SQL注入漏洞与Cookie记录账号密码问题处理方案
防SQL注入漏洞处理方案1、系统设置开启加密设定(请求加密)https://doc.jepaas.com/uploads/je_doc_jepaas/images/m_d117c3526d2ef6809e172998bc3fb0bd_r.png2、系统变量添加加密参数公共变量https://doc.jepaas.com/uploads/je_doc_jepaas/images/m_0f245fb4debf6ba5e1101ee2ac91f8e9_r.png参数名:JE_SYS_ENCRYPT_FIELD
参数值:whereSql,orderSql,tableCode,sql,pkValue,expandSql,parentSql,useOrderSql,funcCode,funcId,permSql,j_query,j_parent,j_parent,dbSql
处理cookie记录账号密码
请求接口会记录登录账号的用户名密码,这样会造成数据泄露
https://doc.jepaas.com/uploads/je_doc_jepaas/images/m_edb39b6955055655c3d7c03e54814447_r.png
处理方案
1、登录页去掉记住状态选项https://doc.jepaas.com/uploads/je_doc_jepaas/images/m_ce2e9bb08dee9a9da40883d094d0228a_r.png
2、打开前端插件项目,找到login.vue,先将界面记住状态隐藏https://doc.jepaas.com/uploads/je_doc_jepaas/images/m_f8bbcbe8364845b4acddbc7cbb1df48d_r.png
3、记住状态隐藏掉,只是界面看不见了,实际逻辑中默认了记住状态为true,改为false即可https://doc.jepaas.com/uploads/je_doc_jepaas/images/m_8b30f4abf6dcead46148492a52e8c9c3_r.png
4、修改完之后进行插件打包部署
5、登录界面显示
https://doc.jepaas.com/uploads/je_doc_jepaas/images/m_d400b7c8fa1e745e7334e306cc0e20f3_r.png
页:
[1]