Backend DevelopmentPHP Tutorialjavascript - Some websites use js to irreversibly encrypt the password in the password box when the user submits the login, and then submits it. Is this necessary? What are the advantages and disadvantages?javascript - Some websites use js to irreversibly encrypt the password in the password box when the user submits the login, and then submits it. Is this necessary? What are the advantages and disadvantages?
The process of these websites is roughly like this:
When user registers:
User fills in password
User clicks submit
Encrypt the password on the front end before submission
Encrypt the password before storing it in the database
When user logs in:
User fills in password
User clicks submit
Encrypt the password on the front end before submission
Transfer the password to the server and encrypt it again
Compare the passwords in the database
I think this only prevents people with ulterior motives from obtaining your clear text password, but they can still use the intercepted cipher text to construct a login request without knowing the clear text password
However, there are still some websites (http websites) doing this, so is it necessary to do this? What are the pros and cons?
This obviously cannot replace https
Reply content:
The process of these websites is roughly like this:
When user registers:
User fills in password
User clicks submit
Encrypt the password on the front end before submitting
Encrypt the password before storing it in the database
When user logs in:
User fills in password
User clicks submit
Encrypt the password on the front end before submitting
Transfer the password to the server and encrypt it again
Compare the passwords in the database
I think this can only prevent people with ulterior motives from obtaining your clear text password, but they can still use the intercepted cipher text to construct a login request without knowing the clear text password
However, there are still some websites (http websites) doing this, so is it necessary to do this? What are the pros and cons?
This obviously cannot replace https
I thought about front-end encryption when I was doing identity authentication in the past, but I thought it was useless and of little use.
For the server, the front-end encrypted data is the user’s password. Once the packet is captured, the hacker can obtain the front-end encrypted data and can also pretend to log in
If you have high security requirements, it is better to use https, although it may also be attacked.
If the whole site is https, all http resources will cause alarms, because HTTPS requires the entire process to be encrypted, even for a picture.
Encryption on the front end can ensure that the password is the ciphertext of the transmission during the transmission process. In other words, no one except the password owner knows what the password is, not even the person who developed the program.
In this way, even if someone catches your http package, they cannot decrypt it (except for brute force cracking)
The only advantage is that if your database is stripped, it will not affect the user's password on other websites (commonly known as database stuffing)
Others are of no use. Just replay the attack to fake the user login, such as It is said that in the case of http, a man-in-the-middle attack intercepts the user's password. I don't need to know what the original password is. I only need to send the request again with the same ciphertext. I can also fake the user login. I can understand the encryption of the https website. That is The only benefit I said
The http website does this by taking off its pants and farting. It does nothing to ensure user safety. Moreover, if the front-end encryption algorithm is reversible, it is useless. I agree that the ciphertext can be known by restoring the js encryption method.
PHP Dependency Injection Container: A Quick StartMay 13, 2025 am 12:11 AMAPHPDependencyInjectionContainerisatoolthatmanagesclassdependencies,enhancingcodemodularity,testability,andmaintainability.Itactsasacentralhubforcreatingandinjectingdependencies,thusreducingtightcouplingandeasingunittesting.
Dependency Injection vs. Service Locator in PHPMay 13, 2025 am 12:10 AMSelect DependencyInjection (DI) for large applications, ServiceLocator is suitable for small projects or prototypes. 1) DI improves the testability and modularity of the code through constructor injection. 2) ServiceLocator obtains services through center registration, which is convenient but may lead to an increase in code coupling.
PHP performance optimization strategies.May 13, 2025 am 12:06 AMPHPapplicationscanbeoptimizedforspeedandefficiencyby:1)enablingopcacheinphp.ini,2)usingpreparedstatementswithPDOfordatabasequeries,3)replacingloopswitharray_filterandarray_mapfordataprocessing,4)configuringNginxasareverseproxy,5)implementingcachingwi
PHP Email Validation: Ensuring Emails Are Sent CorrectlyMay 13, 2025 am 12:06 AMPHPemailvalidationinvolvesthreesteps:1)Formatvalidationusingregularexpressionstochecktheemailformat;2)DNSvalidationtoensurethedomainhasavalidMXrecord;3)SMTPvalidation,themostthoroughmethod,whichchecksifthemailboxexistsbyconnectingtotheSMTPserver.Impl
How to make PHP applications fasterMay 12, 2025 am 12:12 AMTomakePHPapplicationsfaster,followthesesteps:1)UseOpcodeCachinglikeOPcachetostoreprecompiledscriptbytecode.2)MinimizeDatabaseQueriesbyusingquerycachingandefficientindexing.3)LeveragePHP7 Featuresforbettercodeefficiency.4)ImplementCachingStrategiessuc
PHP Performance Optimization Checklist: Improve Speed NowMay 12, 2025 am 12:07 AMToimprovePHPapplicationspeed,followthesesteps:1)EnableopcodecachingwithAPCutoreducescriptexecutiontime.2)ImplementdatabasequerycachingusingPDOtominimizedatabasehits.3)UseHTTP/2tomultiplexrequestsandreduceconnectionoverhead.4)Limitsessionusagebyclosin
PHP Dependency Injection: Improve Code TestabilityMay 12, 2025 am 12:03 AMDependency injection (DI) significantly improves the testability of PHP code by explicitly transitive dependencies. 1) DI decoupling classes and specific implementations make testing and maintenance more flexible. 2) Among the three types, the constructor injects explicit expression dependencies to keep the state consistent. 3) Use DI containers to manage complex dependencies to improve code quality and development efficiency.
PHP Performance Optimization: Database Query OptimizationMay 12, 2025 am 12:02 AMDatabasequeryoptimizationinPHPinvolvesseveralstrategiestoenhanceperformance.1)Selectonlynecessarycolumnstoreducedatatransfer.2)Useindexingtospeedupdataretrieval.3)Implementquerycachingtostoreresultsoffrequentqueries.4)Utilizepreparedstatementsforeffi
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Dreamweaver CS6
Visual web development tools
WebStorm Mac version
Useful JavaScript development tools
PhpStorm Mac version
The latest (2018.2.1) professional PHP integrated development tool
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
