Asp.net µÇ¼ÎÊÌâ - .NET¼¼Êõ / ASP.NET

Severity :Critical Privacy Violation: Unencrypted Password Submission .00
URL/File Names:
1. http://172.16.1.121:888/
This page may submit a password via an unencrypted connection. Found text: [<input
name="txtPassword" type="password",].
2. http://172.16.1.121:888/LoginForm.aspx
This page may submit a password via an unencrypted connection. Found text: [<input
name="txtPassword" type="password",].

²âÊÔʱ
µÇ¼ʱÃÜÂëû¼ÓÃÜ ÈçºÎ½â¾ö£¿

---

û¿´Ã÷°×£¬Ã»¼ÓÃܾͼÓÃÜÒ»ÏÂßÂ

---

md5

---

û¼û¹ý UP

---

ÓÃmd5¼ÓÃÜ

---

¿É²»¿ÉÒÔÉèΪ¼ÓÃÜµÄ±íµ¥Ìá½»£¿

---

string pwd = this.TextBox1.Text;
  string pwdSec = System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(pwd, "md5");

×ÅÕâ¸ö²»£¿

---

ʹÓÃMD5¼ÓÃÜ
this.MD5(this.txtpwd.text)

---

ÏÂÔØÒ»¸ömd5¼ÓÃÜjsº¯Êý£¬¼ÓÃܺóÌá½»

---

ÒýÓÃ

Õâ¸öÎÊÌâÊÇÃ÷ÃÜÂë·¢ËÍÎÊÌâ ΪÁË°²È«ÒªÔÚÓû§µã»÷µÇ¼ʱ¾ÍÒªÏȽøÐмÓÃÜ
Ê×ÏÈÓû§µã»÷ʱ£¨mousedown£©ÓÃAjaxÇëÇóloginServer.ashx ·µ»Ø¼ÓÃÜ´®

JScript code


<script type="text/javascript">
$(document).ready(function() {

$("#¡­¡­

ºÜÃ÷ÁËÁË¡¢

---

ÌáʾµÄÊÇûÓмÓÃܵÄÁ¬½Ó£¬²»ÊÇÃÜÂë
Äã×öµÄÊÇhttpsÀàÐ͵ÄÍøÕ¾°É