密码存储在谷歌浏览器的浏览器内存中

Question

When I login and logout from my application, my username and password are stored into chrome browser memory.当我从我的应用程序登录和注销时，我的用户名和密码存储在 Chrome 浏览器内存中。 When I create a dump file from the task manager for that particular process Id and open that file in WinHex tool and search for username or password field I'm able to see my password in clear text and now I want to encrypt or clear that password field.当我从任务管理器为该特定进程 ID 创建转储文件并在 WinHex 工具中打开该文件并搜索用户名或密码字段时，我能够以明文形式看到我的密码，现在我想加密或清除该密码场地。

function onLogin(btnName) {
    var parameters = getFormValues();

    //if (!validateParameter(parameters.userName, parameters.password))
    //    return;

    $.ajaxSetup({
        beforeSend: function (xhr) {
            xhr.setRequestHeader(parameters.antiForgeryTokenName, parameters.antiForgeryToken);
        }
    });
    var getSecuritySettingsUrl = getVirtualDirectoryUpdatedURL("/login/GetSecuritySettings");
    $.ajax({
        url: getSecuritySettingsUrl,
        type: "GET",
        contentType: 'application/json; charset=utf-8',
        success: function (result) {
            try {
                var response;
                if (result.IsHashed) {
                    var decryptedData = decryptWithDefaultSetting(result.viewData);
                    if (decryptedData.isError) {
                        alert(decryptedData.result);
                        return;
                    }
                    response = JSON.parse(decryptedData.result);
                }
                else {
                    response = JSON.parse(result.viewData);
                }

                if (response.IsPasswordHashed) {
                    if (isNullOrUndefined(response.SaltText)) {
                        throw new Error("Please refresh the page and try again");
                    }
                    encriptPass = encryptByInputKey(parameters.form["Password"].value, response.SaltText).result;
                }
                $('#btnType').val(btnName);
                $('form input[name="Password"]').val(encriptPass);
                $('#loginForm').submit();
            } catch (error) {
                console.log(error);
                if (!isNullOrUndefined(error)) {
                    if (!isNullOrUndefined(error.message)) {
                        alert(error.message);
                    }
                    else if (!isNullOrUndefined(error.Message)) {
                        alert(error.Message);
                    }
                    else {
                        alert("Some error has occurred. Please refresh the page and try again");
                    }
                }
            }
        },
        error: function (xhr, textStatus, error) {
            console.log(xhr);
            alert("Please refresh the page and try again : " + xhr.statusText);
        }
    });
}

在此处输入图片说明

Answer 1

I have solved this problem earlier by salting and hashing the user entered password in the UI and passing both the salted value and hash to server for authentication.我之前已经解决了这个问题，方法是对用户在 UI 中输入的密码进行加盐和散列处理，并将加盐值和散列值传递给服务器进行身份验证。 The same salt has to be applied during the server side password validation.在服务器端密码验证期间必须应用相同的盐。

密码存储在谷歌浏览器的浏览器内存中

问题描述

1 个解决方案

解决方案1
0 2020-01-17 06:51:14

密码存储在谷歌浏览器的浏览器内存中

问题描述

1 个解决方案

解决方案1 0 2020-01-17 06:51:14

解决方案1
0 2020-01-17 06:51:14