Codeigniter:如何在将表单提交到控制器之前加密密码? [英] Codeigniter: How can i encrypt password before submitting the form to the controller?
问题描述
我有一个简单的 html 登录表单
hi i have a simple html login form
<form method="post" action="http://www.mysite.com/login">
<input type="text" name="text_box" />
<input type="password" name="pass_word" />
<input type="submit" name="submit">
</form>
时,
在控制器中
public function login(){
$pass_word = $this->input->post('pass_word');
die($pass_word);
}
这里的问题,它显示了普通密码。如果我在控制器中键入 123456 ,我得到 123456 。
the problem here , it shows the plain password . if i type 123456 in controller , i get 123456.
- 这是一个安全问题
- 可以让任何人通过网络监控工具(如wireshark)获取密码。
如何避免这种情况。
推荐答案
如果您的帖子数据发生错误, (密码等)被拦截,那么它只是作为明文可见。使用SSL / HTTPS将为您发送的数据提供加密。我不会依赖客户端JavaScript或任何类似的用于验证/登录用户的目的。
If your post data (password etc.) was intercepted, then it would just be visible as plaintext. Using SSL/HTTPS will provide encryption for the data that you send. I wouldn't rely on client-side JavaScript or anything similar for the purposes for authenticating / logging in a user. It's likely to give your users more confidence too, seeing that a secure connection is being used.
首先,我只是阅读了关于SSL和HTTPS的一般情况,因为
First, I'd just read up about SSL and HTTPS in general, as well as SSL certificates - Wiki, Google and SO would all be be good places to look, there's loads of information out there.
对于使用SSL的SSL / HTTPS,我可以使用SSL发现这些有用:
For using SSL/HTTPS with CI, I found these useful:
- http://sajjadhossain.com/2008/10/27/ssl-https-urls-and-codeigniter/
- http://nigel.mcbryde.com.au/2009/03/working-with-ssl -in-codeigniter /
- 如何让CodeIgniter使用SSL加载特定的网页?
- http://sajjadhossain.com/2008/10/27/ssl-https-urls-and-codeigniter/
- http://nigel.mcbryde.com.au/2009/03/working-with-ssl-in-codeigniter/
- How can I have CodeIgniter load specific pages using SSL?
特别强制ssl函数从 Nigel的讯息:
In particular the force ssl function from Nigel's post:
在应用程序/帮助程序中创建名为ssl_helper.php的文件
Create a file in application/helper called ssl_helper.php
if (!function_exists('force_ssl'))
{
function force_ssl()
{
$CI =& get_instance();
$CI->config->config['base_url'] =
str_replace('http://', 'https://',
$CI->config->config['base_url']);
if ($_SERVER['SERVER_PORT'] != 443)
{
redirect($CI->uri->uri_string());
}
}
}
function remove_ssl()
{
$CI =& get_instance();
$CI->config->config['base_url'] =
str_replace('https://', 'http://',
$CI->config->config['base_url']);
if ($_SERVER['SERVER_PORT'] != 80)
{
redirect($CI->uri->uri_string());
}
}
加载助手,然后在
需要ssl的任何控制器的构造函数中,只需插入:
Load the helper, then in the constructor for any controller that requires ssl, simply insert:
force_ssl();
在您不想使用ssl put的每个控制器中:
In every controller that you don’t want to have ssl put:
if(function_exists('force_ssl'))remove_ssl();
方法是使用.htaccess(如果你使用Apache)。
This is a programmatic approach, another way would be to use .htaccess (if you're using Apache).
这篇关于Codeigniter:如何在将表单提交到控制器之前加密密码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
