为什么我的密码显示在检查元素-网络选项卡中
[英]why is my password shown in inspect element - network tab
问题描述
I have a login page which has a text field and a password field. 
我有一个登录页面,其中包含一个文本字段和一个密码字段。 When I click the submit button, it sends data to a php file which makes sure the data is the same as the hash stored in the database but when I check the inspect element(F12) chrome, in the network tab, the username and the password are shown in plain text. 当我单击提交按钮时,它将数据发送到一个php文件,该文件确保该数据与存储在数据库中的哈希值相同,但是当我在网络标签中检查检查元素(F12)chrome时,在用户名和密码以纯文本显示。
How can I avoid that? 我该如何避免呢?
Any advise about securing login pages will be greatly appreciated. 任何有关保护登录页面的建议将不胜感激。
Thanks in advance. 提前致谢。
1 个解决方案
解决方案1
0 2014-03-14 00:30:54
Even when using an <input> of type password one could inspect it, and change its type to text to see the real password. 即使使用类型为password的<input> ,也可以对其进行检查,并将其类型更改为text以查看真实密码。
Although, this is not very important as long as you unset your users' session cookies every 10 minutes or so of inactivity and prevent them from saving password using their browser (using a dynamic name for login / password inputs should do the trick). 虽然,这并不是很重要,只要您每隔10分钟左右就取消用户会话cookie的设置,并防止他们使用浏览器保存密码(使用动态名称登录/输入密码即可解决问题)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.