User-friendliness and security measures are contradictory. While improving security, they usually reduce usability. When you write code for illogical users, you have to think about logical users. It's really hard to strike the right balance, but you have to get it right and no one can replace you because it's your software.
Try to make security measures as transparent to users as possible so that they don't feel that they exist. If it is really impossible, try to use a method that is more common and familiar to users. For example, asking users to enter a username and password before accessing controlled information or services is a good approach.
When you suspect illegal activity, you must be aware that you may be engaging in borrowing. For example, if the system has doubts about the user's identity during user operation, it usually asks the user to enter the password again. This is only a minor inconvenience for legitimate users, but an impenetrable wall for attackers. Technically speaking, this is basically the same as prompting the user to log in again, but the user experience is very different.
There is no need to kick users out of the system and accuse them of being the alleged attacker. These processes can greatly reduce system availability when you make mistakes, and mistakes are inevitable.
In this book, I focus on transparent and commonly used security measures, while I advise everyone to respond carefully and wisely to suspected attacks.
The above is the content of PHP security - balancing risks and availability. For more related content, please pay attention to the PHP Chinese website (m.sbmmt.com)!