前端还是后端加密?
[英]FrontEnd or BackEnd encrypting?
问题描述
I'm building a system requiring a password. 
我正在建立一个需要密码的系统。 My question is, should I encrypt it frontend or backend? 我的问题是,我应该加密前端还是后端? If I do it frontend (with javascript probably) then everyone could crack the encryption = big security issue. 如果我使用前端(可能使用JavaScript),那么每个人都可以破解加密=大安全性问题。 But if I do it backend, then the plain password has to be sent somehow which also will create a security hole. 但是,如果我在后端进行操作,则必须以某种方式发送普通密码,这也会造成安全漏洞。 So my question is how I should do this properly? 所以我的问题是如何正确执行此操作?
2 个解决方案
解决方案1
4 已采纳 2014-01-01 14:35:53
You should never try to create your own security protocols or throw around your own crypto. 您永远不要尝试创建自己的安全协议或扔掉自己的加密货币。 It is recommended to use the best standards available. 建议使用现有的最佳标准。 To achieve what you're trying to do, I'd use a standard HTTPS/SSL protocol. 为了实现您要执行的操作,我将使用标准的HTTPS / SSL协议。 And yes, as 'damphat' mentions, salting passwords is crucial, along with latest hash functions. 是的,正如“ damphat”所提到的,加盐密码以及最新的哈希功能至关重要。
解决方案2
0 2014-01-01 14:34:19
Your encryption should be on the server. 您的加密应该在服务器上。 As long as you are sending the plain text password over HTTPS, the password is safe from everyone except the NSA :) 只要您通过HTTPS发送纯文本密码,除NSA之外,每个人都可以使用该密码:)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.