Secure transmission and transmission of sensitive information 02/25 Update SLTechnology News&Howtos

Secure transmission and transmission of sensitive information

2025-02-25 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)06/01 Report--

1. Page form transfer

In order to prevent the submission of web form data from being stolen, the form content needs to be encrypted when the form is submitted, but the login password should not only be encrypted, but also ensure that the ciphertext of the password is inconsistent each time the login request is prompted. Otherwise, you can also access the background system by bypassing the form. At this point, you need to get a random number each time when initializing the login form submission. Each time you submit, you can make the password ciphertext different, so you can protect that ciphertext can only be used once and then become invalid.

2. APP data transmission

Step 1: app obtains the public key of asymmetric encryption when it connects to the server for the first time

Step 2: app generates a symmetrically encrypted key and uses the encryption and decryption key for each data exchange.

Step 3: app encrypts the symmetric key through the public key obtained in the first step and transmits it to the background server. The background server uses the private key to decrypt the symmetric key, and then the server uses it to encrypt and decrypt the data communication.

Referring to the secure transmission mechanism of https and using both symmetric encryption and asymmetric encryption algorithms, we can prevent data transmission symmetric keys from being stored in the client, and may also avoid the performance impact of asymmetric encryption.

3. Secure storage of database

Simply using md5 to encrypt the password is easy to be violently cracked by the rainbow table. If the encryption is treated with salt, it will greatly improve the security of the password. Traditional encryption: md5 (password), salt encryption: sha (password+email), where email is the so-called "salt salt", this salt can use different key fields in each row of records. For example, the mobile phone number, the ID key, or specifically generate a random number; this salt can avoid the failure of the standard password base.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.