IN (.svn) DO RD /s /q \"%%f\" \""</p> <p style="text-align: left; padding-bottom: 0px; text-transform: none; background-color: rgb(255,255,255); text-indent: 0px; margin: 0px 0px 10px; padding-left: 0px; padding-right: 0px; font: 16px/28px 'Hiragino Sans GB W3', 'Hiragino Sans GB', Arial, Helvetica, simsun, u5b8bu4f53; white-space: normal; letter-spacing: normal; color: rgb(13,13,13); word-spacing: 0px; padding-top: 0px; -webkit-text-stroke-width: 0px"><br style="line-height: 28px" />鎶婁笂闈㈣繖孌墊枃瀛椾繚瀛橀棶涓涓狣one.reg鏂囦歡<br style="line-height: 28px" />鐒跺悗鎵ц,瀵煎叆鍒版敞鍐岃〃<br style="line-height: 28px" />灝變細鍦ㄤ綘鍙抽敭涓涓枃浠跺す鐨勬椂鍊欏鍑烘潵涓涓彍鍗?鍒犻櫎璇ョ洰褰曚笅闈?svn鏂囦歡"<br style="line-height: 28px" />鎵ц璇ュ懡浠ゅ嵆鍙?/p> <p align="left"> </p><img src ="//www.lmlez.icu/hello-yun/aggbug/407259.html" width = "1" height = "1" /><br><br><div align=right><a style="text-decoration:none;" href="//www.lmlez.icu/hello-yun/" target="_blank">浜戜簯</a> 2013-12-05 17:17 <a href="//www.lmlez.icu/hello-yun/archive/2013/12/05/407259.html#Feedback" target="_blank" style="text-decoration:none;">鍙戣〃璇勮</a></div>]]></description></item><item><title>mybatis No enum const class org.apache.ibatis.type.JdbcType.Date 鍧戠埞鐨勯厤緗?/title><link>//www.lmlez.icu/hello-yun/archive/2013/11/26/406862.html</link><dc:creator>浜戜簯</dc:creator><author>浜戜簯</author><pubDate>Tue, 26 Nov 2013 13:02:00 GMT</pubDate><guid>//www.lmlez.icu/hello-yun/archive/2013/11/26/406862.html</guid><wfw:comment>//www.lmlez.icu/hello-yun/comments/406862.html</wfw:comment><comments>//www.lmlez.icu/hello-yun/archive/2013/11/26/406862.html#Feedback</comments><slash:comments>1</slash:comments><wfw:commentRss>//www.lmlez.icu/hello-yun/comments/commentRss/406862.html</wfw:commentRss><trackback:ping>//www.lmlez.icu/hello-yun/services/trackbacks/406862.html</trackback:ping><description><![CDATA[鍦╥batis涓笉闇瑕佸叧娉ㄨ繖浜涘弬鏁?鑰岃漿鍒癿ybatis鍚?濡傛灉瀛楁鍊間負絀?蹇呴』璁劇疆jdbcType<br />濡?br />insert into testTable<br />   (ID,<br />   NAME,<br />   DESCRIPTION,<br />   IMAGEURL,<br />   LINKURL,<br />   ISALWAYS,<br />   ISDISPLAYINDEX,<br />   DISPLAYWEIGHT,<br />   STARTTIME,<br />   ENDTIME,<br />   CREATOR,<br />   CREATTIME,<br />   MODIFYTIME)<br />  values<br />   (SEQ_ACTIVITY_TABLE.NEXTVAL,<br />   #{name},<br />   #{desc,jdbcType=VARCHAR},<br />   #{imageUrl,jdbcType=VARCHAR},<br />   #{linkUrl,jdbcType=VARCHAR},<br />   #{isAlways,jdbcType=CHAR},<br />   #{isDisplayIndex,jdbcType=CHAR},<br />   #{displayWeight,jdbcType=VARCHAR},<br />   #{startTime,jdbcType=DATE},<br />   #{endTime,jdbcType=DATE},<br />   #{creator,jdbcType=VARCHAR},<br />   sysdate,<br />   sysdate<br />   )<br /> </insert><br /><br />榪欎簺璁劇疆涔嬪錛屽お鐑︿簡錛屾渶璁╀漢鐑︾殑鏄?nbsp; jdbcType = DATE錛岀被鍨嬭繕蹇呴』澶у啓錛屼笉鑳藉皬鍐欍?br />濡備笅闈㈢殑渚嬪瓙錛屽皢DATE 鏀規垚 Date 銆傜粨鏋滆浜哄緢鎶撶媯鍟婏紒錛侊紒<br />insert into testTable<br />   (ID,<br />   NAME,<br />   DESCRIPTION,<br />   IMAGEURL,<br />   LINKURL,<br />   ISALWAYS,<br />   ISDISPLAYINDEX,<br />   DISPLAYWEIGHT,<br />   STARTTIME,<br />   ENDTIME,<br />   CREATOR,<br />   CREATTIME,<br />   MODIFYTIME)<br />  values<br />   (SEQ_ACTIVITY_TABLE.NEXTVAL,<br />   #{name},<br />   #{desc,jdbcType=VARCHAR},<br />   #{imageUrl,jdbcType=VARCHAR},<br />   #{linkUrl,jdbcType=VARCHAR},<br />   #{isAlways,jdbcType=CHAR},<br />   #{isDisplayIndex,jdbcType=CHAR},<br />   #{displayWeight,jdbcType=VARCHAR},<br />   #{startTime,jdbcType=Date},<br />   #{endTime,jdbcType=DATE},<br />   #{creator,jdbcType=VARCHAR},<br />   sysdate,<br />   sysdate<br />   )<br /> </insert><br /><pre style="line-height: normal; text-transform: none; font-variant: normal; font-style: normal; text-indent: 0px; letter-spacing: normal; color: rgb(0,0,0); font-weight: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px">org.mybatis.spring.MyBatisSystemException: nested exception is org.apache.ibatis.builder.BuilderException: Error resolving JdbcType. Cause: java.lang.IllegalArgumentException: No enum const class org.apache.ibatis.type.JdbcType.Date org.mybatis.spring.MyBatisExceptionTranslator.translateExceptionIfPossible(MyBatisExceptionTranslator.java:75) org.mybatis.spring.SqlSessionTemplate$SqlSessionInterceptor.invoke(SqlSessionTemplate.java:368)</pre>鏇村潙鐖圭殑鍦ㄥ悗闈紝涓婇潰insert鏃剁殑鏃跺欑敤#{endTime,jdbcType=DATE},鍙互灝嗘椂闂存彃鍏ユ垚鍔燂紝涓斿彲浠ョ簿紜埌鏃跺垎縐?br />浣嗗鏋滃湪update璇彞涓篃榪欐牱浣跨敤錛岄偅浣犲緱鍒扮殑鍙細鏈夋棩鏈燂紝榪欏鍧戠埞鐨勪簡鍚?錛屽凹鐜?nbsp; 姣旇搗ibatis鏂逛究涔嬪宸繙浜?br />瑕佹兂鍦╱pdate璇彞涓?灝嗘椂闂存牸寮忓寲鎴愭椂鍒嗙 涓嶅緱涓嶅啀鍔犱竴涓被鍨?濡備笅闈細<br />startTime = #{startTime,javaType=DATE, jdbcType=VARCHAR} <br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><img src ="//www.lmlez.icu/hello-yun/aggbug/406862.html" width = "1" height = "1" /><br><br><div align=right><a style="text-decoration:none;" href="//www.lmlez.icu/hello-yun/" target="_blank">浜戜簯</a> 2013-11-26 21:02 <a href="//www.lmlez.icu/hello-yun/archive/2013/11/26/406862.html#Feedback" target="_blank" style="text-decoration:none;">鍙戣〃璇勮</a></div>]]></description></item><item><title>璧拌繃璺繃 涓嶈閿欒繃鐨勫ソ鏂囩珷 CSRF 闃插盡鏂規硶閫夋嫨涔嬮亾 - 4399三国杀ol官网|三国杀传奇武将//www.lmlez.icu/hello-yun/archive/2013/11/05/406028.html浜戜簯浜戜簯Tue, 05 Nov 2013 12:53:00 GMT//www.lmlez.icu/hello-yun/archive/2013/11/05/406028.html//www.lmlez.icu/hello-yun/comments/406028.html//www.lmlez.icu/hello-yun/archive/2013/11/05/406028.html#Feedback0//www.lmlez.icu/hello-yun/comments/commentRss/406028.html//www.lmlez.icu/hello-yun/services/trackbacks/406028.htmlCSRF 鑳屾櫙涓庝粙緇?/strong>

