admin管理员组文章数量:1391925
I'm working on a HTML5 mobile app. The app only uses 1 html file which contains a login form. On submit javascript posts the username and password to a php script on the server which returns 'true' or 'false'.
When the authentication returns true the app changes the html5 page and stores the username and password in html5 local storage.
Since this is sensitive data my question is how to store these values in a secure way?
function handleLogin() {
var form = $("#loginForm");
var u = $("#username", form).val();
var p = $("#password", form).val();
if(u != '' && p!= '') {
$.post(".php", {username:u,password:p}, function(res) {
if(res == true) {
//store
window.localStorage["username"] = u;
window.localStorage["password"] = p;
$.mobile.changePage("index-2.html");
} else {
/// error message
}
$("#submitButton").removeAttr("disabled");
},"json");
}
return false; }
I'm working on a HTML5 mobile app. The app only uses 1 html file which contains a login form. On submit javascript posts the username and password to a php script on the server which returns 'true' or 'false'.
When the authentication returns true the app changes the html5 page and stores the username and password in html5 local storage.
Since this is sensitive data my question is how to store these values in a secure way?
function handleLogin() {
var form = $("#loginForm");
var u = $("#username", form).val();
var p = $("#password", form).val();
if(u != '' && p!= '') {
$.post("http://www.mywebsite./login.php", {username:u,password:p}, function(res) {
if(res == true) {
//store
window.localStorage["username"] = u;
window.localStorage["password"] = p;
$.mobile.changePage("index-2.html");
} else {
/// error message
}
$("#submitButton").removeAttr("disabled");
},"json");
}
return false; }
- 1 This might help: stackoverflow./questions/5555167/… – Codesleuth Commented Feb 20, 2013 at 9:19
-
1
Also see this: developers.google./web-toolkit/doc/latest/… specifically the quote
HTML5 local storage saves data unencrypted in string form in the regular browser cache. It is not secure storage.– Codesleuth Commented Feb 20, 2013 at 9:20 - I suggest you read about "nonces": en.wikipedia/wiki/Cryptographic_nonce – elclanrs Commented Feb 20, 2013 at 9:22
- If you have control over the server you could make it return an authentication token instead of just true, and save that locally. That way you wouldn't need to save sensitive user data on the client. – Per Salbark Commented Feb 20, 2013 at 9:22
1 Answer
Reset to default 7I would suggest using Access tokens, since this can be updated and changed frequetly, it also doesnt reveal who the user or what their hashed password is.
http://php/manual/en/oauth.getaccesstoken.php
Edit: You do NOT want to use localStorage!
本文标签: phpHTML5 securely store usernamepasswordStack Overflow
版权声明:本文标题:php - HTML5 securely store usernamepassword - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1744710240a2621087.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论