I am writing a site for which I require all data to be transmitted under encryption.
Last night I was considering encrypting form data before posting it but I've just created a Django form for login and realised that using the action field will send the data back to the server unencrypted.
<form method="post" action="">开发者_C百科
{% csrf_token %}
<div id="login_box_user">{{loginForm.userName}}</div>
<div id="login_box_pass">{{loginForm.password}}</div>
<div id="login_box_sbmt"><input id="submitbutton" name="submit" value="Login" type="submit" /></div>
</form>
I'm thinking that in order to get around this, I would need to have a Javascript function as the action to encode it before sending, or a Javascript submit button.
At the same time I'm thinking about SSL but we don't currently have a server running so I wouldn't be able to connect an SSL certificate to it for use during development/testing. The way I understand it, using SSL the data transmitted would be encrypted. I'm wondering if it is worth the effort of encrypting everything, when I plan to get an SSL certificate and using SSL once we have a domain for the site
Encryption in JavaScript is useless as explained here. So SSL is your only option.
I've found some information here if you plan to deploy your site with https:
http://www.redrobotstudios.com/blog/2009/02/18/securing-django-with-ssl/
精彩评论