CSRF錛圕ross Site Request Forgery, 璺ㄧ珯鍩熻姹備吉閫狅級鏄竴縐嶇綉緇滅殑鏀誨嚮鏂瑰紡錛屽畠鍦?2007 騫存浘琚垪涓轟簰鑱旂綉 20 澶у畨鍏ㄩ殣鎮d箣涓銆傚叾浠栧畨鍏ㄩ殣鎮o紝姣斿 SQL 鑴氭湰娉ㄥ叆錛岃法绔欏煙鑴氭湰鏀誨嚮絳夊湪榪戝勾鏉ュ凡緇忛愭笎涓轟紬浜虹啛鐭ワ紝寰堝緗戠珯涔熼兘閽堝浠栦滑榪涜浜嗛槻寰°傜劧鑰岋紝瀵逛簬澶у鏁頒漢鏉ヨ錛孋SRF 鍗翠緷鐒舵槸涓涓檶鐢熺殑姒傚康銆傚嵆渚挎槸澶у悕榧庨紟鐨?Gmail, 鍦?2007 騫村簳涔熷瓨鍦ㄧ潃 CSRF 婕忔礊錛屼粠鑰岃榛戝鏀誨嚮鑰屼嬌 Gmail 鐨勭敤鎴烽犳垚宸ㄥぇ鐨勬崯澶便?/p>

CSRF 鏀誨嚮瀹炰緥

CSRF 鏀誨嚮鍙互鍦ㄥ彈瀹寵呮涓嶇煡鎯呯殑鎯呭喌涓嬩互鍙楀鑰呭悕涔変吉閫犺姹傚彂閫佺粰鍙楁敾鍑葷珯鐐癸紝浠庤屽湪騫舵湭鎺堟潈鐨勬儏鍐典笅鎵ц鍦ㄦ潈闄愪繚鎶や箣涓嬬殑鎿嶄綔銆傛瘮濡傝錛屽彈瀹寵?Bob 鍦ㄩ摱琛屾湁涓絎斿瓨嬈撅紝閫氳繃瀵歸摱琛岀殑緗戠珯鍙戦佽姹?//bank.example/withdraw?account=bob&amount=1000000&for=bob2 鍙互浣?Bob 鎶?1000000 鐨勫瓨嬈捐漿鍒?bob2 鐨勮處鍙蜂笅銆傞氬父鎯呭喌涓嬶紝璇ヨ姹傚彂閫佸埌緗戠珯鍚庯紝鏈嶅姟鍣ㄤ細鍏堥獙璇佽璇鋒眰鏄惁鏉ヨ嚜涓涓悎娉曠殑 session錛屽茍涓旇 session 鐨勭敤鎴?Bob 宸茬粡鎴愬姛鐧婚檰銆傞粦瀹?Mallory 鑷繁鍦ㄨ閾惰涔熸湁璐︽埛錛屼粬鐭ラ亾涓婃枃涓殑 URL 鍙互鎶婇挶榪涜杞笎鎿嶄綔銆侻allory 鍙互鑷繁鍙戦佷竴涓姹傜粰閾惰錛//bank.example/withdraw?account=bob&amount=1000000&for=Mallory銆備絾鏄繖涓姹傛潵鑷?Mallory 鑰岄潪 Bob錛屼粬涓嶈兘閫氳繃瀹夊叏璁よ瘉錛屽洜姝よ璇鋒眰涓嶄細璧蜂綔鐢ㄣ傝繖鏃訛紝Mallory 鎯沖埌浣跨敤 CSRF 鐨勬敾鍑繪柟寮忥紝浠栧厛鑷繁鍋氫竴涓綉绔欙紝鍦ㄧ綉绔欎腑鏀懼叆濡備笅浠g爜錛?src=”//bank.example/withdraw?account=bob&amount=1000000&for=Mallory ”錛屽茍涓旈氳繃騫垮憡絳夎浣?Bob 鏉ヨ闂粬鐨勭綉绔欍傚綋 Bob 璁塊棶璇ョ綉绔欐椂錛屼笂榪?url 灝變細浠?Bob 鐨勬祻瑙堝櫒鍙戝悜閾惰錛岃岃繖涓姹備細闄勫甫 Bob 嫻忚鍣ㄤ腑鐨?cookie 涓璧峰彂鍚戦摱琛屾湇鍔″櫒銆傚ぇ澶氭暟鎯呭喌涓嬶紝璇ヨ姹備細澶辮觸錛屽洜涓轟粬瑕佹眰 Bob 鐨勮璇佷俊鎭備絾鏄紝濡傛灉 Bob 褰撴椂鎭板閥鍒氳闂粬鐨勯摱琛屽悗涓嶄箙錛屼粬鐨勬祻瑙堝櫒涓庨摱琛岀綉绔欎箣闂寸殑 session 灝氭湭榪囨湡錛屾祻瑙堝櫒鐨?cookie 涔嬩腑鍚湁 Bob 鐨勮璇佷俊鎭傝繖鏃訛紝鎮插墽鍙戠敓浜嗭紝榪欎釜 url 璇鋒眰灝變細寰楀埌鍝嶅簲錛岄挶灝嗕粠 Bob 鐨勮處鍙瘋漿縐誨埌 Mallory 鐨勮處鍙鳳紝鑰?Bob 褰撴椂姣笉鐭ユ儏銆傜瓑浠ュ悗 Bob 鍙戠幇璐︽埛閽卞皯浜嗭紝鍗充嬌浠栧幓閾惰鏌ヨ鏃ュ織錛屼粬涔熷彧鑳藉彂鐜扮‘瀹炴湁涓涓潵鑷簬浠栨湰浜虹殑鍚堟硶璇鋒眰杞Щ浜嗚祫閲戯紝娌℃湁浠諱綍琚敾鍑葷殑鐥曡抗銆傝?Mallory 鍒欏彲浠ユ嬁鍒伴挶鍚庨嶉仴娉曞銆?/p>

