Django 站点加密

发布于 2024-12-07 15:26:57 字数 725 浏览 1 评论 0原文

我正在编写一个网站，要求所有数据都加密传输。

昨晚，我考虑在发布表单数据之前对其进行加密，但我刚刚创建了一个用于登录的 Django 表单，并意识到使用操作字段会将数据发送回未加密的服务器。

<form method="post" action="">
            {% csrf_token %}
            <div id="login_box_user">{{loginForm.userName}}</div>
            <div id="login_box_pass">{{loginForm.password}}</div>
            <div id="login_box_sbmt"><input id="submitbutton" name="submit" value="Login" type="submit" /></div>
        </form>

我想，为了解决这个问题，我需要一个 Javascript 函数作为在发送之前对其进行编码的操作，或者一个 Javascript 提交按钮。

同时，我正在考虑 SSL，但我们目前没有运行服务器，因此我无法将 SSL 证书连接到它以在开发/测试期间使用。据我了解，使用 SSL 传输的数据将被加密。我想知道当我计划获得 SSL 证书并在我们拥有该网站的域名后使用 SSL 时，加密所有内容是否值得

原文

I am writing a site for which I require all data to be transmitted under encryption.

Last night I was considering encrypting form data before posting it but I've just created a Django form for login and realised that using the action field will send the data back to the server unencrypted.

<form method="post" action="">
            {% csrf_token %}
            <div id="login_box_user">{{loginForm.userName}}</div>
            <div id="login_box_pass">{{loginForm.password}}</div>
            <div id="login_box_sbmt"><input id="submitbutton" name="submit" value="Login" type="submit" /></div>
        </form>

I'm thinking that in order to get around this, I would need to have a Javascript function as the action to encode it before sending, or a Javascript submit button.

At the same time I'm thinking about SSL but we don't currently have a server running so I wouldn't be able to connect an SSL certificate to it for use during development/testing.
The way I understand it, using SSL the data transmitted would be encrypted. I'm wondering if it is worth the effort of encrypting everything, when I plan to get an SSL certificate and using SSL once we have a domain for the site

分享到QQ

分享到微博