Home > Tutorials > PHP Tutorials

Securely transfer passwords on normal HTTP _php tutorial

Source: Internet
Author: User
Tags md5 digest
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >
1. Theory
On normal HTTP, passwords in general forms are sent to the server for processing in plaintext. This has undoubtedly given the bad guys an opportunity! Here we'll talk about how to transfer the password is safe!
Instead of transmitting the password itself, it is better to transmit its encrypted form. MD5 is a good choice. First, different resources are almost impossible to generate the same MD5 digest, and secondly, the MD5 encoding method is irreversible. With these features, we can let the MD5 digest be publicly transmitted over the Internet without worrying about passwords being known to the bad guys. The password is then encrypted in the same way on the server, and the two strings are compared at the end.
However, we cannot transfer the password directly over the Internet for the purpose of landing, because the bad guys will not know our password, but will certainly know that this special string can authorize them to visit our website MD5!
This is the key and the private key to solve the problem, first by the server to provide a random string, and then the client will add this random string and password after encryption!
Each time you log in, the server generates a different random string, so your password does not change, but the MD5 Digest, which is encrypted by the method above, is completely different. So even if the bad guys get these MD5 summaries, they won't be able to analyze your password!
In this method, the server provides a random string called the "public Key", the life is very short, and can be exploited by anyone; Your password is called "Private key", life is long, and will never be known.
2. Realize
Client-side JavaScript does not provide a ready-made MD5 algorithm, but we use the "MD5 JavaScript" search on Google to get a lot of examples of MD5 on JavaScript.
In PHP I don't have to say more, directly with MD5 () This function can be done! Random string We can use the session to store (PHP is strong AH ~ ~)
3. Attention
In JS, Chinese are UTF-8 format, so if your password is in Chinese, and the password stored on the server is GB2312, then the two password encrypted string is completely different!

http://www.bkjia.com/PHPjc/318472.html www.bkjia.com true http://www.bkjia.com/PHPjc/318472.html techarticle 1. Theory on normal HTTP, the passwords in the general form are sent to the server for processing in plaintext. This has undoubtedly given the bad guys an opportunity! Here we'll talk about how to transfer the secret ...

    • This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

    Related Keywords:
    how to securely transfer files passwords stored on iphone find passwords stored on computer google smart lock for passwords on android how to put passwords on apps android how to put passwords on apps android how to find saved passwords on chrome

    Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    What's Trending
    Top 10 Tags
    datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
    Top 10 Keywords
    microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    Get Started for Free

    • Sales Support

      1 on 1 presale consultation

      Chat Contact Sales

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

      Open a Ticket

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

      Learn More