how to secure POST method without using SSL?

2019-04-28 21:26发布

站内问答 / PHP
1960 5 5

I'm developing website where user submit credentials using ajax,php and using POST method and i want to protect login credentials not in plain text but i don't want to use SSL can i secure password credentials without using SSL certificate ??

Can anyone give me working example of any method ?

5条回答
Evening l夕情丶
2楼-- · 2019-04-28 22:04

In short .. no.

You can try but I don't think there is a method I can imagine in javascript or any other in-browser way to secure your posted data.

The problem is in the encryption side, doing a good strong public-private crypto in javascript doesn't sound feasible to me.

I'm also kind of curious about the why part . .

. . still pondering on some possible method. . will update post if something pops up.

查看更多
0人赞 添加讨论(0) 举报
甜甜的少女心
3楼-- · 2019-04-28 22:06

You can use a provider like OpenID who will handle the authentication for you. The provider uses SSL to verify the credentials and then you can validate it by using their API, so the user never actually sends credentials to your page.

Getting started with OpenID

查看更多
0人赞 添加讨论(0) 举报
乱世女痞
5楼-- · 2019-04-28 22:11

You cannot completely secure the credentials without some out-of-channel verification (which SSL provides); a man in the middle attack will always be possible.

Put simply, there is no way for the client to be completely sure that they are talking to the server instead of a fake server inserted somewhere in between.

查看更多
0人赞 添加讨论(0) 举报
beautiful°
6楼-- · 2019-04-28 22:19

Using SSL without a certificate should be possible. Makes you vulnerable to a man-in-the-middle-attack but encrypts the transferred data.

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)