I now understand that when the user sends a login account and password . The server then verify the correct return a cookie, and a key, the user wants to save the cookie to use key encryption , use the time taken out from the database decrypted ( My purpose is to prevent others from stealing a cookie that model user action ) , there is a request to plus the cookie, the server receives the authentication cookie after aging , can accept the request
But using Ethereal tool found username, password directly exposed , and if the account password when sending the first encrypted and then decrypted server , then to the public key, if someone decompile , do not you still be able to get the public key
Thank you, please try to detail, now a bit confusing
------ Solution -------------------------- ------------------
confusing code or use the public key is written so ndk Curry, do not know right .
------ Solution ---------------------------------------- ----
I just know , if you want to use security publickey hair symmetrical key, between the server and the client using symmetric key, each landing had changed
------ reference ---- -----------------------------------
the wrong place ? Or not people understand
------ reference ------------------------------------ ---
how written so library
------ reference ----------------------------- ----------
https can
没有评论:
发表评论