dongtang2376 2013-02-14 16:53
浏览 56
已采纳

简单安全登录php / javascript

I want to create a secure login, so I want to encrypt the password before I send it as POST parameter. I am doing it with a SHA1 javascript function.

Then I realize that if someone intercepts the encrypted password, he can use it right away. Sending it as a post parameter the same URL.

How can I be sure that the password comes from the login input field? Maybe with a PHP session? I don't want to use secure http yet. Anyone has a simple alternative?

  • 写回答

4条回答 默认 最新

  • doufu9836 2013-02-14 16:56
    关注

    How can I be sure that the password comes from the login input field?

    You can't.

    The closest thing to that is the usual defences against CSRF … but that will only stop people tricking users into submitting data from their site to your site. It won't protect passwords.

    I don't want to use secure http yet. Anyone has a simple alternative?

    HTTPS is the simple option.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(3条)

报告相同问题?

悬赏问题

  • ¥30 这是哪个作者做的宝宝起名网站
  • ¥60 版本过低apk如何修改可以兼容新的安卓系统
  • ¥25 由IPR导致的DRIVER_POWER_STATE_FAILURE蓝屏
  • ¥50 有数据,怎么建立模型求影响全要素生产率的因素
  • ¥50 有数据,怎么用matlab求全要素生产率
  • ¥15 TI的insta-spin例程
  • ¥15 完成下列问题完成下列问题
  • ¥15 C#算法问题, 不知道怎么处理这个数据的转换
  • ¥15 YoloV5 第三方库的版本对照问题
  • ¥15 请完成下列相关问题!