Home > Developer > PHP

Transmit the password securely over normal HTTP _ PHP Tutorial

Source: Internet
Author: User
Tags md5 digest
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >
Transmit passwords securely over normal HTTP. 1. Theoretically, in common HTTP, passwords in the form are transmitted to the server in plaintext mode for processing. This undoubtedly gives the bad guys a chance! Here we will talk about how to transmit Password 1. Theory
Generally, the passwords in the form are transmitted to the server in plain text for processing. This undoubtedly gives the bad guys a chance! Let's talk about how to transmit a password to ensure security!
It is better to transmit the encrypted form than the password itself. MD5 is a good choice. First, it is almost impossible for different resources to generate the same MD5 Digest. Second, the MD5 encoding method is irreversible. With these features, we can make the MD5 digest public over the Internet, without worrying about the password being known by the bad guys. Then, encrypt the password on the server side in the same way, and then compare the two strings.
However, we cannot directly transmit the md5 password over the Internet for login, because although the bad guys do not know our password, but you will surely know that this special string can authorize them to access our website!
This is the problem that the public and private keys need to be solved. the server first provides a random string, and the client adds the random string and password to the encryption!
Each time you log on to the server, the server will generate different random strings, so that your password is not changed, but the MD5 digest encrypted by the above method is completely different. In this way, even if the bad guys get these MD5 summaries, they cannot analyze your password!
In this method, the random string provided by the server is called "public key", which has a short life and can be used by anyone. your password is called "private key" and has a long life, and will never be known.
2. Implementation
The client-side Javascript does not provide a ready-made md5 algorithm, but we can use the "md5 javascript" search on google to obtain many examples of md5 implementation in Javascript.
In PHP, I don't need to talk about it. I can simply use the md5 () function! We can use session to store random strings (PHP is strong ~~)
3. Note:
In JS, the Chinese are UTF-8 format, so if your password is Chinese, and stored in the server password encoding method is GB2312, then the two encrypted strings are completely different!

Bytes. Theoretically, in common HTTP, passwords in the form are transmitted to the server in plaintext mode for processing. This undoubtedly gives the bad guys a chance! Here we will talk about how to transmit the password...

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
php http request tutorial php salt password tutorial php password hash tutorial ftp over http proxy securely connect to mysql from php send file over http access mongodb over http

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More