如何在将文本发送到服务器之前处理文本
是的,我正在尝试建立一个安全的聊天网站,对您的消息进行加密和编码,只有您和与您交谈的人才能阅读这些消息。我正在使用RC4加密和Base64编码。问题是我使用表单给用户输入他们的消息,然后我需要JavaScript加密它并在将其发送到服务器之前对其进行编码。我无法在服务器上处理它的原因是因为这不是端到端加密。我有脚本加密它并对其进行编码。只是我需要它才能在发送之前完成它。我使用PHP来管理数据。
我尝试过:
我尝试用JavaScript发帖子。但是,这是一个很麻烦的事情,他们最好是一个更好的选择。
Right I am trying to make a secure chat website and encrypts and encodes your messages and only you and the person your talking to can read them. I am using RC4 encryption and Base64 encoding. The problem is that I am using a form for the user to type they message and then I need the JavaScript to encrypt it and encode it before it is sent to the server. The reason I can’t process it on the server, is because that wouldn’t be end to end encryption. I have the script to encrypted it and encode it. Is just I need it to do it before sending. I am using PHP to manage the data.
What I have tried:
I have trying making a post request in JavaScript. But it was to much of a hassle they most be a better option then that.
这些是你有的选择
HTTPS 将保护从应用程序(浏览器)到服务器的传输数据。是的,服务器会在消息到达时立即对其进行解密,但它可以在服务器中立即加密。
JavaScript 确实有要加密/解密的库。它并不是真正安全的,因为使用各种检测代理可以看到使用的代码和密钥。
Web程序集是一种标准化的二进制语言,允许在浏览器中通常被认为是服务器端语言。它相对较新,因此没有任何特定语言可用的脚本。您需要自己进行研究,看看这是否可行。
加密Web-API 允许使用低级别加密功能,但不是非常用户友好,并且当某人在安全操作中没有高流利性时,很容易搞砸。这需要使用JavaScript或Web Assembly进行访问。
These are the options that you have
HTTPS will secure the data in transport from the application(browser) to the server. Yes, the server is going to decrypt the message as soon as it arrives, but it can immediately be encrypted for it's time in the server.
JavaScript does have libraries that will encrypt/decrypt. It is not truly secure as the code and keys being used are visible using various inspection agents.
Web Assembly is a standardized binary language that allows what commonly is thought as server-side languages within a browser. It is relatively new so there are not oodles of scripts available for any particular language. You will need to do your own research to see if this is a viable option.
Crypto Web-API allow usage of low-level cryptographic functions but is not very user friendly, and can easily be messed up when someone does not have a high fluency in security operations. This would need to be accessed either using JavaScript or Web Assembly.
简答题,安全的javascript加密是不可能的。您需要实施SSL证书。
Google安全javascript加密以了解更多信息,但您最好通过letsencrypt获取免费的ssl证书并以此方式实施SSL而不是试图实施易受攻击的javascript加密解决方案。
Short answer, secure javascript encryption is not possible. You need to implement SSL certificates.
Google "secure javascript encryption" to read more about it but you are better off getting free ssl certs via letsencrypt and implementing SSL that way rather than trying to implement a javascript encryption solution that is vulnerable to attacks.