CSRF 鏀誨嚮鐨勫璞?/strong>

鍦ㄨ璁哄浣曟姷寰?CSRF 涔嬪墠錛屽厛瑕佹槑紜?CSRF 鏀誨嚮鐨勫璞★紝涔熷氨鏄淇濇姢鐨勫璞°備粠浠ヤ笂鐨勪緥瀛愬彲鐭ワ紝CSRF 鏀誨嚮鏄粦瀹㈠熷姪鍙楀鑰呯殑 cookie 楠楀彇鏈嶅姟鍣ㄧ殑淇′換錛屼絾鏄粦瀹㈠茍涓嶈兘鎷垮埌 cookie錛屼篃鐪嬩笉鍒?cookie 鐨勫唴瀹廣傚彟澶栵紝瀵逛簬鏈嶅姟鍣ㄨ繑鍥炵殑緇撴灉錛岀敱浜庢祻瑙堝櫒鍚屾簮絳栫暐鐨勯檺鍒訛紝榛戝涔熸棤娉曡繘琛岃В鏋愩傚洜姝わ紝榛戝鏃犳硶浠庤繑鍥炵殑緇撴灉涓緱鍒頒換浣曚笢瑗匡紝浠栨墍鑳藉仛鐨勫氨鏄粰鏈嶅姟鍣ㄥ彂閫佽姹傦紝浠ユ墽琛岃姹備腑鎵鎻忚堪鐨勫懡浠わ紝鍦ㄦ湇鍔″櫒绔洿鎺ユ敼鍙樻暟鎹殑鍊鹼紝鑰岄潪紿冨彇鏈嶅姟鍣ㄤ腑鐨勬暟鎹傛墍浠ワ紝鎴戜滑瑕佷繚鎶ょ殑瀵硅薄鏄偅浜涘彲浠ョ洿鎺ヤ駭鐢熸暟鎹敼鍙樼殑鏈嶅姟錛岃屽浜庤鍙栨暟鎹殑鏈嶅姟錛屽垯涓嶉渶瑕佽繘琛?CSRF 鐨勪繚鎶ゃ傛瘮濡傞摱琛岀郴緇熶腑杞處鐨勮姹備細鐩存帴鏀瑰彉璐︽埛鐨勯噾棰濓紝浼氶伃鍒?CSRF 鏀誨嚮錛岄渶瑕佷繚鎶ゃ傝屾煡璇綑棰濇槸瀵歸噾棰濈殑璇誨彇鎿嶄綔錛屼笉浼氭敼鍙樻暟鎹紝CSRF 鏀誨嚮鏃犳硶瑙f瀽鏈嶅姟鍣ㄨ繑鍥炵殑緇撴灉錛屾棤闇淇濇姢銆?/p>

褰撳墠闃插盡 CSRF 鐨勫嚑縐嶇瓥鐣?/strong>

鍦ㄤ笟鐣岀洰鍓嶉槻寰?CSRF 鏀誨嚮涓昏鏈変笁縐嶇瓥鐣ワ細楠岃瘉 HTTP Referer 瀛楁錛涘湪璇鋒眰鍦板潃涓坊鍔?token 騫墮獙璇侊紱鍦?HTTP 澶翠腑鑷畾涔夊睘鎬у茍楠岃瘉銆備笅闈㈠氨鍒嗗埆瀵硅繖涓夌絳栫暐榪涜璇︾粏浠嬬粛銆?/p>

楠岃瘉 HTTP Referer 瀛楁

鏍規嵁 HTTP 鍗忚錛屽湪 HTTP 澶翠腑鏈変竴涓瓧孌靛彨 Referer錛屽畠璁板綍浜嗚 HTTP 璇鋒眰鐨勬潵婧愬湴鍧銆傚湪閫氬父鎯呭喌涓嬶紝璁塊棶涓涓畨鍏ㄥ彈闄愰〉闈㈢殑璇鋒眰鏉ヨ嚜浜庡悓涓涓綉绔欙紝姣斿闇瑕佽闂?//bank.example/withdraw?account=bob&amount=1000000&for=Mallory錛岀敤鎴峰繀欏誨厛鐧婚檰 bank.example錛岀劧鍚庨氳繃鐐瑰嚮欏甸潰涓婄殑鎸夐挳鏉ヨЕ鍙戣漿璐︿簨浠躲傝繖鏃訛紝璇ヨ漿甯愯姹傜殑 Referer 鍊煎氨浼氭槸杞處鎸夐挳鎵鍦ㄧ殑欏甸潰鐨?URL錛岄氬父鏄互 bank.example 鍩熷悕寮澶寸殑鍦板潃銆傝屽鏋滈粦瀹㈣瀵歸摱琛岀綉绔欏疄鏂?CSRF 鏀誨嚮錛屼粬鍙兘鍦ㄤ粬鑷繁鐨勭綉绔欐瀯閫犺姹傦紝褰撶敤鎴烽氳繃榛戝鐨勭綉绔欏彂閫佽姹傚埌閾惰鏃訛紝璇ヨ姹傜殑 Referer 鏄寚鍚戦粦瀹㈣嚜宸辯殑緗戠珯銆傚洜姝わ紝瑕侀槻寰?CSRF 鏀誨嚮錛岄摱琛岀綉绔欏彧闇瑕佸浜庢瘡涓涓漿璐﹁姹傞獙璇佸叾 Referer 鍊鹼紝濡傛灉鏄互 bank.example 寮澶寸殑鍩熷悕錛屽垯璇存槑璇ヨ姹傛槸鏉ヨ嚜閾惰緗戠珯鑷繁鐨勮姹傦紝鏄悎娉曠殑銆傚鏋?Referer 鏄叾浠栫綉绔欑殑璇濓紝鍒欐湁鍙兘鏄粦瀹㈢殑 CSRF 鏀誨嚮錛屾嫆緇濊璇鋒眰銆?/p>

