JS简单但安全登录? [英] JS Simple but Safe Login?
问题描述
这是我到目前为止用于验证表单的代码:
This is the code I have been using to validate my forms so far:
<input type="text" id="usr"/>
<input type="password" id="pwd"/>
脚本:
if (usr.value == "blablahusername") {
if (pwd.value == "blahblahpassword") {
//do stuffs
}
}
此代码有效,但它不安全,因为您只需要检查元素(Chrome)即可查找密码是什么。所以,我正在寻找一种不复杂,更安全的方法来做到这一点。
This code works, however it is unsafe as you simply have to Inspect Element (Chrome) to find what the password is. So, I am looking for a not complex, safer way to do this.
编辑:〜问题非常缺乏信息,我正试图删除它〜
~question was very uninformative and I'm trying to remove it~
推荐答案
为了获得良好的安全性,您可以使用某种哈希算法。 SHA-1基本上是不错的安全标准,您可以使用它来转换客户端的东西。
For just a good security for start, you can use some kind of hashing algorithm. SHA-1 being basically decent security standard, you can use that to convert stuff on the client side.
考虑以下代码:
String.prototype.hashCode = function() {
var hash = 0, i, chr, len;
if (this.length === 0) return hash;
for (i = 0, len = this.length; i < len; i++) {
chr = this.charCodeAt(i);
hash = ((hash << 5) - hash) + chr;
hash |= 0; // Convert to 32bit integer
}
return hash;
};
$(function () {
var username = "admin";
var password = "68170072";
$("#check").click(function () {
if ($("#username").val() == "admin" && $("#password").val().hashCode() == password)
alert("Perfect");
else
alert("Wrong");
return false;
});
});
* {font-family: monospace;}
<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
Username: <input type="text" id="username" /><br />
Password: <input type="password" id="password" /><br />
<a href="#" id="check">Check</a>
<p>Username: admin, Password: letmein</p>
我在这里使用了 sha1
。我们可以在这里使用任何合适的算法。
I have used sha1
here. We can use any decent algorithm here.
注意:实现在Stack Snippets中无效。但这是关键。
Note: The implementation didn't work well in Stack Snippets. But this is the crux.
- 拿盐。
- 使用salt将密码转换为哈希。
- 上面的文字是单向转换。
- 以最终形式制作一份副本
- 只有当正确的密码经过整个过程时,它才会转换为哈希值。
- 将哈希值与保存密码。
- Take a salt.
- Convert the password into hash using the salt.
- The above text is one-way conversion.
- Make a copy of it in its final form and embed in the page.
- Only when the right password goes through the process, it gets converted to the hashed.
- Compare the hashed with the saved password.
只需几美分。
看到类似的东西: 在Javascript / jQuery中从字符串生成哈希值
这篇关于JS简单但安全登录?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!