So I'm tring to create a secure form ( username & password ) with the usernames and passwords stored stored in a Json fil. So I have some questions.
所以我要创建一个安全的表单(用户名和密码),其中存储的用户名和密码存储在Json fil中。所以我有一些问题。
How can I secure that json file will not be accessible by something coming via cross-domain request? Or How can I ensure it will not.
如何通过跨域请求保护json文件无法访问?或者我怎样才能确保它不会。
How do I actually use the .post() the function with json. I mean I read the .post() documentation but it doesn't make much sense to me. Not how can I use it with Json at least.
我如何实际使用.post()函数与json。我的意思是我读了.post()文档,但它对我没有多大意义。不是我怎么能和Json一起使用它。
The json variable is something like that: var Arr = secureData.Users;
json变量是这样的:var Arr = secureData.Users;
Any suggestions on how can it be done? It shouldn't be hard from the tutorials that I read but I just don't get it.
关于如何做的任何建议?从我阅读的教程中应该不难,但我只是不明白。
PS: I looked into another way but that uses MySQL and PHP but I don't have a MySQL database ( nor want to build one ) and I don't use php at my site.
PS:我看了另一种方式,但是使用MySQL和PHP,但我没有MySQL数据库(也不想构建一个),我不在我的网站上使用php。
2 个解决方案
#1
1
What exactly are you trying to achieve?
你究竟想要实现什么目标?
Do you want to compare the username and password entered by the user to values stored in a file on the server? Then you could use .post() to send the values submitted by the user to the server, let the server perform the comparison and return an indication of whether the authentication succeeded. In this case, although it is certainly possible, there is no particular reason to use the JSON format in the file - CSV, XML or anything like that might be just as (or more) appropriate.
是否要将用户输入的用户名和密码与存储在服务器上的文件中的值进行比较?然后,您可以使用.post()将用户提交的值发送到服务器,让服务器执行比较并返回验证是否成功的指示。在这种情况下,虽然它当然是可能的,但没有特别的理由在文件中使用JSON格式 - CSV,XML或任何类似的(或更多)适当的。
EDIT: If you are not using PHP or any other server-side scripting, how do you expect to do the comparison? You obviously do not want to perform the comparison using javascript, since you will then have to send the correct values to the browser. That would obviously make your authentication mechanism very easy to circumvent / hack.
编辑:如果您没有使用PHP或任何其他服务器端脚本,您希望如何进行比较?您显然不希望使用javascript执行比较,因为您必须将正确的值发送到浏览器。这显然会使您的身份验证机制非常容易规避/破解。
#2
0
Just do not return/echo the complete JSON string with usernames/passwords in any way.
只是不要以任何方式返回/回显带有用户名/密码的完整JSON字符串。
#1
1
What exactly are you trying to achieve?
你究竟想要实现什么目标?
Do you want to compare the username and password entered by the user to values stored in a file on the server? Then you could use .post() to send the values submitted by the user to the server, let the server perform the comparison and return an indication of whether the authentication succeeded. In this case, although it is certainly possible, there is no particular reason to use the JSON format in the file - CSV, XML or anything like that might be just as (or more) appropriate.
是否要将用户输入的用户名和密码与存储在服务器上的文件中的值进行比较?然后,您可以使用.post()将用户提交的值发送到服务器,让服务器执行比较并返回验证是否成功的指示。在这种情况下,虽然它当然是可能的,但没有特别的理由在文件中使用JSON格式 - CSV,XML或任何类似的(或更多)适当的。
EDIT: If you are not using PHP or any other server-side scripting, how do you expect to do the comparison? You obviously do not want to perform the comparison using javascript, since you will then have to send the correct values to the browser. That would obviously make your authentication mechanism very easy to circumvent / hack.
编辑:如果您没有使用PHP或任何其他服务器端脚本,您希望如何进行比较?您显然不希望使用javascript执行比较,因为您必须将正确的值发送到浏览器。这显然会使您的身份验证机制非常容易规避/破解。
#2
0
Just do not return/echo the complete JSON string with usernames/passwords in any way.
只是不要以任何方式返回/回显带有用户名/密码的完整JSON字符串。