榪欑鏂規硶鐨勬樉鑰屾槗瑙佺殑濂藉灝辨槸綆鍗曟槗琛岋紝緗戠珯鐨勬櫘閫氬紑鍙戜漢鍛樹笉闇瑕佹搷蹇?CSRF 鐨勬紡媧烇紝鍙渶瑕佸湪鏈鍚庣粰鎵鏈夊畨鍏ㄦ晱鎰熺殑璇鋒眰緇熶竴澧炲姞涓涓嫤鎴櫒鏉ユ鏌?Referer 鐨勫煎氨鍙互銆傜壒鍒槸瀵逛簬褰撳墠鐜版湁鐨勭郴緇燂紝涓嶉渶瑕佹敼鍙樺綋鍓嶇郴緇熺殑浠諱綍宸叉湁浠g爜鍜岄昏緫錛屾病鏈夐闄╋紝闈炲父渚挎嵎銆?/p>

鐒惰岋紝榪欑鏂規硶騫墮潪涓囨棤涓澶便俁eferer 鐨勫兼槸鐢辨祻瑙堝櫒鎻愪緵鐨勶紝铏界劧 HTTP 鍗忚涓婃湁鏄庣‘鐨勮姹傦紝浣嗘槸姣忎釜嫻忚鍣ㄥ浜?Referer 鐨勫叿浣撳疄鐜板彲鑳芥湁宸埆錛屽茍涓嶈兘淇濊瘉嫻忚鍣ㄨ嚜韜病鏈夊畨鍏ㄦ紡媧炪備嬌鐢ㄩ獙璇?Referer 鍊肩殑鏂規硶錛屽氨鏄妸瀹夊叏鎬ч兘渚濊禆浜庣涓夋柟錛堝嵆嫻忚鍣級鏉ヤ繚闅滐紝浠庣悊璁轟笂鏉ヨ錛岃繖鏍峰茍涓嶅畨鍏ㄣ備簨瀹炰笂錛屽浜庢煇浜涙祻瑙堝櫒錛屾瘮濡?IE6 鎴?FF2錛岀洰鍓嶅凡緇忔湁涓浜涙柟娉曞彲浠ョ鏀?Referer 鍊箋傚鏋?bank.example 緗戠珯鏀寔 IE6 嫻忚鍣紝榛戝瀹屽叏鍙互鎶婄敤鎴鋒祻瑙堝櫒鐨?Referer 鍊艱涓轟互 bank.example 鍩熷悕寮澶寸殑鍦板潃錛岃繖鏍峰氨鍙互閫氳繃楠岃瘉錛屼粠鑰岃繘琛?CSRF 鏀誨嚮銆?/p>

鍗充究鏄嬌鐢ㄦ渶鏂扮殑嫻忚鍣紝榛戝鏃犳硶綃℃敼 Referer 鍊鹼紝榪欑鏂規硶浠嶇劧鏈夐棶棰樸傚洜涓?Referer 鍊間細璁板綍涓嬬敤鎴風殑璁塊棶鏉ユ簮錛屾湁浜涚敤鎴瘋涓鴻繖鏍蜂細渚電姱鍒頒粬浠嚜宸辯殑闅愮鏉冿紝鐗瑰埆鏄湁浜涚粍緇囨媴蹇?Referer 鍊間細鎶婄粍緇囧唴緗戜腑鐨勬煇浜涗俊鎭硠闇插埌澶栫綉涓傚洜姝わ紝鐢ㄦ埛鑷繁鍙互璁劇疆嫻忚鍣ㄤ嬌鍏跺湪鍙戦佽姹傛椂涓嶅啀鎻愪緵 Referer銆傚綋浠栦滑姝e父璁塊棶閾惰緗戠珯鏃訛紝緗戠珯浼氬洜涓鴻姹傛病鏈?Referer 鍊艱岃涓烘槸 CSRF 鏀誨嚮錛屾嫆緇濆悎娉曠敤鎴風殑璁塊棶銆?/p>

鍦ㄨ姹傚湴鍧涓坊鍔?token 騫墮獙璇?/strong>

CSRF 鏀誨嚮涔嬫墍浠ヨ兘澶熸垚鍔燂紝鏄洜涓洪粦瀹㈠彲浠ュ畬鍏ㄤ吉閫犵敤鎴風殑璇鋒眰錛岃璇鋒眰涓墍鏈夌殑鐢ㄦ埛楠岃瘉淇℃伅閮芥槸瀛樺湪浜?cookie 涓紝鍥犳榛戝鍙互鍦ㄤ笉鐭ラ亾榪欎簺楠岃瘉淇℃伅鐨勬儏鍐典笅鐩存帴鍒╃敤鐢ㄦ埛鑷繁鐨?cookie 鏉ラ氳繃瀹夊叏楠岃瘉銆傝鎶靛盡 CSRF錛屽叧閿湪浜庡湪璇鋒眰涓斁鍏ラ粦瀹㈡墍涓嶈兘浼犵殑淇℃伅錛屽茍涓旇淇℃伅涓嶅瓨鍦ㄤ簬 cookie 涔嬩腑銆傚彲浠ュ湪 HTTP 璇鋒眰涓互鍙傛暟鐨勫艦寮忓姞鍏ヤ竴涓殢鏈轟駭鐢熺殑 token錛屽茍鍦ㄦ湇鍔″櫒绔緩绔嬩竴涓嫤鎴櫒鏉ラ獙璇佽繖涓?token錛屽鏋滆姹備腑娌℃湁 token 鎴栬?token 鍐呭涓嶆紜紝鍒欒涓哄彲鑳芥槸 CSRF 鏀誨嚮鑰屾嫆緇濊璇鋒眰銆?/p>

