Home >Backend Development >PHP Tutorial >javascript - A design idea for a verification code. If you have experience in this area, please participate in the discussion!!

javascript - A design idea for a verification code. If you have experience in this area, please participate in the discussion!!

WBOY
WBOYOriginal
2016-08-04 09:20:241183browse

I drew a picture, which is easier to understand. The website has a strong demand for verification (even the user resentment caused by it can be ignored), the main reason is security considerations.
Refer to TB for strengthening, and design the following verification Process,please discuss how to optimize security!
As for the code, I can write it myself, so there is no need.

javascript - A design idea for a verification code. If you have experience in this area, please participate in the discussion!!

Reply content:

I drew a picture, which is easier to understand. The website has a strong demand for verification (even the user resentment caused by it can be ignored), the main reason is security considerations.
Refer to TB for strengthening, and design the following verification Process,please discuss how to optimize security!
As for the code, I can write it myself, so there is no need.

javascript - A design idea for a verification code. If you have experience in this area, please participate in the discussion!!

1 The verification code is mainly to prevent brute force cracking. It is best for the server to add a limit on the number of errors
2 In addition to the ajax front-end verification of whether the verification code is correct, it must also be verified on the server side
3 "Generate relevant md5 according to different click sequences" from From your description, you feel that you are recording the location that needs to be clicked. For example, 134563 corresponds to "The Flowers of the Ancestors". Then what you are passing is the md5 value of 134563. This simple md5 value is very easy to be cracked by brute force. of. If you do this, it is recommended to use complex md5
4. This is just the "tip of the iceberg" of website security, or it doesn't count at all. First, filter sql injection and xss. These are not very important

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn