Security purpose
Question
发送到服务器之前如何加密客户端登录?
4 answers
solution1
5 2011-04-13 11:58:22
You should use HTTPS.
Building security by yourself is hard , and you are very likely to get it wrong.
You should stick with the systems that the experts use.
On the server, remember to hash and salt the passwords, preferably using bcrypt.
solution2
3 2011-04-13 11:59:35
There's one very simple solution. SSL . Ensure that all your login activities are served via https:// URLs.
The way that you do this, at least the "setting the server up" part vary depending on what web server you're using. You'd be better off asking a question of that nature on http://www.serverfault.com/
solution3
1 2011-04-13 12:00:22
You can only use https - any client side encryption would be viewable on the client and therefore useless. There is SO question on this: password encryption at client side
solution4
0 2011-04-13 12:06:58
You should really use HTTPS, but if you can't use HTTPS then the alternative is to create a hash.
- Server generates a random 'salt' for the session
- JavaScript on client-side creates a cryptographically secure hash of the user's password and the salt.
- Hash is sent to the server, you can then retrieve the password from the database, create a hash using the salt for the session and the password from the DB and check if it is the same as the one sent from the client. - If it is then the password is a match.
An example of using JavaScript to protect passwords: http://pajhome.org.uk/crypt/md5/auth.html
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.