认证,而无需使用服务器
我在寻找的想法,没有通常的行程到服务器验证用户。
在客户端进行认证的用户的任何半安全的方法是可以接受的。
I'm looking for ideas to authenticate a user without the usual trip to a server. Any semi-secure way of authenticating a user on the client side is acceptable.
我存储一些加密了的秘密在一个js文件,那么只有拥有正确的code将能够解密用户认为,并在正确的code既可以输入或存储饼干什么的。
听起来不错,或者任何其他的想法?
I'm think of storing some encrypted secret in a js file, then only users that have the correct code will be able to decrypt it, and the correct code can be either entered or stored in a cookie or something. Sound good, or any other ideas?
也许你可以存储密码的哈希值,当用户被验证加密敏感应用JS源$ C $ C,以评估它正确的关键?
Maybe you can store a hash of a password and encrypt the sensible application JS source code, in order to evaluate it when the user is "authenticated" with the correct key ?
请参阅有关谷歌的这个文章关于JavaScript的处理方法。使用加密字符串的JavaScript源$ C $ C,你是客户片面的安全?
See this article about Google's method about javascript processing. Use an encrypted javascript string source code, and you are client-sided secure ?