所以在过去,我使用 ASP.NET 页面从登录页面发布用户名和密码。由于代码位于服务器上并受到保护,因此用户名和密码对用户是隐藏的。现在,我已经在页面上切换了一个弹出 div 来登录网站。这个 div 里面没有 iframe,只有纯 html。我希望它在不重新加载页面的情况下进行身份验证。显然,div 内的按钮必须调用 Javascript 函数。此时,由于我无法将用户名和密码保留在 Javascript 中,因为它们是暴露的,所以我唯一的答案就是以 AJAX 请求的形式将数据发送到服务器。AJAX 是正确的方法吗?什么是阻止黑客发布数以千计的 AJAX 请求并试图入侵网站的方法?
谢谢你。
Yes, you do an AJAX request. You want to use jQuery AJAX which makes it very easy.
For protection against a person doing thousands of attacks the best way is to only allow a given number of requests from the same IP address within a given amount of time - this is of course done server-side.
You could also make your script for checking credentials very slow so that it's not so easy to hammer your website with attempts. If you put a pause into your script of 3-5 seconds it will take a long time do many attempts. But of course, if someone makes many simultaneous attempts to your website it might not have the great effect without any other security measure at the same time.