不使用JavaScript加密PIN
[英]Encrypting PIN without using JavaScript
问题描述
This is our dilemma. 
这是我们的困境。 We have an app that uses JavaScript to encrypt an entered PIN value. 我们有一个使用JavaScript加密输入的PIN值的应用。 The risk here is the encryption is exposed to the public. 这里的风险是加密是公开的。 Although it is secured because it uses asymmetric key encryption, it is still susceptible to a brute force attack. 尽管由于使用非对称密钥加密而受到保护,但仍然容易受到蛮力攻击。 Something like attacker entering PIN values as trial and error, encrypting it then submitting the request. 像攻击者那样输入PIN值作为试错法,然后将其加密然后提交请求。 So as not to allow an attacker to get hold of the encryption logic, we need another way to hide this. 为了不让攻击者掌握加密逻辑,我们需要另一种隐藏方法。 Moving the encryption logic to the back end would allow the PIN to be exposed during submission (eg can be seen by browser request interceptors). 将加密逻辑移至后端将允许在提交过程中公开PIN(例如,可以由浏览器请求拦截器看到)。
Is there any solution to this? 有什么解决办法吗?
1 个解决方案
解决方案1
1 2015-08-07 06:12:13
Never put your encryption on the client side, you need to do back-end encryption or your logic will get compromised. 切勿将加密放在客户端上,您需要进行后端加密,否则您的逻辑将受到损害。
Always use HTTPS when you are transfering sensitive information to protect it from 3rd-party. 传输敏感信息时,请始终使用HTTPS来保护其免受第三方攻击。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.