摘要
随着互联网的普及和发展,基于B/S系统下的浏览器网站存在许多安全性问题,其中暴力破解是对B/S系统具有威胁的恶意攻击技术之一。其原理是攻击者系统的嵌套和循环组合有可能的用户信息,向服务器发送登录请求,直到登录成功为止。该文分析了暴力破解的原理及特点,研究了防止暴力破解的方法,针对B/S系统的特点,提出了验证码认证、限定失败登录次数、认证日志监控、增大密码复杂度、判断用户登录ip、Json Web Token安全认证机制等防范方法,能够有效增强B/S系统的安全性。
With the popularization and development of Internet,there are many security problems in browser websites based on B/s system,among which brute force attack is one of the malicious attack technologies that threaten B/s system.The principle is that the nesting and looping combination of the attacker's system may combine the user information and send the login request to the server until the login succeeds.This paper analyzes the principle and characteristics of brute force cracking,and studies the meth⁃ods to prevent brute force cracking.According to the characteristics of B/s system,it puts forward some preventive methods,such as authentication code authentication,limiting the number of failed logins,authentication log monitoring,increasing password com⁃plexity,judging the user's login IP,and JSON web token security authentication mechanism,which can effectively enhance the se⁃curity of B/S system.
作者
刘世雄
张俊
LIU Shi-xiong;ZHANG Jun(Panzhihua University,Panzhihua 617000,China)
出处
《电脑知识与技术》
2021年第1期58-60,共3页
Computer Knowledge and Technology
基金
攀枝花学院大学生创新创业训练计划项目(项目编号:2020cxcy037)。
