启用“RememberMe”时,密码不可见 [英] Let the password not visible when enable 'RememberMe'
问题描述
这是一个'记住我'的登录页面。 html代码如下:
this is a 'remember me' login page . the html code is as below:
<div>
<asp:TextBox ID="txtUserName" runat="server"></asp:TextBox>
</div>
<div>
<asp:TextBox ID="txtPwd" TextMode="Password" runat="server"></asp:TextBox>
</div>
<div>
<asp:CheckBox ID="cbRememberMe" runat="server" Text="Remember Me" />
<asp:Button ID="btnLogin" runat="server" Text="Login" OnClick="btnLogin_Click" />
<br />
<asp:Label ID="lblMsg" runat="server" ForeColor="Red" Text=""></asp:Label>
</div>
as标题说,我在登录页面登录系统时启用RememberMe,并将登录信息添加到cookie中。
as the title says , i enable the 'RememberMe' when i login the system in the login page, and add the login information into the cookies.
HttpCookie cookie = new HttpCookie("USER_COOKIE");
if (this.cbRememberMe.Checked) {
// 设置用户昵称、密码
cookie.Values.Add("Name", txtUserName.Text);
cookie.Values.Add("Pwd", txtPwd.Text);
// 令 Cookie 永不过期
cookie.Expires = System.DateTime.Now.AddDays(7.0);
// 保存用户的 Cookie
HttpContext.Current.Response.Cookies.Add(cookie);
}
然后我将登录信息绑定到page_load事件中的用户名文本框和密码文本框。
and then i bind the login information to the username textbox and the password textbox in the page_load event.
protected void Page_Load(object sender, EventArgs e) {
// 非回发时执行如下程序
if (!IsPostBack) {
// 请求上次存储的Cookies
HttpCookie cookies = Request.Cookies["USER_COOKIE"];
// 如果此Cookies存在且它里面有子键则进行读取
if (cookies != null && cookies.HasKeys) {
txtUserName.Text = cookies["Name"];
// 密码框赋值
txtPwd.Attributes.Add("value", cookies["Pwd"]);
// 并设置勾选记住密码
this.cbRememberMe.Checked = true;
}
}
}
我下次打开登录页面时,然后是值登录名和密码都绑定到文本框控件。
现在问题是:
我下次打开登录页面时,点击页面中的查看源代码,鼠标右键键,密码值显示在文本框中:
when I open the login page next time , then the values of the login name and password are both bind to the textbox controls .
Now the issue is :
when I open the login page next time , click the 'view source ' in the page with mouse right key , the password value shows in the textbox :
<div>
input name="txtPwd" type="password" id="txtPwd" value="124212" />
</div>
'124212'是带测试的登录密码。
如你所知,这在网络系统中并不安全。
i尝试使用page_load中的临时值初始化文本框值,代码如下:
'124212' is the login password with test .
as you know , this is not safe in web system .
i try to init the textbox value with a temporary value in the page_load ,as the code :
// 如果此Cookies存在且它里面有子键则进行读取
if (cookies != null && cookies.HasKeys) {
txtUserName.Text = cookies["Name"];
// 密码框赋值
txtPwd.Attributes.Add("value", "1234567890");
// 并设置勾选记住密码
this.cbRememberMe.Checked = true;
}
然后我继续在其他页面中使用cookie对象。
有谁知道更好的方法来解决这个问题?谢谢!
then i continue to user the cookie object in other pages.
does anybody know the better method to deal with this ? thanks!
推荐答案
加密密码怎么样?
然后你不必担心它是可见的。它不会阻止用户访问该网站,只能知道您的密码。如果有人在公共(图书馆?互联网咖啡馆)电脑上设置记住我,那么,运气不好。
加密密码 [ ^ ]
How about encrypting the password?
Then you don't have to worry about it being visible. It will not prevent the user from accessing the site, only from knowing your password. If someone sets Remember me on a public (library? internet caffe) computer, well, tough luck.
Encrypting passwords[^]
您无需存储密码。您可以按照以下步骤操作:
You don't need to store the password. You can follow these steps:
- 当用户登录并选择记住我时,生成一个唯一的(复杂的)密钥用户。
- 将此密钥存储在cookie中,以及服务器上的某个位置(例如,在数据库中)。确保您可以检查哪个用户属于此密钥。
- 当用户下次访问您的网站时,请检查该Cookie是否存在。如果是,请查看内容并检查哪个用户与密钥相关联。然后该用户可以自动登录。
通过这些步骤,您无需在cookie中存储密码,甚至不需要加密密码。确保密钥复杂且足够独特,以确保破解者不会尝试使用随机密钥进入。
With those steps, you don't need to store a password in the cookie, not even the encrypted password. Make sure that the key is complex and unique enough, to make sure that crackers don't try some random keys to get in.
这篇关于启用“RememberMe”时,密码不可见的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