榪欑鏂規硶瑕佹瘮媯鏌?Referer 瑕佸畨鍏ㄤ竴浜涳紝token 鍙互鍦ㄧ敤鎴風櫥闄嗗悗浜х敓騫舵斁浜?session 涔嬩腑錛岀劧鍚庡湪姣忔璇鋒眰鏃舵妸 token 浠?session 涓嬁鍑猴紝涓庤姹備腑鐨?token 榪涜姣斿錛屼絾榪欑鏂規硶鐨勯毦鐐瑰湪浜庡浣曟妸 token 浠ュ弬鏁扮殑褰㈠紡鍔犲叆璇鋒眰銆傚浜?GET 璇鋒眰錛宼oken 灝嗛檮鍦ㄨ姹傚湴鍧涔嬪悗錛岃繖鏍?URL 灝卞彉鎴?//url?csrftoken=tokenvalue銆?鑰屽浜?POST 璇鋒眰鏉ヨ錛岃鍦?form 鐨勬渶鍚庡姞涓?<input type=”hidden” name=”csrftoken” value=”tokenvalue”/>錛岃繖鏍峰氨鎶?token 浠ュ弬鏁扮殑褰㈠紡鍔犲叆璇鋒眰浜嗐備絾鏄紝鍦ㄤ竴涓綉绔欎腑錛屽彲浠ユ帴鍙楄姹傜殑鍦版柟闈炲父澶氾紝瑕佸浜庢瘡涓涓姹傞兘鍔犱笂 token 鏄緢楹葷儲鐨勶紝騫朵笖寰堝鏄撴紡鎺夛紝閫氬父浣跨敤鐨勬柟娉曞氨鏄湪姣忔欏甸潰鍔犺澆鏃訛紝浣跨敤 javascript 閬嶅巻鏁翠釜 dom 鏍戯紝瀵逛簬 dom 涓墍鏈夌殑 a 鍜?form 鏍囩鍚庡姞鍏?token銆傝繖鏍峰彲浠ヨВ鍐沖ぇ閮ㄥ垎鐨勮姹傦紝浣嗘槸瀵逛簬鍦ㄩ〉闈㈠姞杞戒箣鍚庡姩鎬佺敓鎴愮殑 html 浠g爜錛岃繖縐嶆柟娉曞氨娌℃湁浣滅敤錛岃繕闇瑕佺▼搴忓憳鍦ㄧ紪鐮佹椂鎵嬪姩娣誨姞 token銆?/p>

璇ユ柟娉曡繕鏈変竴涓己鐐規槸闅句互淇濊瘉 token 鏈韓鐨勫畨鍏ㄣ傜壒鍒槸鍦ㄤ竴浜涜鍧涗箣綾繪敮鎸佺敤鎴瘋嚜宸卞彂琛ㄥ唴瀹圭殑緗戠珯錛岄粦瀹㈠彲浠ュ湪涓婇潰鍙戝竷鑷繁涓漢緗戠珯鐨勫湴鍧銆傜敱浜庣郴緇熶篃浼氬湪榪欎釜鍦板潃鍚庨潰鍔犱笂 token錛岄粦瀹㈠彲浠ュ湪鑷繁鐨勭綉绔欎笂寰楀埌榪欎釜 token錛屽茍椹笂灝卞彲浠ュ彂鍔?CSRF 鏀誨嚮銆備負浜嗛伩鍏嶈繖涓鐐癸紝緋葷粺鍙互鍦ㄦ坊鍔?token 鐨勬椂鍊欏鍔犱竴涓垽鏂紝濡傛灉榪欎釜閾炬帴鏄摼鍒拌嚜宸辨湰绔欑殑錛屽氨鍦ㄥ悗闈㈡坊鍔?token錛屽鏋滄槸閫氬悜澶栫綉鍒欎笉鍔犮備笉榪囷紝鍗充嬌榪欎釜 csrftoken 涓嶄互鍙傛暟鐨勫艦寮忛檮鍔犲湪璇鋒眰涔嬩腑錛岄粦瀹㈢殑緗戠珯涔熷悓鏍峰彲浠ラ氳繃 Referer 鏉ュ緱鍒拌繖涓?token 鍊間互鍙戝姩 CSRF 鏀誨嚮銆傝繖涔熸槸涓浜涚敤鎴峰枩嬈㈡墜鍔ㄥ叧闂祻瑙堝櫒 Referer 鍔熻兘鐨勫師鍥犮?/p>

鍦?HTTP 澶翠腑鑷畾涔夊睘鎬у茍楠岃瘉

榪欑鏂規硶涔熸槸浣跨敤 token 騫惰繘琛岄獙璇侊紝鍜屼笂涓縐嶆柟娉曚笉鍚岀殑鏄紝榪欓噷騫朵笉鏄妸 token 浠ュ弬鏁扮殑褰㈠紡緗簬 HTTP 璇鋒眰涔嬩腑錛岃屾槸鎶婂畠鏀懼埌 HTTP 澶翠腑鑷畾涔夌殑灞炴ч噷銆傞氳繃 XMLHttpRequest 榪欎釜綾伙紝鍙互涓嬈℃х粰鎵鏈夎綾昏姹傚姞涓?csrftoken 榪欎釜 HTTP 澶村睘鎬э紝騫舵妸 token 鍊兼斁鍏ュ叾涓傝繖鏍瘋В鍐充簡涓婄鏂規硶鍦ㄨ姹備腑鍔犲叆 token 鐨勪笉渚匡紝鍚屾椂錛岄氳繃 XMLHttpRequest 璇鋒眰鐨勫湴鍧涓嶄細琚褰曞埌嫻忚鍣ㄧ殑鍦板潃鏍忥紝涔熶笉鐢ㄦ媴蹇?token 浼氶忚繃 Referer 娉勯湶鍒板叾浠栫綉绔欎腑鍘匯?/p>

