开发者

Django Site encryption

I am writing a site for which I require all data to be transmitted under encryption.

Last night I was considering encrypting form data before posting it but I've just created a Django form for login and realised that using the action field will send the data back to the server unencrypted.

<form method="post" action="">开发者_C百科
            {% csrf_token %}
            <div id="login_box_user">{{loginForm.userName}}</div>
            <div id="login_box_pass">{{loginForm.password}}</div>
            <div id="login_box_sbmt"><input id="submitbutton" name="submit" value="Login" type="submit" /></div>
        </form>

I'm thinking that in order to get around this, I would need to have a Javascript function as the action to encode it before sending, or a Javascript submit button.

At the same time I'm thinking about SSL but we don't currently have a server running so I wouldn't be able to connect an SSL certificate to it for use during development/testing. The way I understand it, using SSL the data transmitted would be encrypted. I'm wondering if it is worth the effort of encrypting everything, when I plan to get an SSL certificate and using SSL once we have a domain for the site


Encryption in JavaScript is useless as explained here. So SSL is your only option.


I've found some information here if you plan to deploy your site with https:

http://www.redrobotstudios.com/blog/2009/02/18/securing-django-with-ssl/

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