安全处理身份验证检查的最佳方法是使用REST / JSON / PHP / AJAX跨域

I am using PHP/CodeIgniter and Tank_Auth library for authentication both on site.com and via the API, and a very basic REST API from Phil Sturgeon.

Right now when a user fills in username/password on Site1. It makes an API call like so:

http://site2.com/api/index/authenticate?username=jdoe&password=123456

On Site2.com: index/authenticate uses tank_auth library to compare username/password to what is stored in the database.

My Question: Is there a standard to encrypt the password during submission and then decrypt on the other side? Or would an SSL certificate be sufficient?

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
douzhuoxia0587 2012-02-03 01:14
关注
how about creating a hash of the 2 with some "salt", pass that in the query string, then make sure it matches by running the same hash on the 2nd server.

http://site2.com/api/index/authenticate?username=jdoe&password=123456&cs=fds34wsef3ewtdfgw54ty43wg

make sure you keep the salt secret... not too sure about passing this in GET, especially passwords - maybe you could pass a separate id hash instead of the password. Definitely use POST though, and ideally SSL. The more you can obfuscate,encrypt the more secure this will be
本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

悬赏问题

¥15 Qt下使用tcp获取数据的详细操作
¥15 idea右下角设置编码是灰色的
¥15 全志H618ROM新增分区
¥20 jupyter保存图像功能的实现
¥15 在grasshopper里DrawViewportWires更改预览后，禁用电池仍然显示
¥15 NAO机器人的录音程序保存问题
¥15 C#读写EXCEL文件，不同编译
¥15 MapReduce结果输出到HBase，一直连接不上MySQL
¥15 扩散模型sd.webui使用时报错“Nonetype”
¥15 stm32流水灯＋呼吸灯＋外部中断按键

安全处理身份验证检查的最佳方法是使用REST / JSON / PHP / AJAX跨域

1条回答 默认 最新

悬赏问题

1条回答默认最新