Design defect in http plaintext transmission password and Password Storage Mode

Local Network http plaintext transmission password and password storage design defects details: 1 first, get plaintext http transmission is a big problem GET/v5/Ajax/A_checkUser.asp? U = 139 ******* 4 & p = n ****** 2 & jsoncallback = jsonp1364522933663 HTTP/1.1 Host: www. zhuna. cnUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv: 19.0) Gecko/20100101 Firefox/19.0 Accept: text/javascript, application/javascript ,*/*; q = 0.01Accept-Language: zh-cn, zh; q = 0.8, en-us; q = 0.5, en; q = 0.3Accept-Encoding: gzip, deflateX-Requested-: XMLHttpRequestReferer: http://www.zhuna.cn/1 This is the problem of the development of basic security knowledge, get method can not be used to transmit sensitive data 2 password transmission is best to use md5 encryption and stored in the database with salt proof of vulnerability: 2. This problem is serious. First, the user name and password are stored in cookies. The cookie keyword segment does not have httponly. The password is directly encrypted with md5, and the user name and password can be obtained directly through cookies, the problem is completely an architectural design problem. Cut a picture.Solution:

1. If you can use https for transmission, post is used for key transmission. Do not re-design key data plaintext transmission in get mode. 2 cookies. httponly should be added earlier. These are all the cornerstones.