如何通过HTTP安全地发送密码？ [英] How to send password securely over HTTP?

问题描述

如果在登录屏幕上用户使用用户名和密码提交表单，密码将以纯文本格式发送（即使使用POST，如果错误则更正我）。

所以问题是什么是正确的方式来保护用户和他的密码对第三方可能正在窃听通信数据？

我知道HTTPS是解决问题的，但是有什么办法可以使用标准HTTP协议（POST请求）确保至少一定程度的安全性？ （可能以某种方式使用JavaScript）

编辑
我可能已经省略了一些重要的事情。 p>

我是一个页面 - 这是PHP生成的登录页面，当然这是发送给HTTP GET请求中的用户作为HTML文件。在服务器和客户端之间没有建立（@Jeremy Powel）连接，所以我无法创建这样的握手协议。我希望完整的过程对用户透明 - 他想提交密码，而不是处理加密。

谢谢。

解决方案

使用HTTP与SSL将使您的生活更轻松，您可以放心，非常聪明的人（至少比我更聪明！）仔细检查了这种机密方法通讯多年。

If on a login screen user submits a form with his username and password, the password is sent in plain text (even with POST, correct me if I am wrong).

So the question is what is the right way to protect the user and his password against the third party who might be eavesdropping on the communication data?

I am aware that HTTPS is asolution to the problem, but is there any way to ensure at least some level of security using standard HTTP protocol (POST request)? (perhaps using javascript in some way)

EDIT I may have left out some important things.

What I was about was a page - that is PHP generated login page, which is of course sent to user in HTTP GET request as a HTML file. There is no (@Jeremy Powel) connection established between server and the client so I can't create such handshaking protocol. And I want the complete process to be transparent to the user - he wants to submit a password, not deal with cryptography.

Thanks.

解决方案

Using HTTP with SSL will make your life much easier and you can rest at ease very smart people (smarter than me at least!) have scrutinized this method of confidential communication for years.

这篇关于如何通过HTTP安全地发送密码？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！