问题
I'm currently working on a PHP OpenID provider that will work over HTTPS (hence SSL encrypted).
Is it wrong for me to transmit the password as plain text? HTTPS in theory, cannot be intercepted, so I don't see anything wrong. Or is this unsafe at some level and I'm failing to see this?
回答1:
It is safe. That's how the entire web works. All passwords in forms are always sent in plain text, so its up to HTTPS to secure it.
回答2:
You still need to make sure you send it via POST request, not GET. If you send it via GET request, it could be saved in plaintext in the user's browser history logs or the webserver's access logs.
回答3:
If HTTP is disabled, and you only use HTTPS, then you're not really transmitting the password as plain text anyway.
回答4:
Hash client side. Why? Let me tell you about a little experiment. Walk up to computer in company cafeteria. Open browser to company web site login page (https). Press F12, click network tab, check off persist log, minimize console but leave web page open to login page. Sit down and eat lunch. Watch as employee after employee logs on to the company web site and being a good little worker logs out when done. Finish lunch, sit down at computer bring up network tab and see every single username and password in plain text in the form bodys.
No special tools, no special knowledge, no fancy hacking hardware, no keyloggers just good old F12.
But hey, keep thinking all you need is SSL. The bad guys will love you for it.
回答5:
The other posters are correct. Now that you're using SSL to encrypt the transmission of the password, make sure you're hashing it with a good algorithm and salt so it's protected when it's at rest, too...
回答6:
Let’s make some notes to previous answers.
First, it’s probably not the best idea to use hash algorithms client side. If your password is salted on the server side, you won’t be able to compare hashes (at least not if you don’t store the client hash in the database in one of the hashing layers from the password, which is the same or worse). And you don’t want to implement the hashing algorithm used by the database on the client side, it would be silly.
Second, trading off cryptographic keys aren’t ideal either. The MITM could theoretically (considering he has a root cert installed on the client) change the cryptographic keys, and change with his own keys:
Original connection (not considering tls) from a theoretical server that exchanges keys:
Client request public keys > server holds the private keys, generate public keys to client > server sends public keys to client
Now, in a theoretical MITM atrack:
Client request public keys > MITM generates fake private keys > Server holds the private keys, generate public keys to client > MITM receives the public keys from the original server, now, we’re free to send our fake public keys to the client, and whenever a request comes from the client, we will decrypt the client data with the fake keys, change the payload (or read it) and encrypt with the original public keys > MITM sends fake public keys to client.
That’s the point of having trusted CA certificate in TLS, and that’s how you receive a message from the browser warning if the certificate isn’t valid.
In response to the OP: in my humble opinion you can’t do that, because sooner or later, someone will want to attack a user from your service and will try to break your protocol.
What you can do, however, is to implement 2FA to prevent people from ever trying to login with the same password. Beaware of replay attacks, though.
I’m not great with cryptography, please correct me if I’m wrong.
来源:https://stackoverflow.com/questions/962187/plain-text-password-over-https