鐒惰岃繖縐嶆柟娉曠殑灞闄愭ч潪甯稿ぇ銆俋MLHttpRequest 璇鋒眰閫氬父鐢ㄤ簬 Ajax 鏂規硶涓浜庨〉闈㈠眬閮ㄧ殑寮傛鍒鋒柊錛屽茍闈炴墍鏈夌殑璇鋒眰閮介傚悎鐢ㄨ繖涓被鏉ュ彂璧鳳紝鑰屼笖閫氳繃璇ョ被璇鋒眰寰楀埌鐨勯〉闈笉鑳借嫻忚鍣ㄦ墍璁板綍涓嬶紝浠庤岃繘琛屽墠榪涳紝鍚庨錛屽埛鏂幫紝鏀惰棌絳夋搷浣滐紝緇欑敤鎴峰甫鏉ヤ笉渚褲傚彟澶栵紝瀵逛簬娌℃湁榪涜 CSRF 闃叉姢鐨勯仐鐣欑郴緇熸潵璇達紝瑕侀噰鐢ㄨ繖縐嶆柟娉曟潵榪涜闃叉姢錛岃鎶婃墍鏈夎姹傞兘鏀逛負 XMLHttpRequest 璇鋒眰錛岃繖鏍峰嚑涔庢槸瑕侀噸鍐欐暣涓綉绔欙紝榪欎唬浠鋒棤鐤戞槸涓嶈兘鎺ュ彈鐨勩?/p>

Java 浠g爜紺轟緥

涓嬫枃灝嗕互 Java 涓轟緥錛屽涓婅堪涓夌鏂規硶鍒嗗埆鐢ㄤ唬鐮佽繘琛岀ず渚嬨傛棤璁轟嬌鐢ㄤ綍縐嶆柟娉曪紝鍦ㄦ湇鍔″櫒绔殑鎷︽埅鍣ㄥ繀涓嶅彲灝戯紝瀹冨皢璐熻矗媯鏌ュ埌鏉ョ殑璇鋒眰鏄惁絎﹀悎瑕佹眰錛岀劧鍚庤緇撴灉鑰屽喅瀹氭槸鍚︾戶緇姹傛垨鑰呬涪寮冦傚湪 Java 涓紝鎷︽埅鍣ㄦ槸鐢?Filter 鏉ュ疄鐜扮殑銆傛垜浠彲浠ョ紪鍐欎竴涓?Filter錛屽茍鍦?web.xml 涓鍏惰繘琛岄厤緗紝浣垮叾瀵逛簬璁塊棶鎵鏈夐渶瑕?CSRF 淇濇姢鐨勮祫婧愮殑璇鋒眰榪涜鎷︽埅銆?/p>

鍦?filter 涓璇鋒眰鐨?Referer 楠岃瘉浠g爜濡備笅
娓呭崟 1. 鍦?Filter 涓獙璇?Referer

1
2
3
4
5
6
7
8
// 浠?HTTP 澶翠腑鍙栧緱 Referer 鍊?
 String referer=request.getHeader("Referer"); 
 // 鍒ゆ柇 Referer 鏄惁浠?bank.example 寮澶?
 if((referer!=null) &&(referer.trim().startsWith(“bank.example”))){ 
    chain.doFilter(request, response); 
 }else
    request.getRequestDispatcher(“error.jsp”).forward(request,response); 
 }

浠ヤ笂浠g爜鍏堝彇寰?Referer 鍊鹼紝鐒跺悗榪涜鍒ゆ柇錛屽綋鍏墮潪絀哄茍浠?bank.example 寮澶存椂錛屽垯緇х畫璇鋒眰錛屽惁鍒欑殑璇濆彲鑳芥槸 CSRF 鏀誨嚮錛岃漿鍒?error.jsp 欏甸潰銆?/p>

濡傛灉瑕佽繘涓姝ラ獙璇佽姹備腑鐨?token 鍊鹼紝浠g爜濡備笅

1
<em><strong>娓呭崟 2. 鍦?filter 涓獙璇佽姹備腑鐨?lt;/strong></em> token
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
HttpServletRequest req = (HttpServletRequest)request; 
 HttpSession s = req.getSession(); 
  
 // 浠?session 涓緱鍒?csrftoken 灞炴?
 String sToken = (String)s.getAttribute(“csrftoken”); 
 if(sToken == null){ 
  
    // 浜х敓鏂扮殑 token 鏀懼叆 session 涓?
    sToken = generateToken(); 
    s.setAttribute(“csrftoken”,sToken); 
    chain.doFilter(request, response); 
 } else
  
    // 浠?HTTP 澶翠腑鍙栧緱 csrftoken 
    String xhrToken = req.getHeader(“csrftoken”); 
  
    // 浠庤姹傚弬鏁頒腑鍙栧緱 csrftoken 
    String pToken = req.getParameter(“csrftoken”); 
    if(sToken != null && xhrToken != null && sToken.equals(xhrToken)){ 
        chain.doFilter(request, response); 
    }else if(sToken != null && pToken != null && sToken.equals(pToken)){ 
        chain.doFilter(request, response); 
    }else
        request.getRequestDispatcher(“error.jsp”).forward(request,response); 
    
 }

棣栧厛鍒ゆ柇 session 涓湁娌℃湁 csrftoken錛屽鏋滄病鏈夛紝鍒欒涓烘槸絎竴嬈¤闂紝session 鏄柊寤虹珛鐨勶紝榪欐椂鐢熸垚涓涓柊鐨?token錛屾斁浜?session 涔嬩腑錛屽茍緇х畫鎵ц璇鋒眰銆傚鏋?session 涓凡緇忔湁 csrftoken錛屽垯璇存槑鐢ㄦ埛宸茬粡涓庢湇鍔″櫒涔嬮棿寤虹珛浜嗕竴涓椿璺冪殑 session錛岃繖鏃惰鐪嬭繖涓姹備腑鏈夋病鏈夊悓鏃墮檮甯﹁繖涓?token錛岀敱浜庤姹傚彲鑳芥潵鑷簬甯歌鐨勮闂垨鏄?XMLHttpRequest 寮傛璁塊棶錛屾垜浠垎鍒皾璇曚粠璇鋒眰涓幏鍙?csrftoken 鍙傛暟浠ュ強浠?HTTP 澶翠腑鑾峰彇 csrftoken 鑷畾涔夊睘鎬у茍涓?session 涓殑鍊艱繘琛屾瘮杈冿紝鍙鏈変竴涓湴鏂瑰甫鏈夋湁鏁?token錛屽氨鍒ゅ畾璇鋒眰鍚堟硶錛屽彲浠ョ戶緇墽琛岋紝鍚﹀垯灝辮漿鍒伴敊璇〉闈€傜敓鎴?token 鏈夊緢澶氱鏂規硶錛屼換浣曠殑闅忔満綆楁硶閮藉彲浠ヤ嬌鐢紝Java 鐨?UUID 綾諱篃鏄竴涓笉閿欑殑閫夋嫨銆?/p>

