如何通过 HTTP 安全地发送密码? [英] How to send password securely over HTTP?

问题描述

如果用户在登录屏幕上提交带有用户名和密码的表单，密码将以纯文本形式发送(即使使用 POST，如果我错了，请纠正我).

If on a login screen user submits a form with their username and password, the password is sent in plain text (even with POST, correct me if I am wrong).

保护用户及其密码免受可能窃听通信数据的第三方的正确方法是什么?

What is the right way to protect the user and his password against the third party who might be eavesdropping on the communication data?

我知道 HTTPS 是该问题的解决方案，但是有没有办法使用标准 HTTP 协议(​​POST 请求)来确保至少一定程度的安全性?(也许以某种方式使用 javascript)

我所关心的是一个页面——它是一个 PHP 生成的登录页面，它当然作为 HTML 文件在 HTTP GET 请求中发送给用户.服务器和客户端之间没有建立(@Jeremy Powel)连接，因此我无法创建这样的握手协议.而且我希望整个过程对用户透明 - 他想提交密码，而不是处理密码.

What I was about was a page - that is a PHP-generated login page, which is of course sent to users in HTTP GET request as an HTML file. There is no (@Jeremy Powel) connection established between the server and the client so I can't create such a handshaking protocol. And I want the complete process to be transparent to the user - he wants to submit a password, not deal with cryptography.

推荐答案

使用带有 SSL 的 HTTP 将使您的生活更轻松，您可以放心，非常聪明的人(至少比我更聪明！)已经仔细检查了这种保密方法多年沟通.

Using HTTP with SSL will make your life much easier and you can rest at ease very smart people (smarter than me at least!) have scrutinized this method of confidential communication for years.

这篇关于如何通过 HTTP 安全地发送密码?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！