반응형

IE(Internet Explorer)에서 메모리 덤프 패스워드 노출 방지

onsubmit함수를 통해서 패스워드를 주기적으로 초기화시

메모리덤프에 평문이 노출되는 것을 방지 가능하다.

하지만 chrome에서는 ...

<form id="loginForm" action="./index2.php" method="post" onsubmit="pwd_handler(this);">
    <input type="text" name="username" />
    <input type="password" name="password" autocomplete="off"/>
    <input type="hidden" name="md5password" value="" />
    <button onclick="fn_submit()">LOGIN</button>
</form>

<script src="//code.jquery.com/jquery.min.js"></script>
<script src="//cdn.rawgit.com/placemarker/jQuery-MD5/master/jquery.md5.js"></script>
<script type="text/javascript">
function pwd_handler(form)
{
        if (form.password.value != '')
        {
            form.md5password.value = $.md5(form.password.value);
            form.password.value = '';
        }
}

function fn_submit(){
    $.ajaxSetup({cache: false});
    document.getElementById('loginForm').submit();
}
</script>

[참고사이트]

https://resources.infosecinstitute.com/topic/browser-based-vulnerabilities-in-web-applications/#gref

https://stackoverflow.com/questions/23451956/how-do-i-encrypt-md5-text-input-before-sending-information-via-get

728x90

+ Recent posts