闄や簡鍦ㄦ湇鍔″櫒绔埄鐢?filter 鏉ラ獙璇?token 鐨勫間互澶栵紝鎴戜滑榪橀渶瑕佸湪瀹㈡埛绔粰姣忎釜璇鋒眰闄勫姞涓婅繖涓?token錛岃繖鏄埄鐢?js 鏉ョ粰 html 涓殑閾炬帴鍜岃〃鍗曡姹傚湴鍧闄勫姞 csrftoken 浠g爜錛屽叾涓凡瀹氫箟 token 涓哄叏灞鍙橀噺錛屽叾鍊煎彲浠ヤ粠 session 涓緱鍒般?/p>

1
<em><strong>娓呭崟 3. 鍦ㄥ鎴風瀵逛簬璇鋒眰闄勫姞</strong> </em>token
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
function appendToken(){ 
    updateForms(); 
    updateTags(); 
 
  
 function updateForms() { 
    // 寰楀埌欏甸潰涓墍鏈夌殑 form 鍏冪礌
    var forms = document.getElementsByTagName('form'); 
    for(i=0; i<forms.length; i++) { 
        var url = forms[i].action; 
  
        // 濡傛灉榪欎釜 form 鐨?action 鍊間負絀猴紝鍒欎笉闄勫姞 csrftoken 
        if(url == null || url == "" ) continue
  
        // 鍔ㄦ佺敓鎴?input 鍏冪礌錛屽姞鍏ュ埌 form 涔嬪悗
        var e = document.createElement("input"); 
        e.name = "csrftoken"
        e.value = token; 
        e.type="hidden"
        forms[i].appendChild(e); 
    
 
  
 function updateTags() { 
    var all = document.getElementsByTagName('a'); 
    var len = all.length; 
  
    // 閬嶅巻鎵鏈?a 鍏冪礌
    for(var i=0; i<len; i++) { 
        var e = all[i]; 
        updateTag(e, 'href', token); 
    
 
  
 function updateTag(element, attr, token) { 
    var location = element.getAttribute(attr); 
    if(location != null && location != '' '' ) { 
        var fragmentIndex = location.indexOf('#'); 
        var fragment = null
        if(fragmentIndex != -1){ 
  
            //url 涓惈鏈夊彧鐩稿綋欏電殑閿氭爣璁?
            fragment = location.substring(fragmentIndex); 
            location = location.substring(0,fragmentIndex); 
        
  
        var index = location.indexOf('?'); 
  
        if(index != -1) { 
            //url 涓凡鍚湁鍏朵粬鍙傛暟
            location = location + '&csrftoken=' + token; 
        } else
            //url 涓病鏈夊叾浠栧弬鏁?
            location = location + '?csrftoken=' + token; 
        
        if(fragment != null){ 
            location += fragment; 
        
  
        element.setAttribute(attr, location); 
    
 }

鍦ㄥ鎴風 html 涓紝涓昏鏄湁涓や釜鍦版柟闇瑕佸姞涓?token錛屼竴涓槸琛ㄥ崟 form錛屽彟涓涓氨鏄摼鎺?a銆傝繖孌典唬鐮侀鍏堥亶鍘嗘墍鏈夌殑 form錛屽湪 form 鏈鍚庢坊鍔犱竴闅愯棌瀛楁錛屾妸 csrftoken 鏀懼叆鍏朵腑銆傜劧鍚庯紝浠g爜閬嶅巻鎵鏈夌殑閾炬帴鏍囪 a錛屽湪鍏?href 灞炴т腑鍔犲叆 csrftoken 鍙傛暟銆傛敞鎰忓浜?a.href 鏉ヨ錛屽彲鑳借灞炴у凡緇忔湁鍙傛暟錛屾垨鑰呮湁閿氭爣璁般傚洜姝ら渶瑕佸垎鎯呭喌璁ㄨ錛屼互涓嶅悓鐨勬牸寮忔妸 csrftoken 鍔犲叆鍏朵腑銆?/p>

濡傛灉浣犵殑緗戠珯浣跨敤 XMLHttpRequest錛岄偅涔堣繕闇瑕佸湪 HTTP 澶翠腑鑷畾涔?csrftoken 灞炴э紝鍒╃敤 dojo.xhr 緇?XMLHttpRequest 鍔犱笂鑷畾涔夊睘鎬т唬鐮佸涓嬶細

1
<strong><em>娓呭崟 4. 鍦?HTTP 澶翠腑鑷畾涔夊睘鎬?lt;/em></strong>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
                 
var plainXhr = dojo.xhr; 
 
// 閲嶅啓 dojo.xhr 鏂規硶
dojo.xhr = function(method,args,hasBody) { 
   // 紜繚 header 瀵硅薄瀛樺湪
   args.headers = args.header || {}; 
 
   tokenValue = '<%=request.getSession(false).getAttribute("csrftoken")%>'
   var token = dojo.getObject("tokenValue"); 
 
   // 鎶?csrftoken 灞炴ф斁鍒板ご涓?
   args.headers["csrftoken"] = (token) ? token : "  "
   return plainXhr(method,args,hasBody); 
};

榪欓噷鏀瑰啓浜?dojo.xhr 鐨勬柟娉曪紝棣栧厛紜繚 dojo.xhr 涓瓨鍦?HTTP 澶達紝鐒跺悗鍦?args.headers 涓坊鍔?csrftoken 瀛楁錛屽茍鎶?token 鍊間粠 session 閲屾嬁鍑烘斁鍏ュ瓧孌典腑銆?/p>

