[英]does it make sense to encrypt a password in javascript before submit?
I'm following the example on http://marakana.com/blog/examples/php-implementing-secure-login-with-php-javascript-and-sessions-without-ssl.html 我在http://marakana.com/blog/examples/php-implementing-secure-login-with-php-javascript-and-sessions-without-ssl.html上关注这个例子
The thing I don't fully understand is what is the gain by doing this? 我不完全明白的是这样做有什么好处? The secret word is posted in the form, so anyone who might be sniffing would surely see that secret word, as well as the javascript and be able to figure out the password anyways. 秘密的单词张贴在表单中,所以任何可能正在嗅探的人肯定会看到这个秘密单词,以及javascript,并且无论如何都能找出密码。 Does it really make sense to do this? 这样做真的有意义吗?
An eavesdropper would not be able to derive the password, because they only know: 窃听者无法获取密码,因为他们只知道:
Since hashes are one-way, you cannot derive the password itself from these. 由于哈希是单向的,因此您无法从这些哈希中获取密码。
What you gain : The user has set up a password which the server is able to verify, without having to send the plaintext password itself. 您获得的 :用户设置了服务器能够验证的密码,而无需自行发送明文密码。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.