使用jqTouch和HTML5保护iPhone WebApp安全
[英]secure iPhone WebApp with jqTouch and HTML5
问题描述
I have a little WebApp (just one html-File with 200 lines of code) running on a free webhosting provider. 
我有一个免费的虚拟主机提供商上运行的WebApp(只有一个html文件,带有200行代码)。 I want to have limited access to the WebApp, so not everyone can see the page. 我想限制对WebApp的访问,所以并不是每个人都可以看到该页面。 I also need only one user with password to login. 我还只需要一个具有密码的用户即可登录。
Is it possible to easy integrate a user login only in Javascript, JqTouch and html? 是否可以仅在Javascript,JqTouch和html中轻松集成用户登录?
3 个解决方案
解决方案1
2 2011-11-28 21:10:22
You could encrypt the meaningful source, and on initial launch just have a text field that requires the user the enter the key: 您可以加密有意义的源,并且在首次启动时仅具有一个文本字段,要求用户输入密钥:
http://crypto.stanford.edu/sjcl/ http://crypto.stanford.edu/sjcl/
http://bitwiseshiftleft.github.com/sjcl/demo/ http://bitwiseshiftleft.github.com/sjcl/demo/
here's a sample page to get you started: http://robotwoods.com/dev/so_crypt.html 这是一个入门示例页面: http : //robotwoods.com/dev/so_crypt.html
Here's the code (I know links are suspicious): 这是代码(我知道链接可疑):
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<meta name="viewport" content="width=device-width, user-scalable=no">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="apple-mobile-web-app-capable" content="yes" />
<head>
<title>Encrypted Site</title>
<style>
body {font-family:"Trebuchet MS", Arial, Helvetica, sans-serif;}
#wrap {position:relative; width:500px; height:550px; margin-left:auto; margin-right:auto;}
#pwd {position:absolute; width:120px; top:100px; padding-left:170px; height:50px; margin-left:auto; margin-right:auto;}
</style>
<script type="text/javascript" src="http://crypto.stanford.edu/sjcl/sjcl.js"></script>
<script>
//--------------HERE IS THE ENCRYPTED CONTENT
kt="{iv:\"oMnhqxC9DhBgaZjHvm354g\",salt:\"gxZ08m1I5DY\",ct:\"TIKmKXfzkWaxBJ0nbyMVYo9/tvmlIeuIE4Aknt7j7H4t+bk\"}";
</script>
</head>
<body><div id="wrap"><div id="main">
<div id="pwd">S.O. Username:<input id='pass' type='text'/><button onclick="login_test()">Login</button></div>
</div></div></body>
<script>
function login_test(){
try{document.getElementById('main').innerHTML=sjcl.decrypt(document.getElementById('pass').value,kt);}
catch(err){document.getElementById('main').innerHTML+='<div id=\"error\" style=\"color:#F00\"><br/>This is not for you</div>';}
}
</script>
</html>
解决方案2
2 2011-11-28 21:10:57
With only Javascript you can but you shouldn't do it : Everyone can see it. 仅使用Javascript,您可以但不应该这样做:每个人都可以看到。 Please, consider using a server-side language (such as PHP, ASP or whatever). 请考虑使用服务器端语言(例如PHP,ASP或任何其他语言)。
解决方案3
1 2011-11-28 21:10:47
If it's just one page, then no. 如果只有一页,则不会。 Even if you hid stuff behind a login (which is doable), anyone could figure out what was happening by just looking at the html code, as javascript, jqtouch and html are all client-side. 即使您将内容隐藏在登录名后面(这是可行的),任何人都可以通过查看html代码来了解正在发生的情况,因为javascript,jqtouch和html都是客户端。
You would need to implement something else on the server-side to authenticate and then deliver content. 您将需要在服务器端实现其他功能以进行身份验证,然后交付内容。
If you only care about showing a login and don't really need security, then you can implement a login and such for demonstration purposes. 如果您只关心显示登录名而实际上并不需要安全性,那么可以出于演示目的实现登录名等。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.