问题描述
Is there any way for strophe connection to prohibit viewing plaintext passwords?
我使用下面的方法strophe连接到XMPP服务器,但是当我使用console.log(connection)时,我可以看到登录的明文密码。您还可以在调试断点处看到明文密码。
var BOSH_SERVICE = 'http://127.0.0.1:7070/http-bind/';
var connection = null;
var connected = false;
var jid = "";
function onConnect(status) {
console.log(status)
if (status == Strophe.Status.CONNFAIL) {
alert("fail!");
} else if (status == Strophe.Status.AUTHFAIL) {
alert("fail!");
} else if (status == Strophe.Status.disCONNECTED) {
alert("fail!");
connected = false;
} else if (status == Strophe.Status.CONNECTED) {
alert("success!");
connected = true;
connection.addHandler(onMessage,null,'message',null);
connection.send($pres().tree());
}
// this connection can see the plaintext password;
console.log(connection);
}
...
$(document).ready(function() {
$('#btn-login').click(function() {
if(!connected) {
connection = new Strophe.Connection(BOSH_SERVICE);
connection.connect($("#input-jid").val(),$("#input-pwd").val(),onConnect);
jid = $("#input-jid").val();
}
});
...
});
断点调试图片如下:
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)