如何安全地将数据从php表单传递给html [英] How to securely pass data from php forms to html
问题描述
- Google查阅相关信息,例如这个。
- 不要在客户端上哈希。将明文密码传递给服务器。
- 使用POST将密码保留在URL之外(网址有一个令人讨厌的方式记录,否则暴露给人们)。
- 我个人建议在任何地方使用HTTPS,但最低限度是使用HTTPS登录表单和登录后的所有页面。
- 将密码存储在数据库中使用PHP的
password_hash
函数,并使用password_verify
进行验证。
I have a login system which is an html form and I need to send the username and password back to the php backend where I can there securely encrypt it and store it in a database. I was wondering what the most up to date and secure method of doing this is. Bearing in mind that this is the barebones string form of the password it is very important to be vigilant of the most secure way of passing it back. I know that $_GET and $_POST are extremely unsecure. Do I encrypt the data in javascript before it is sent back to the server hence the javascript hashing algorithm being laid bare to the end user or is simply https encryption sufficient? If I have https encryption would I then simply pass it back using $_GET and $_POST? Thanks
- Google for and read relevant information such as this.
- Do not hash on the client. Pass the clear-text password to the server.
- Use POST to keep the password out of the URL (URLs have a nasty way of getting logged and otherwise exposed to people).
- I personally recommend to use HTTPS everywhere but the minimum is to use HTTPS for the login form and all pages that follow login.
- Store the password in the database using PHP's
password_hash
function and verify it usingpassword_verify
.
这篇关于如何安全地将数据从php表单传递给html的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!