duanchuan6350 2009-06-07 01:41
浏览 23

安全登录

If I'm trying to secure my login method. From an unsecured server the user enters their login credentials into a standard HTML form, which is POSTing to a script on a secure server. This script does all the necessary login functions, and sends the user back to the insecure server.

My question boils down to this: Is the login information encrypted through SSL before it is POSTed to the secure server, therefore preventing any man-in-the-middle packet sniffing. Or is everything still being sent in the clear, and the form doing the POSTing has to be hosted on the secure server as well?

Thanks

  • 写回答

1条回答 默认 最新

  • doufan6033 2009-06-07 03:25
    关注

    If you post over SSL then the information will travel over the wire encrypted and will prevent packet sniffing.

    Is it possible to also host the actual login form page on the secure server? That way when the user goes to log in to your site they can see that the login page is secured and they can be confident that their login information will be posted using SSL. Otherwise, the user is presented with an unencrypted page where they are asked to enter their credentials and they have no way (short of viewing the HTML source) to know if their information will be submitted using SSL.

    Another question I have is how does the unsecured server "know" that the user has actually been authenticated with the secure server? If it is being done using cookies or a browser redirect (both of which will be unencrypted since the user is being sent back to the unsecured server) then that information will be easily read by anyone on the wire. This could be a security hole where the user's credentials are actually secure but your application/web site is not protected from being accessed by individuals who have actually not authenticated themselves.

    评论

报告相同问题?

悬赏问题

  • ¥15 关于#matlab#的问题:在模糊控制器中选出线路信息,在simulink中根据线路信息生成速度时间目标曲线(初速度为20m/s,15秒后减为0的速度时间图像)我想问线路信息是什么
  • ¥15 banner广告展示设置多少时间不怎么会消耗用户价值
  • ¥16 mybatis的代理对象无法通过@Autowired装填
  • ¥15 可见光定位matlab仿真
  • ¥15 arduino 四自由度机械臂
  • ¥15 wordpress 产品图片 GIF 没法显示
  • ¥15 求三国群英传pl国战时间的修改方法
  • ¥15 matlab代码代写,需写出详细代码,代价私
  • ¥15 ROS系统搭建请教(跨境电商用途)
  • ¥15 AIC3204的示例代码有吗,想用AIC3204测量血氧,找不到相关的代码。