Optimistic about your portal-data transmission from the client-insecure fixed Encryption
First of all, we need to declare that this article is purely the ignorant opinion of a little developer who has no foresight or practical knowledge. It is only for the reference of web system security. 1. In a secure system, it is always a good thing to have fixed encryption. In fact, fixed encryption is also a common method. Although dynamic encryption is good, it is not easy to implement dynamic encryption economically and reasonably in large systems. 2. Example of using simple fixed Encryption
<% @ Page language = "java" import = "java. util. *" pageEncoding = "UTF-8" %> <! Doctype html public "-// W3C // dtd html 4.01 Transitional // EN"> Although the price is also put in a hidden field, it adds a price verification field and uses MD5 encryption. Theoretically, it is almost impossible to crack. This is also a common anti-CSRF method. 3. The attacked information is visible to such transaction websites, and other information is also visible. If the encryption strength is not enough, it is easy to be cracked. If the encryption strength is sufficient and it is difficult to crack, a simple day-to-day attack can be cracked: copy the prices and encryption prices of another cheaper product and submit them here.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
