如何通过Webbrowser将密码设置为“创建帐户”？ [英] How Do I Set Password Via Webbrowser To "Create Account"?

问题描述

我正在使用C＃中的应用程序，试图获取一个文本框将textBox.Text发送到HTML标记值...这适用于其他所有内容（例如用户名/电子邮件，DOB，Captcha），但是不适用于网站上的密码。相信我，我一直在研究这个，没有任何作用。但我注意到，如果我进入WebBrowser开始手动输入密码文本框而不是通过按钮点击/代码，它可以工作，并且密码保护如下：

http://prntscr.com/4aorj1 [ ^ ]

I'm Currently working on an application in C#, trying to get a textbox to send the textBox.Text to HTML tag value... which works for everything else (ex. Username/email, D.O.B., Captcha), BUT won't work for the password on the site. Trust me, i have been researching this, and nothing works. But i have noticed if i go into the WebBrowser an start typing in the password textbox manually rather than through a button click/code, it works and it's password protected like so:
http://prntscr.com/4aorj1[^]

WebBrowser.Document.GetElementById("account_password").SetAttribute("value", password.Text);
           WebBrowser.Document.GetElementById("confirmPasswordField").SetAttribute("value", password.Text);

http://prntscr.com/4aor1h [ ^ ]



上述代码适用于confirmPasswordField但不适用于account_password。 ：/它将account_password放在PLAIN TEXT而不是密码保护，这就是问题。



http://prntscr.com/4aoqss [ ^ ]



如果有人可以提供帮助，我们将非常感谢，任何反馈都会有所帮助。感谢您的时间。 ：）

http://prntscr.com/4aor1h[^]

The above code works for "confirmPasswordField" but not account_password. :/ It puts the "account_password" in PLAIN TEXT rather than password protected which is the problem.

http://prntscr.com/4aoqss[^]

If anyone could help, it would be greatly appreciated, any feedback would be helpful. Thank you for your time. :)

推荐答案

忘记纯文本。密码可以以加密哈希函数的形式发送;并且只应存储散列并稍后用于身份验证。



但即使这样也不安全，除非连接本身已正确加密;它应该使用 HTTPS，而不是HTTP ：

http：//en.wikipedia .org / wiki / HTTPS [ ^ ]。<这个漏洞背后的想法是：在首次设置密码时，可以通过监视转换中的HTTP包来窃听哈希值.Page 3 b b b b b b b b b b捕获哈希值的人将不知道原始密码，以及除了知道它的人之外的任何其他人，但此人（间谍）可以稍后使用此哈希值来模拟合法用户，登录和访问所有的个人资料。 HTTPS可以防止这个伎俩。



关于使用加密哈希函数，请看我过去的答案：

我已经加密了我的密码，但是当我登录时给了我一个错误。如何解密 [ ^ ] ，

解密加密密码 [ ^ ]，

存储密码值int sql server with secure方式 [ ^ ]，

使用用户名和密码进行TCP连接 [ ^ ]。







一切已经为您实施：



客户端： http://code.google.com/p/crypto-js [ ^ ]。



服务器端： http ：//msdn.microsoft.com/en-us/library/system.security.cryptography.hashalgorithm%28v=vs.110%29.aspx [ ^ ]。



另外，请参阅上面我引用的过去的答案和维基百科的文章了解我对使用MD5或SHA-1的警告。你可以使用SHA-2系列的算法。

-SA

Forget plain text. Password can be sent in the form of cryptographic hash function; and only the hash should be stored and later used in authentication.

But even this would be unsafe, unless the connection itself is properly encrypted; it should use HTTPS, not HTTP:
http://en.wikipedia.org/wiki/HTTPS[^].

The idea behind this vulnerability is: at the moment when the password is first set up, the hash value can be eavesdropped by spying in the HTTP packages in transition. The person who captured the hash value won't know the original password, as well as anyone else except the person who knows it, but such person (the spy) can use this hash value later to impersonate the legitimate user, log in and access all the personal data. HTTPS can prevent this trick.

About the use of cryptographic hash function, please see my past answers:
i already encrypt my password but when i log in it gives me an error. how can decrypte it[^],
Decryption of Encrypted Password[^],
storing password value int sql server with secure way[^],
TCP Connection with username and password[^].



Everything is already implemented for you:

Client side: http://code.google.com/p/crypto-js[^].

Server side: http://msdn.microsoft.com/en-us/library/system.security.cryptography.hashalgorithm%28v=vs.110%29.aspx[^].

Also, see my past answers I referenced above and Wikipedia articles to understand my warning against using MD5 or SHA-1. You can use the algorithm from SHA-2 family.

—SA

这篇关于如何通过Webbrowser将密码设置为“创建帐户”？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！