更改类型=“密码”的安全问题到类型=“文本”中 [英] Security issue of changing type="password" into type="text"
问题描述
在客户端的html中。如果我们将type =password更改为type =text,则密码将在浏览器中显示为纯文本。有关于此的任何安全问题?如果是这样,这个问题的解决方案是什么?
示例如下:
type =password
type =text
两个相当不同的安全问题。 另一个是对 您可以通过提供两种选项将决定留给用户。也许分散注意力的方式最简单的方法是使用复选框输入时显示密码来输入 In the html of client side. If we change the type="password" into type="text", the password is displayed as plain text in browser. Is there any security issue about this? If it is, what is the solution to this issue? Example as follows:
type="password"
type="text" There are two rather different security issues involved. One of them is the one so often mentioned as a reason for using The other one is different treatment of You could leave the decision to the user by offering both options. Perhaps the least distract way to do that is to have an There is no difference between 这篇关于更改类型=“密码”的安全问题到类型=“文本”中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
其中之一是经常提到的使用 input type = password :保护用户免受窥视。这很少相关,因为密码通常是键入的(并且应该键入 ),这样没有其他人看你的屏幕或你的手。
input type = text 和 input type = password的不同处理由浏览器在其历史记录中以及使用先前输入的数据作为默认值或可选选项。这一点因浏览器而异,但如果以前在同名的字段中输入数据, input type = text 会导致自动预填充。使用 autocomplete = off 属性通常可以防止在现代浏览器中出现这种情况。另一方面,浏览器可能会存储用户名/密码对,以便频繁访问更舒适的网站;这可能是必要的可用性改进和重要的安全威胁。它通常基于识别一对输入类型=文本和输入类型=密码。
input type = password ,这当然是JavaScript驱动的,当选中时 type = password to type = text 。
input type = text 和 input type = password 之间没有区别。
处理数据,一旦它被读取。在这两种情况下,除非整个表单数据被加密,否则数据将以未加密的形式发送到服务器。input type=password: to protect the user against prying eyes. This is seldom relevant, since passwords are normally typed (and should be typed) so that there is nobody else looking at your screen or your hands. input type=text and input type=password by browsers in their histories and in using previously entered data as defaults or as selectable options. This varies by browser, but quite often, input type=text causes an automatic prefill if data has previously been entered in a field with the same name. Using the autocomplete=off attribute usually prevents this in modern browsers. On the other hand, browsers may store username/password pairs to make frequent visits to a site more comfortable; this can be an essential usability improvement and an essential security threat. It is typically based on recognizing a pair of input type=text and input type=password.input type=password with a checkbox "Show password when typed", JavaScript-driven of course, which when checked turns type=password to type=text.input type=text and input type=password.
in handling the data, once it has been read. In both cases, the data will be sent to the server as unencrypted, unless the entire form data is encrypted.
