[英]Sending password safely from the front-end to the back-end using MD5
I've encrypted a password field in my DB by MD5, and I handle it encrypted in my back-end, but when user types their password in, it is in plain text.我已经通过 MD5 加密了数据库中的密码字段,并在后端对其进行了加密处理,但是当用户输入密码时,它是纯文本格式。
Is there a safe way to pass the password from the front-end to the back-end?有没有安全的方式将密码从前端传递到后端? MD5 doesn´t have sense in this case...
在这种情况下,MD5 没有意义......
NOTE: I'm using HTTPS and the POST Method.注意:我正在使用 HTTPS 和 POST 方法。
While the accepted answer correctly describes how you should STORE passwords on the server side, the question was actually on how to transmit password safely from client to server.虽然接受的答案正确地描述了您应该如何在服务器端存储密码,但问题实际上是关于如何将密码从客户端安全地传输到服务器。
I just want to make clear that the salting and hashing is done at the server side .我只想说明加盐和散列是在服务器端完成的。 The client would just sent the clear text password over a secure connection (
HTTPS
) to the server.客户端只需通过安全连接 (
HTTPS
) 将明文密码发送到服务器。
You can think about the following steps to protect the password:您可以考虑以下步骤来保护密码:
Use HTTPS preferably with HSTS to protect the passwords during transport;最好使用 HTTPS 和 HSTS 来保护传输过程中的密码;
Use a password hash such as bcrypt instead of MD5 to protect the password on the server.使用密码哈希(例如 bcrypt)而不是 MD5 来保护服务器上的密码。
MD5 is not the best way to hash. MD5 不是最好的散列方法。 MD5 is not considered secure anymore.
MD5 不再被认为是安全的。
MD5 is not encryption; MD5 不是加密; don't encrypt passwords, hash them, encryption can be decrypted, hashing cannot be reversed.
不要加密密码,散列它们,加密可以解密,散列不能逆转。
Passwords in database must be hashed and kept to secure user's account in case of any unfortunate database leak or hack.数据库中的密码必须散列并保存以保护用户帐户,以防万一发生任何不幸的数据库泄漏或黑客攻击。 But this does not secure the data passed on the network from frontend to backend.
但这并不能保护从前端到后端在网络上传递的数据。 For the same using HTTPS helps to encrypt all data passing on the network.
同样,使用 HTTPS 有助于加密在网络上传递的所有数据。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.