Botai Zhang · Nov 17, 2020

Login encryption

When logging in to the management portal page, how to send the encrypted user name and password when sending a request

2 0 8 129



I would say by using https protocol.

Thank you.Lorenzo Scalese . How is HTTPS implemented in healthshare? Is this the only way?

Change% csp.login Is class implementation feasible?

Just as a quick caveat, I want to reiterate Nicholai's note on that post that the private web server should not be used for a production system; the private web server is primarily intended for out-of-the-box management portal access. If you need a full featured and https-secured web server to run your application, you should install a full web server.

Use SSL on an external web server such as Apache or IIS. Then disable the internal web server or at least restrict traffic to it. Note that many of the web services in HealthShare (if set up before deploying SSL) will be configured to use the internal (57772) web server. Those URLs in the Service Registry will need to be updated.

If I don't use Https and want to implement simple password transmission encryption and decryption (for example: Base64), as shown in the figure, CSP has completed the encryption operation. Would you like to ask where the decryption operation needs to be handled?

You have to use HTTPS, for such tasks, encryption passwords on the client-side not secure in any way. The only way to make it secure is by using SSL. Base64 is far from Security, anybody with such a string can get a real password. With SSL, it will be impossible to decrypt any traffic between client and server. So, even way, to catch anything about a password.