简体中文(ZH-CN)English(EN)繁体中文(ZH-TW)日本語(JA)한국어(KO)Melayu(MS)Français(FR)Deutsch(DE)
Home
Article
Q&A
Course
Topic
Download
Game
Dictionary
Recent Updates

Home  >  Q&A  >  body text

javascript - 表单提交的时候密码验证的问题?

对表单这一块不太熟,有以下几个疑惑?

1.诸如在登录验证用户名和密码的时候,二者都是同样的方式提交到post到服务器吗?
2.get方式会把参数暴露到链接尾部(实际上会通过把key键值加密然后后端再解密校验)?
3.现在的表单常规处理方式是什么样的?
4.密码校验的时候,诸如在比对密码要求密码中不能是3位同样的连续数字?这个密码会存在本地?还是服务器端来校验

怪我咯怪我咯2742 days ago779

reply all(4)I'll reply

  • 大家讲道理

    大家讲道理2017-04-18 10:58:47

    1. Isn’t the login username verification usually posted to the server together?

    2. The get method will expose the parameters at the end of the link, but the browser itself does not have any encryption. If it is encrypted, you need to adjust it yourself.

    3. For some form values, whether they are valid and non-empty, etc., there should be a prompt before submission to improve the user experience.

    4. Everything needs to be done. The front-end is for user experience (knowing the problem before making a request), and the back-end is for security.

    For enterprise-level services, use https instead of plain text.

    reply
    0
  • ringa_lee

    ringa_lee2017-04-18 10:58:47

    Assume that the username must be more than 3 digits; the password must be 6~32 digits; the verification code must be 4 digits;
    1. When clicking to log in, it is detected that the username length is greater than 3, the password length is 6~32, and the verification code length is 4; by going to Go down, the alert is not passed;
    2. Organize the parameters; post to the server, name pwd code
    3, the server receives the parameters
    4. Verify whether the length is equal to 4, not equal to 4, the return verification code length is abnormal
    5. From the session Get the code, is it consistent with the parameter code, inconsistent return error
    6. Check the user name length, password length, incorrect return error
    7. If you need to encrypt pwd
    8. Select name=name, pwd=pwd from the database , if yes, return user, if not return 0

    reply
    0
  • PHP中文网

    PHP中文网2017-04-18 10:58:47

    GET directly displays the data in the URL;
    POST is "hidden and stolen", the URL cannot be seen, but it can be seen using the browser developer tools;
    No matter which of the above, "hackers" can capture packets and You can get the plaintext data during data transmission; you can even tamper with/hijack the content and then pass it to the server, or you can directly pretend to be the server and return you false information.
    If you use HTTPS, the data will be encrypted first during transmission, which is relatively safe.
    As for parameter verification, it must be done on both the front and back ends, because the JS verification on the front end can easily be bypassed.

    reply
    0
  • 巴扎黑

    巴扎黑2017-04-18 10:58:47

    Get will be exposed, but post will not. Be safe

    reply
    0
  • Cancelreply