dsft8327 2012-02-03 01:06
浏览 59
已采纳

安全处理身份验证检查的最佳方法是使用REST / JSON / PHP / AJAX跨域

I am using PHP/CodeIgniter and Tank_Auth library for authentication both on site.com and via the API, and a very basic REST API from Phil Sturgeon.

Right now when a user fills in username/password on Site1. It makes an API call like so:

http://site2.com/api/index/authenticate?username=jdoe&password=123456

On Site2.com: index/authenticate uses tank_auth library to compare username/password to what is stored in the database.

My Question: Is there a standard to encrypt the password during submission and then decrypt on the other side? Or would an SSL certificate be sufficient?

  • 写回答

1条回答 默认 最新

  • douzhuoxia0587 2012-02-03 01:14
    关注

    how about creating a hash of the 2 with some "salt", pass that in the query string, then make sure it matches by running the same hash on the 2nd server. 

    http://site2.com/api/index/authenticate?username=jdoe&password=123456&cs=fds34wsef3ewtdfgw54ty43wg

    make sure you keep the salt secret... not too sure about passing this in GET, especially passwords - maybe you could pass a separate id hash instead of the password. Definitely use POST though, and ideally SSL. The more you can obfuscate,encrypt the more secure this will be

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥50 有数据,怎么建立模型求影响全要素生产率的因素
  • ¥50 有数据,怎么用matlab求全要素生产率
  • ¥15 TI的insta-spin例程
  • ¥15 完成下列问题完成下列问题
  • ¥15 C#算法问题, 不知道怎么处理这个数据的转换
  • ¥15 YoloV5 第三方库的版本对照问题
  • ¥15 请完成下列相关问题!
  • ¥15 drone 推送镜像时候 purge: true 推送完毕后没有删除对应的镜像,手动拷贝到服务器执行结果正确在样才能让指令自动执行成功删除对应镜像,如何解决?
  • ¥15 求daily translation(DT)偏差订正方法的代码
  • ¥15 js调用html页面需要隐藏某个按钮