CSRF 闃插盡鏂規硶閫夋嫨涔嬮亾

閫氳繃涓婃枃璁ㄨ鍙煡錛岀洰鍓嶄笟鐣屽簲瀵?CSRF 鏀誨嚮鏈変竴浜涘厠鍒舵柟娉曪紝浣嗘槸姣忕鏂規硶閮芥湁鍒╁紛錛屾病鏈変竴縐嶆柟娉曟槸瀹岀編鐨勩傚浣曢夋嫨鍚堥傜殑鏂規硶闈炲父閲嶈銆傚鏋滅綉绔欐槸涓涓幇鏈夌郴緇燂紝鎯寵鍦ㄦ渶鐭椂闂村唴鑾峰緱涓瀹氱▼搴︾殑 CSRF 鐨勪繚鎶わ紝閭d箞楠岃瘉 Referer 鐨勬柟娉曟槸鏈鏂逛究鐨勶紝瑕佹兂澧炲姞瀹夊叏鎬х殑璇濓紝鍙互閫夋嫨涓嶆敮鎸佷綆鐗堟湰嫻忚鍣紝姣曠珶灝辯洰鍓嶆潵璇達紝IE7+, FF3+ 榪欑被楂樼増鏈祻瑙堝櫒鐨?Referer 鍊艱繕鏃犳硶琚鏀廣?/p>

濡傛灉緋葷粺蹇呴』鏀寔 IE6錛屽茍涓斾粛鐒墮渶瑕侀珮瀹夊叏鎬с傞偅涔堝氨瑕佷嬌鐢?token 鏉ヨ繘琛岄獙璇侊紝鍦ㄥぇ閮ㄥ垎鎯呭喌涓嬶紝浣跨敤 XmlHttpRequest 騫朵笉鍚堥傦紝token 鍙兘浠ュ弬鏁扮殑褰㈠紡鏀句簬璇鋒眰涔嬩腑錛岃嫢浣犵殑緋葷粺涓嶆敮鎸佺敤鎴瘋嚜宸卞彂甯冧俊鎭紝閭h繖縐嶇▼搴︾殑闃叉姢宸茬粡瓚沖錛屽惁鍒欑殑璇濓紝浣犱粛鐒墮毦浠ラ槻鑼?token 琚粦瀹㈢獌鍙栧茍鍙戝姩鏀誨嚮銆傚湪榪欑鎯呭喌涓嬶紝浣犻渶瑕佸皬蹇冭鍒掍綘緗戠珯鎻愪緵鐨勫悇縐嶆湇鍔★紝浠庝腑闂存壘鍑洪偅浜涘厑璁哥敤鎴瘋嚜宸卞彂甯冧俊鎭殑閮ㄥ垎錛屾妸瀹冧滑涓庡叾浠栨湇鍔″垎寮錛屼嬌鐢ㄤ笉鍚岀殑 token 榪涜淇濇姢錛岃繖鏍峰彲浠ユ湁鏁堟姷寰¢粦瀹㈠浜庝綘鍏抽敭鏈嶅姟鐨勬敾鍑伙紝鎶婂嵄瀹抽檷鍒版渶浣庛傛瘯绔燂紝鍒犻櫎鍒漢涓涓笘瀛愭瘮鐩存帴浠庡埆浜鴻處鍙蜂腑杞蛋澶х瑪瀛樻涓ラ噸紼嬪害瑕佽交鐨勫銆?/p>

濡傛灉鏄紑鍙戜竴涓叏鏂扮殑緋葷粺錛屽垯鎶靛盡 CSRF 鐨勯夋嫨瑕佸ぇ寰楀銆傜瑪鑰呭緩璁浜庨噸瑕佺殑鏈嶅姟錛屽彲浠ュ敖閲忎嬌鐢?XMLHttpRequest 鏉ヨ闂紝榪欐牱澧炲姞 token 瑕佸鏄撳緢澶氥傚彟澶栧敖閲忛伩鍏嶅湪 js 浠g爜涓嬌鐢ㄥ鏉傞昏緫鏉ユ瀯閫犲父瑙勭殑鍚屾璇鋒眰鏉ヨ闂渶瑕?CSRF 淇濇姢鐨勮祫婧愶紝姣斿 window.location 鍜?document.createElement(“a”) 涔嬬被錛岃繖鏍蜂篃鍙互鍑忓皯鍦ㄩ檮鍔?token 鏃朵駭鐢熺殑涓嶅繀瑕佺殑楹葷儲銆?/p>

鏈鍚庯紝瑕佽浣?CSRF 涓嶆槸榛戝鍞竴鐨勬敾鍑繪墜孌碉紝鏃犺浣?CSRF 闃茶寖鏈夊涔堜弗瀵嗭紝濡傛灉浣犵郴緇熸湁鍏朵粬瀹夊叏婕忔礊錛屾瘮濡傝法绔欏煙鑴氭湰鏀誨嚮 XSS錛岄偅涔堥粦瀹㈠氨鍙互緇曡繃浣犵殑瀹夊叏闃叉姢錛屽睍寮鍖呮嫭 CSRF 鍦ㄥ唴鐨勫悇縐嶆敾鍑伙紝浣犵殑闃茬嚎灝嗗鍚岃櫄璁俱?/p>

鎬葷粨涓庡睍鏈?/strong>

鍙錛孋SRF 鏄竴縐嶅嵄瀹抽潪甯稿ぇ鐨勬敾鍑伙紝鍙堝緢闅句互闃茶寖銆傜洰鍓嶅嚑縐嶉槻寰$瓥鐣ヨ櫧鐒跺彲浠ュ緢澶х▼搴︿笂鎶靛盡 CSRF 鐨勬敾鍑伙紝浣嗗茍娌℃湁涓縐嶅畬緹庣殑瑙e喅鏂規銆備竴浜涙柊鐨勬柟妗堟鍦ㄧ爺絀朵箣涓紝姣斿瀵逛簬姣忔璇鋒眰閮戒嬌鐢ㄤ笉鍚岀殑鍔ㄦ佸彛浠わ紝鎶?Referer 鍜?token 鏂規緇撳悎璧鋒潵錛岀敋鑷沖皾璇曚慨鏀?HTTP 瑙勮寖錛屼絾鏄繖浜涙柊鐨勬柟妗堝皻涓嶆垚鐔燂紝瑕佹寮忔姇鍏ヤ嬌鐢ㄥ茍琚笟鐣屽箍涓烘帴鍙楄繕闇鏃舵棩銆傚湪榪欎箣鍓嶏紝鎴戜滑鍙湁鍏呭垎閲嶈 CSRF錛屾牴鎹郴緇熺殑瀹為檯鎯呭喌閫夋嫨鏈鍚堥傜殑絳栫暐錛岃繖鏍鋒墠鑳芥妸 CSRF 鐨勫嵄瀹抽檷鍒版渶浣庛?/p>

]]>