使用Wireshark在Codeigniter测试中实现安全登录
[英]Implement secure login in Codeigniter test with Wireshark
问题描述
Today I try to test my website which build with codeigniter. 
今天我尝试用codeigniter来测试我的网站。 I try to check that using Wireshark (for network administrator). 我尝试使用Wireshark检查(对于网络管理员)。 But in traffic, I still see the username and password login. 但在流量方面,我仍然看到用户名和密码登录。 So maybe any ideas to solve this problem. 所以也许任何想法来解决这个问题。 maybe someone else have this problem too. 也许其他人也有这个问题。
Here is my controller 这是我的控制器
public function val()
{
$this->form();
if($this->form_validation->run()==FALSE)
{
$this->load->view('form_login_val');
}else
{
$username = $this->input->post('username');
$password = $this->input->post('password');
$cek = $this->m_login->takevalidator($username, $password );
if($cek <> 0)
{
$this->session->set_userdata('validator_status', TRUE);
redirect('home/validate');
}
else
{
$this->session->set_flashdata('gagal_login', "Username atau password yang anda masukkan salah.");
redirect('reff/val');
}
}
}
Thanks 谢谢
1 个解决方案
解决方案1
3 2016-01-16 01:55:34
As has been mentioned in the comments, if you don't want these fields to be sent unencrypted, you must use HTTPS/SSL; 正如评论中提到的,如果您不希望以未加密的方式发送这些字段,则必须使用HTTPS / SSL; on an unencrypted connection, POST is no more secure than GET. 在未加密的连接上,POST不比GET更安全。
For more details, see this question: How secure is a HTTP POST? 有关更多详细信息,请参阅此问题: HTTP POST的安全性如何?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.