Securely transmit passwords over plain HTTP_PHP Tutorial

WBOY
Release: 2016-07-21 15:54:31
Original
908 people have browsed it

1. Theory
On ordinary HTTP, the password in the general form is transmitted to the server in clear text for processing. This undoubtedly gives the bad guys an opportunity! Here we will talk about how to transmit passwords safely!​
Rather than transmitting the password itself, it is better to transmit its encrypted form. MD5 is a good choice. First, it is almost impossible for different resources to generate the same MD5 digest. Second, the encoding method of MD5 is irreversible. With these features, we can allow MD5 digests to be transmitted publicly on the Internet without worrying about the password being known by bad actors. Then the password is encrypted in the same way on the server side, and finally the two strings are compared.​
However, we cannot transmit the password md5 directly through the Internet for login, because although the bad guys will not know our password, they will definitely know this special string that can authorize them to access our website!​
This is the problem that public keys and private keys have to solve. First, the server provides a random string, and then the client adds the random string and the password and then encrypts it!​
Each time you log in, the server will generate a different random string, so that your password does not change, but the MD5 digest encrypted by the above method is completely different. In this way, even if the bad guys get these MD5 digests, they will not be able to analyze your password!​
In this method, the random string provided by the server is called the "public key", which has a short lifespan and can be used by anyone; your password is called the "private key", which has a long lifespan and will never be used by anyone. People know.​
2. accomplish
Client-side Javascript does not provide a ready-made md5 algorithm, but if we search for "md5 javascript" on Google, we can get many examples of md5 implemented in Javascript.​
I don’t need to say more in PHP, you can just use the md5() function! We can use session to store random strings (PHP is so powerful~~)
3. Notice
In JS, Chinese characters are in UTF-8 format, so if your password is in Chinese, and the encoding method of the password stored on the server is GB2312, then the encrypted strings of the two passwords are completely different!

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/318472.htmlTechArticle1. Theory On ordinary HTTP, passwords in general forms are transmitted to the server in clear text for processing. This undoubtedly gives the bad guys an opportunity! Here we will talk about how to transfer the password...
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
About us Disclaimer Sitemap
php.cn:Public welfare online PHP training,Help PHP learners grow quickly!