堆栈内存溢出
  简体   繁体   English

使用 MD5 从前端安全地向后端发送密码

[英]Sending password safely from the front-end to the back-end using MD5

 原文  2016-06-08 11:23:36       security/ https/ cryptography/ passwords

问题描述

I've encrypted a password field in my DB by MD5, and I handle it encrypted in my back-end, but when user types their password in, it is in plain text.我已经通过 MD5 加密了数据库中的密码字段,并在后端对其进行了加密处理,但是当用户输入密码时,它是纯文本格式。

Is there a safe way to pass the password from the front-end to the back-end?有没有安全的方式将密码从前端传递到后端? MD5 doesn´t have sense in this case...在这种情况下,MD5 没有意义......

NOTE: I'm using HTTPS and the POST Method.注意:我正在使用 HTTPS 和 POST 方法。

3 个解决方案

解决方案1
 34  2016-06-08 15:39:57

While the accepted answer correctly describes how you should STORE passwords on the server side, the question was actually on how to transmit password safely from client to server.虽然接受的答案正确地描述了您应该如何在服务器端存储密码,但问题实际上是关于如何将密码从客户端安全地传输到服务器。

I just want to make clear that the salting and hashing is done at the server side .我只想说明加盐和散列是在服务器端完成的。 The client would just sent the clear text password over a secure connection ( HTTPS ) to the server.客户端只需通过安全连接 ( HTTPS ) 将明文密码发送到服务器。

解决方案2
 18 已采纳  2016-06-08 14:10:12

You can think about the following steps to protect the password:您可以考虑以下步骤来保护密码:

  1. Use HTTPS preferably with HSTS to protect the passwords during transport;最好使用 HTTPS 和 HSTS 来保护传输过程中的密码;

  2. Use a password hash such as bcrypt instead of MD5 to protect the password on the server.使用密码哈希(例如 bcrypt)而不是 MD5 来保护服务器上的密码。

    • HASH passwords with salt ;盐的HASH 密码;
    • use a high work factor for bcrypt.为 bcrypt 使用高工作系数。

MD5 is not the best way to hash. MD5 不是最好的散列方法。 MD5 is not considered secure anymore. MD5 不再被认为是安全的。

MD5 is not encryption; MD5 不是加密; don't encrypt passwords, hash them, encryption can be decrypted, hashing cannot be reversed.不要加密密码,散列它们,加密可以解密,散列不能逆转。

解决方案3
 0  2021-03-22 14:54:23

Passwords in database must be hashed and kept to secure user's account in case of any unfortunate database leak or hack.数据库中的密码必须散列并保存以保护用户帐户,以防万一发生任何不幸的数据库泄漏或黑客攻击。 But this does not secure the data passed on the network from frontend to backend.但这并不能保护从前端到后端在网络上传递的数据。 For the same using HTTPS helps to encrypt all data passing on the network.同样,使用 HTTPS 有助于加密在网络上传递的所有数据。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何构建安全的前端和后端? - How to build Front-End apart from Back-End with security? 为多个前端域设置安全的后端NodeJS服务器 - Setting up a secure back-end NodeJS server for multiple front-end domains 确保前端和后端之间通信的最佳方式 - Best way to secure the communication between front-end and back-end 安全/安全地将配置信息发送到前端 - Safely / securely send configuration information to front-end 前端的身份 - Identity in front-end 与前端/后端位于两个不同域上的CORS控制相比,CSRF保护如何为我提供更高的安全性? - How does CSRF protection give me greater security than CORS control with front-end/back-end being on two different domains? 前端应用程序的安全性 - Security in front-end applications 有关使用一个应用程序作为前端登录另一个应用程序的建议 - Advice on using one application as a front-end for logging into another application 从单独的前端(交叉原点)访问不同的主机 - Accessing different host from separate front-end (cross origin) 出于安全考虑,从前端预览和发布图像 - Preview and posting images from front-end with WordPress security concerns
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM