axios:如何防止 GET 请求显示我的密码?
我创建了一个函数来检查用户的密码,请求是:
axios.get("http://localhost:3003/api/get/pwd_checking/" + userId + "/" + userPassword, {
headers: { 'authorization': localStorage.getItem('token') }
})
.then(response => {
// The password is correct!
})
.catch(err => alert("Wrong Password!"))
如果出现错误(主要是由于密码错误),我希望仅收到警报,但是,在浏览器开发工具中,我也得到:
GET http://localhost:3003/api/get/pwd_checking/346/theWrongPwd 401 (Unauthorized)
尽管“theWrongPwd”不是一个好的密码,但人们可以知道我密码的大部分字符(有时,我们只是拼错了一个单个字母)。我怎样才能防止这种情况发生呢?
预先感谢您的宝贵时间!
I've created a function to check the user's password, the request is:
axios.get("http://localhost:3003/api/get/pwd_checking/" + userId + "/" + userPassword, {
headers: { 'authorization': localStorage.getItem('token') }
})
.then(response => {
// The password is correct!
})
.catch(err => alert("Wrong Password!"))
In case of error (mostly because of wrong password), I expect to get ONLY the alert, but, in the Browser Developer Tools, I also get:
GET http://localhost:3003/api/get/pwd_checking/346/theWrongPwd 401 (Unauthorized)
Even though the "theWrongPwd" is not the good one, but people could know most of the characters of my password (sometimes, we just misspell a single letter). How could I prevent that?
Thank you in advance for your time!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
要检查密码,我们应该使用 POST 方法。因为我们的密码数据是安全的,需要安全性。当使用 POST 方法时,数据以捆绑形式发送到服务器。但是在 GET 方法中,数据被发送到服务器,然后是 url,就像附加 url 请求一样,每个人都可以看到。
因此,为了安全的身份验证和授权过程,我们应该使用 POST 方法。
我希望这个解决方案能够帮助您。
谢谢
To check password we should use POST method. Because our password data is secure which needs security. When use POST method the data is sent to server in a bundle. But in GET method data is sent to the server followed by the url like append with url request which will be seen to everyone.
So For secure authentication and authorization process we should use POST method.
I hope this solution will help you.
Thanks