weixin_33735676 2020-04-07 02:04 采纳率: 0%
浏览 74

如何在JavaScript中加密

I want to use the same domain site for login authentication in the system I'm currently creating.

I was able to confirm that the login information is correct using Ajax, and I'm using HTTPS communication. But no matter how much I use HTTPS, I don't want to send my password in plain text. I want to send it encrypted so that it can be compounded with .

The system that verifies your login information is .NET, so you have to be able to compound there.

I also don't know if it's common to encrypt passwords even when using HTTPS communication.

login.js

var app = new Vue({
    el: "#app",  
    data: {      
        url: "https://********",
        user: "",
        password: ""
    },
    methods: {
        login: function () { 

            //I want to encrypt it here.

            axios.post(this.url, {
                user: this.user,
                password: this.password
            })
                .then(function (response) {
                    // alert('OK');
                    // alert(response);
                    console.log(response);
                })
                .catch(function (error) {
                    alert('NO');
                    // alert(error);
                });
        }
    }
})
  • 写回答

2条回答 默认 最新

  • ~Onlooker 2020-04-07 02:13
    关注

    There's no advantage in sending your password encrypted if you are already using HTTPS, the data will be well encrypted already. You will just add more overhead.

    You might focus your concerns on how the server side handles the receives data:

    1. Does it store plain-text passwords anywhere? If yes, stop doing that. You should store hashed passwords (hashed, not encrypted) instead.
    2. Is possible that some error make the password visible in error logs? If yes, fix it.
    3. Is you server safe enough? Attackers will probably use server vulnerability to grab your data instead of trying to intercept and decrypt an HTTPS connection.
    4. Is your HTTPS setup correctly? (Use https://www.ssllabs.com/ssltest/ until you get A grade ssl)
    评论

报告相同问题?

悬赏问题

  • ¥15 BV260Y用MQTT向阿里云发布主题消息一直错误
  • ¥20 求个正点原子stm32f407开发版的贪吃蛇游戏
  • ¥15 划分vlan后,链路不通了?
  • ¥20 求各位懂行的人,注册表能不能看到usb使用得具体信息,干了什么,传输了什么数据
  • ¥15 Vue3 大型图片数据拖动排序
  • ¥15 Centos / PETGEM
  • ¥15 划分vlan后不通了
  • ¥20 用雷电模拟器安装百达屋apk一直闪退
  • ¥15 算能科技20240506咨询(拒绝大模型回答)
  • ¥15 自适应 AR 模型 参数估计Matlab程序