Write a Login interface, can pass the account and password to log in
Password in real project, it is conducted a MD5 encrypted,
The interface using the Swagger and password directly clear transmission, how to conduct a MD5 encryption (don't need a key, direct encryption)
NetCore3.1 + Swagger5.4.1

CodePudding user response:

Local client password encryption, and then,
Server side comparing itself with encrypted string can

CodePudding user response:

reference 1st floor SoulRed response:

local client password encryption, and then,
Server side comparing itself with encrypted string can

I'm sorry, didn't understand local client encrypted transmission is what meaning,

I real business scenarios, is:
The backend: asp.net
the core APIFront end: vue + element
Front at the time of the login, have no key encryption to a password, and then through the API to the back end,
The front end, it is said that local client you mean?
Now interface through Swagger calls, Swagger is equivalent to the vue front end,
So when I login, Swagger in theory, also want to the same password for a key encryption, and then through the same API interface to the back end,
Card here now, Swagger to API password is clear,
And I don't want to in the API to MD5 encryption
1, don't want to do this in the back end should have the front-end to complete step no Key encryption (), the front-end should do don't want to move to the back end,
2, back-end with the back-end to do encryption (another with random Key secondary encryption), and this has nothing to do with this problem,
So, how should front-end (Swagger) encryption?

CodePudding user response:

I suggest you don't bothering Swagger,

Tests, use the online tool (or yourself to write a tool to do the MD5 password, then the MD5 results fill Swagger test page,

CodePudding user response:

reference github_36000833 reply: 3/f

I suggest you don't bothering Swagger,

Tests, use the online tool (or write a tool) do the MD5 password first, then the MD5 results fill Swagger test page,

Well, can't find the way, can only do so

CodePudding user response:

Password should be the original transmission, rather than the md5, are made a hash of the server, your design itself is very strange,

CodePudding user response:

Swagger of the front desk can not literally write js? Your password to a fixed selector.

In the text box and then set the global beforesend values into the md5 (text box) not finished

CodePudding user response:

Well, swagger is just a test + documentation tools,
You ask him to help you to replace the login interface, the password to md5, isn't it too much?

CodePudding user response:

All login, password authentication scenario, the password (such as fingerprint, face, captcha) key information can't use clear transmission, otherwise belong to the serious design error, the normal design method is: will the key information is encrypted (or scattered list Hash), transfer to the server decryption expressly Hash (or Hash server), and then compared with information on the server,

CodePudding user response:

refer to fifth floor guiyang horse Ma Shanfu plugging waterproof engineering professional maintenance of swimming pool response:

password should be the original transmission, rather than the md5, are made a hash of the server, your design itself is very strange,

Simply no secret key encryption, starting from the controller, just don't want to know what the user is clearly, probably is this meaning,

CodePudding user response:

references on 7th floor is wrath of god reply:

, swagger is just a test + documentation tools,
You ask him to help you to replace the login interface, the password to md5, isn't it too much?

Well, I also hope that it will enrich 1:00 more, such as the Postman Pre - request Script, that is more convenient,

CodePudding user response:

refer to 6th floor by_ love reply:

swagger of the front desk can not literally write js? Your password to a fixed selector.

In the text box and then set the global beforesend values into the md5 (text box) don't you just finished

Well,,, didn't try to swagger page write js code, still can do,, just look at tomorrow,