One of the programming techniques of network development (valid authentication user login)

We need to consider a lot more problems in the application development of network critical affairs, especially for the application development with specific orientation.
These disturbances are mainly from several aspects:
First, all web-based applications are built on open systems, clients can almost always see you more or less the source code traces of the program, although the rapid development of network development has played a good role, but for many accustomed to using traditional environment programming programmers, it is a nightmare, We can no longer use the traditional code embedded method of validation, because we all need to verify the material, almost all from the client source analysis, so, in the client use of plaintext authentication ideas, in web-based network development, obviously is not feasible.

Second, the interference from the browser, web-based programming, no matter what the way you use, you have to go through the browser as your final implementation of the terminal, this is a no one can not change the objective reality, so that many browsers are originally designed to facilitate the user to browse the function, will become our web program killer, To give a simple example, you write a perfect authentication page, and the verification page is also effective, the customer request to do a full validation, but, when your program to guide users into the substantive transaction processing page, users in order to facilitate the use of the browser's collection function, unfortunately, If you don't do any validation on the transaction page, your effort to validate all the daemons on the page becomes a bubble, all in a fake, the next time the customer enters, only the key points of the collection page can enter the transaction processing, if the point of collection page is not your lovely customers, but those active network of gifted hacker, Don't you think your work is a failure? As far as I'm concerned, I think it's a fatal taunt to programmers, and it's pathetic.!!!

In addition, we have some trouble with operating system vulnerabilities on the Web, of course, these factors usually have little impact, and we're almost powerless to do this, and we can only turn to the big vendors who produce the operating system, and all we can do is try to protect against bugs from the program itself.
Said so much, in fact, is just a bit of content, that is, web-based development let us into a new program world, the world is full of danger and freedom, how do we face it? This time we first think of a way to implement the user verification, in user authentication, the most common is IP authentication, but I personally do not advocate the use of direct IP authentication, which is too dangerous, as long as a little software knowledge can easily find out whether the program uses direct IP authentication and other users of the network IP value, so that IP authentication will be a fake, I think of the IP code to verify the method, let me call it so, in fact, the implementation of the idea is not complicated, but it is a more effective method of verification, as follows: We combine the IP and login time changes in the key to the moment, only through a number of simple reversible algebra operations, To create a dynamically changing password, then, we will be the time to generate the key together with the password through the page to the next processing process, in each processing process before working with the transmission time and request the service of the IP to check the password, the difference is out, so, Our process will be validated using a key that is different from each entry. The advantage of this is that the encrypted key is a dynamic number that is accurate to the second, and few people can guess the key in a finite amount of time, so that even if the hacker genius knows your encryption algorithm, they can only do it on the screen, because , they can not accurately hit the other user's logon time, Xi Hee, this trick black bar! Let hacker to play the wisdom of it! Haha, so, as a network of affirmative program staff, happy to laugh a bar, as the network of the hacker will never be able to answer the time to find the answers before!!! This greatly reduces the chance that we are being played by hacker! Of course, it also eliminates most of the embarrassing situations that make us vulnerable to security issues, at least to make us sleep at night more secure! Ok! Jack has a lot of work to do tonight, so I'll write it down! The content right of the article when you meet Jack's ever-expanding vanity! Dear friends, bye!