環境:
A: Server (192.168.0.101) + Apache2 ServerB: Client (192.168.0.101) + browser
概念流程:
Cookie sid尚未存在於browser的情況 -
A <--------------------------------------------- GET index.cgi ----------------------------------------- BA ---------------------------------------------- output login.html --------------------------------------> B
A <------------------------------ POST username/passowrd to login.cgi (js) ----------------------- B
A -----after login.cgi response: write sid into cookie and then redirect to index.cgi (js)--------> B
Cookie sid存在browser的情況 -
A <--------------------------------------------- GET index.cgi ----------------------------------------- BA ---------------------------------------------- output login.html --------------------------------------> B
index.cgi
if (COOKIE's sid in connected sessions) {output operation.html
} else {
output login.html
}
login.cgi
if (username and password in db) {reponse sid for write cookie
} else {
// do nothing
}
安全性考量:
1. user輸入的username和password都需要在client js端加密2. 存下來的user/password一定要是加密後的結果
References:
一篇好文章,有關password加密入門基礎觀念http://www.jasypt.org/howtoencryptuserpasswords.html
CGI programming
http://www.tutorialspoint.com/cplusplus/cpp_web_programming.htm
Http Cookie
http://en.wikipedia.org/wiki/HTTP_cookie
有關C/C++ key generate sample code(public key/private key)
https://shanetully.com/2012/04/simple-public-key-encryption-with-rsa-and-openssl/
有關javascript encrypt
https://code.google.com/p/crypto-js/#SHA-1
沒有留言:
張貼留言