密码长度检查 Meteorjs [英] Password Length Checking Meteorjs

问题描述

如何至少检查客户端提交的服务器密码长度?我知道密码不是通过网络直接发送的，因此我想知道如何发送?

How can I check at least the password length from the server submitted by the client? I know that password is not sent plain over the wire and thus I'm wondering on how to?

推荐答案

密码数据仅通过散列进行通信，因此，正如您提到的，服务器在密钥交换期间永远不会看到用户的密码.服务器可以使用密码创建用户，但必须以某种方式传输该字符串.

Password data is only communicated through hashes so, as you mentioned, the server never sees the user's password during a key exchange. The server can create the user with a password but that string would have to be transmitted somehow.

最好的办法是在您的注册表单中检查长度.我意识到客户端代码是不可信的，但是一个有动机的黑客似乎不太可能仅仅为了拥有一个弱密码而修改源代码.

Your best bet is to have the length checked in your signup form. I realize client code can't be trusted, however it seems unlikely that a motivated hacker is going to modify the source just to have a weak password.

这篇关于密码长度检查 Meteorjs的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！