for example, when we are shopping in JD.com, we have to log in first, open the browser console, enter the account number and password, and then click Log in. We will find in the browser network that the password field passed to the background is a string after a burst of encryption. I would like to ask all the bosses how JD.com did it.
you can use js MD5 to send the password after MD5, but the JS source code can also be cracked when people with good intentions see it. There is no absolute security at the front end.
the backend cannot trust any data submitted by the front end
use RSA2 to encrypt with the public key using js at the front end, and decrypt it with the private key after transmitting to the background.
benefit: the ciphertext passed at the front end cannot be decrypted by the public key, even if the packet is caught, others cannot guess the original text (there is no absolute security.)
disadvantages: RSA is inefficient and the length of data that can be passed is limited.
suggestion: use https.
do a simple encryption. The backend gets it, decrypts it, and then matches the password.
for example, using sha256
front end, md5 user name gets a hash, use this hash as secret, use sha256 encryption password to get ciphertext, transmit username and ciphertext as login information
backend, md5 username gets the same hash, use this hash for left secret decrypt ciphertext with sha256 to get password, match database authentication login
this can actually be regarded as wearing a layer of clothes for the password, but it is not of much use for the attack. If the attacker can get the transmission plaintext, he can also log in with the encrypted password, so https can play a protective role.
Previous: Is there a problem with webpack configuration in nuxt? O_0?!
Next: Why is there no assets and components under the Browse of the Nexus I built?
what is the current level of support for vw,vh layouts in mobile browsers? ...
http: shrek.imdevsh.com demo. ask for help: the principle of inertia retardation effect in demo touchmove ...
I ve been looking for it for a long time, but I can t find it. 1. After the direct upload of web is completed, the server cannot know whether the file was uploaded successfully, who uploaded it, and the information of the file 2. Using web to dire...
for example, I request localhost:8080 a b c.cd proxy to http: www.aaaa.com api can you change a b c.cd to a b c , before proxy? means that the agent rewrites the original path before. ...
question 1. The project is a chat application, which needs to display the latest news in the chat window in real time. Using the scrollIntoView method id div for bottom, I want to put it at the bottom. As long as it can be displayed, other chat message...
var myNumber = { value: 1, add: function(i){ var helper = function(i){ console.log(this); this.value += i; } helper(i); } } myNumber.add(1); Why does this this point to window?? The add method called by the myNumber o...
Click the button to show that (Bing s daily wallpaper) is successful, and then when the background of the page changes, it takes time to render, and there will be a white background color. How to solve this? ...
1. Execute npm install-g pm2 2.pm2 pm2 start app.js pm2 3.ln -s root myapp pm2 usr local bin still failed to solve the problem messed up for a long time because no soft connection was created. ln -s root node-v8.9.0-linux-x64 lib node_...
want to use vue2.0 to develop a small web application for the company, running on the mobile side. How can the above functions be achieved? ...
vue.js implements specification selection on product details page Click to select version option and click to select color option. Highlight has been selected. How to display the selected version and color html Code < div class= "chose-ck " > : ...
ios embedded h5 page input box will not lose focus if you click on the blank space. The soft keyboard will not fold. what should I do? try to bind the click event to document. If the input box loses focus when you click, it is still invalid. ...
as shown in the figure, how to determine that the user clicked on this X, and execute the corresponding method. ...
var a = {0:"A",1:"B",2:"C",length:3}; var newa = Array.prototype.slice.call(a); console.log(newa); my understanding of this example is that the an object inherits and executes Array s slice method, but the slice method...
what s the difference between writing JavaScript code in a js file and writing code in < srcipt > < srcipt >? Why can I introduce other js files as require in the js file and do report an error in the < srcipt > tag . ...
Icon shows the red part. Choose how to write the effect in css ....
We are Mini Program s project. To get the code logged in by Wechat, request the backend api to get the sessionkey. But if it is a concurrent request, if it happens to expire at this time, and several requests go to get the sessionkey at the same time, t...
o ...
brief: because Mini Program s project uses wepy s framework, but you don t quite understand that the role of this interceptor is to integrate all the interfaces? Or? ...
win7 system, scaffolding vue-cli has been installed, there is a version, but the initialization project appears this hole, cannot verify this certificate? Please help ...
Mobile input focus cannot directly evoke the mobile phone keyboard, what is the related auxiliary operation? Simple H5 page, do not use any framework, how to automatically evoke the soft keyboard? ...