如何从客户端保护密码?是否需要或 HTTPS/SSL 就足够了?
How can I secure a password from the client side? Is it needed or HTTPS/SSL will suffice?
我在服务器端使用加密将密码存储在数据库中。我关心的是客户端。我是否需要使用任何加密技术或 HTTPS/SSL 足以依赖?
我会说一个有效的 SSL 证书就足够了。
the client side hash should be treated as if it was the user's direct
password. It provides no more or no less security on the server than
if the user had directly given their password and should be protected
as such.
more info...
我在服务器端使用加密将密码存储在数据库中。我关心的是客户端。我是否需要使用任何加密技术或 HTTPS/SSL 足以依赖?
我会说一个有效的 SSL 证书就足够了。
the client side hash should be treated as if it was the user's direct password. It provides no more or no less security on the server than if the user had directly given their password and should be protected as such. more info...