Codeigniter:如何在将表单提交给控制器之前加密密码? [英] Codeigniter: How can i encrypt password before submitting the form to the controller?
问题描述
我有一个简单的 html
登录表单
hi i have a simple html
login form
<form method="post" action="http://www.mysite.com/login">
<input type="text" name="text_box" />
<input type="password" name="pass_word" />
<input type="submit" name="submit">
</form>
当我提交表单
在控制器中
public function login(){
$pass_word = $this->input->post('pass_word');
die($pass_word);
}
这里的问题显示了纯密码。如果我在控制器中键入 123456
,我得到 123456
。
the problem here , it shows the plain password . if i type 123456
in controller , i get 123456
.
- 这是一个安全问题
- 可以通过网络监控工具(如wireshark)获取密码。
如何避免这种情况。我可以加密密码,在发送给控制器之前,请提前感谢。
how to avoid this . can i encrypt the password in view , before send to the controller , please help , thanks in advance .
推荐答案
如果您的帖子数据(密码等)被拦截,那么它只能作为明文看到。使用SSL / HTTPS将为您发送的数据提供加密。我不会依赖客户端JavaScript或类似的用于验证/登录用户的目的。有可能给用户更多的信心,看到使用了一个安全的连接。
If your post data (password etc.) was intercepted, then it would just be visible as plaintext. Using SSL/HTTPS will provide encryption for the data that you send. I wouldn't rely on client-side JavaScript or anything similar for the purposes for authenticating / logging in a user. It's likely to give your users more confidence too, seeing that a secure connection is being used.
首先,我刚刚阅读了一般的SSL和HTTPS,以及SSL证书 - 维基,Google和SO都将是好的地方,有很多信息。
First, I'd just read up about SSL and HTTPS in general, as well as SSL certificates - Wiki, Google and SO would all be be good places to look, there's loads of information out there.
对于使用SSL / HTTPS与CI,我发现这些有用的:
For using SSL/HTTPS with CI, I found these useful:
- http://sajjadhossain.com/2008/10/27/ssl-https-urls-and-codeigniter/
- http://nigel.mcbryde.com .au / 2009/03 / work-with-ssl-in-codeigniter /
- 如何让CodeIgniter使用SSL加载特定的页面?
- http://sajjadhossain.com/2008/10/27/ssl-https-urls-and-codeigniter/
- http://nigel.mcbryde.com.au/2009/03/working-with-ssl-in-codeigniter/
- How can I have CodeIgniter load specific pages using SSL?
特别是来自 Nigel的帖子:
在application / helper中创建一个文件称为ssl_helper.php
Create a file in application/helper called ssl_helper.php
if (!function_exists('force_ssl'))
{
function force_ssl()
{
$CI =& get_instance();
$CI->config->config['base_url'] =
str_replace('http://', 'https://',
$CI->config->config['base_url']);
if ($_SERVER['SERVER_PORT'] != 443)
{
redirect($CI->uri->uri_string());
}
}
}
function remove_ssl()
{
$CI =& get_instance();
$CI->config->config['base_url'] =
str_replace('https://', 'http://',
$CI->config->config['base_url']);
if ($_SERVER['SERVER_PORT'] != 80)
{
redirect($CI->uri->uri_string());
}
}
加载助手,然后在
要求ssl的任何控制器的构造函数中,只需插入:
Load the helper, then in the constructor for any controller that requires ssl, simply insert:
force_ssl();
在每个不想要ssl的控制器中:
In every controller that you don’t want to have ssl put:
if(function_exists('force_ssl'))remove_ssl();
这是一个编程方法,另一个方式是使用.htaccess(如果您使用Apache)。
This is a programmatic approach, another way would be to use .htaccess (if you're using Apache).
这篇关于Codeigniter:如何在将表单提交给控制器之前加密密码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!