开发者

Code hash function over data in form - already have function but don't know where to call

问答 作者:

I have form in my html page

<form id="login_form" method="POST" action="index.php">
    <table>
        <tr>
            <td><label style="color:#47A3FF;" for="name" title="User name">
                Username</label></td>
            <td><input style="color:#47A3FF;" dojoType="dijit.form.TextBox"
                type="text" name="username"></td>
        </tr>
        <tr>
            <td><label style="color:#47A3FF;" for="loc">Password: </label></td>
            <td><input style="color:#47A3FF;" dojoType="dijit.form.TextBox"
                type="password" name="password"></td>
        </tr>
        <tr>
            <td colspan="2" align="center">
                <button dojoType="dijit.form.Button"  class="soria" style="border: 1px solid black; float:right;"
                type="submit">Login</button></td>
        </tr>
    </table>
</form>

Do I need to use SHA256 when I send username and password o开发者_如何学JAVAver network ? How to use SHA256 over those data ( I have function sha256_hash which use string and return hashed value, but I don't know where to call that function ) ?

You should hash the desired values when the form is submitted.

I guess something like this should work :

HTML

<form onsubmit="return myOnSubmit(this);">

JavaScript

function myOnSubmit(aForm) {
    //Getting the two input objects
    var inputUsername = aForm['username'];
    var inputPassword = aForm['password'];

    //Hashing the values before submitting
    inputUsername.value = sha256_hash(inputUsername.value);
    inputPassword.value = sha256_hash(inputPassword.value);

    //Submitting
    return true;
}

EDIT : Because of the 'Hashing the values before submitting' part, it will not work if you have a maxlength property, because hashed values are much longer than just the clear password.

If you MUST use a maximum length, then you would need to implement HIDDEN FIELDS and changing those values, and making sure the fields containing the clear data aren't submitted (outside of the <FORM> tag).

<button dojoType="dijit.form.Button"  class="soria" style="border: 1px solid black; float:right;" type="submit" onclick="username.value=sha256_hash(username.value);password.value=sha256_hash(password.value)">Login</button></td>

Generally when you send sensitive data, you have only to worry about password, so you can hash password and leave user as it.

继续阅读:javascriptsha256

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9