如何安全地将数据从php表单传递给html [英] How to securely pass data from php forms to html

问题描述

我有一个登录系统是一个html表单，我需要发送用户名和密码回到php后端，我可以在那里安全加密它并将其存储在一个数据库。我想知道最新的和安全的方法是什么。请记住，这是密码的准系统字符串形式，要保持最安全的传递方式非常重要。我知道$ _GET和$ _POST是非常不安全的。在将其发送回服务器之前，我是否将javascript中的数据加密，因此JavaScript散列算法被放置在最终用户身上，或仅仅是https加密？如果我有https加密，那么我只需要使用$ _GET和$ _POST传回它？谢谢

解决方案

• Google查阅相关信息，例如这个。


• 不要在客户端上哈希。将明文密码传递给服务器。


• 使用POST将密码保留在URL之外（网址有一个令人讨厌的方式记录，否则暴露给人们）。


• 我个人建议在任何地方使用HTTPS，但最低限度是使用HTTPS登录表单和登录后的所有页面。


• 将密码存储在数据库中使用PHP的 password_hash 函数，并使用 password_verify 进行验证。

I have a login system which is an html form and I need to send the username and password back to the php backend where I can there securely encrypt it and store it in a database. I was wondering what the most up to date and secure method of doing this is. Bearing in mind that this is the barebones string form of the password it is very important to be vigilant of the most secure way of passing it back. I know that $_GET and $_POST are extremely unsecure. Do I encrypt the data in javascript before it is sent back to the server hence the javascript hashing algorithm being laid bare to the end user or is simply https encryption sufficient? If I have https encryption would I then simply pass it back using $_GET and $_POST? Thanks

解决方案

• Google for and read relevant information such as this.
• Do not hash on the client. Pass the clear-text password to the server.
• Use POST to keep the password out of the URL (URLs have a nasty way of getting logged and otherwise exposed to people).
• I personally recommend to use HTTPS everywhere but the minimum is to use HTTPS for the login form and all pages that follow login.
• Store the password in the database using PHP's password_hash function and verify it using password_verify.

这篇关于如何安全地将数据从php表单传递给html的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！