Google nezvekuchinja maitiro ekugadzirisa zvakasanganiswa zvemukati pamapeji akavhurwa kuburikidza neHTTPS. Kare, kana paive nezvikamu pamapeji akavhurwa kuburikidza neHTTPS aive akatakurwa kubva pasina encryption (kuburikidza ne http: // protocol), chiratidzo chakakosha chakaratidzwa. Mune ramangwana, zvakasarudzwa kuti zvivhare kurodha kwezvinhu zvakadaro nekutadza. Saka, mapeji anovhurwa kuburikidza ne "https://" anozovimbiswa kuti ane chete zviwanikwa zvakadhawunirodha kuburikidza yakachengeteka nzira yekutaurirana.
Zvinocherechedzwa kuti parizvino anopfuura makumi mapfumbamwe muzana emasaiti anovhurwa nevashandisi veChrome vachishandisa HTTPS. Kuvapo kwekuiswa kwakaremerwa pasina encryption kunogadzira kutyisidzira kwekuchengetedza kuburikidza nekugadziriswa kwezvinhu zvisina kudzivirirwa kana paine kutonga pamusoro peiyo nzira yekutaurirana (semuenzaniso, kana uchibatanidza neyakavhurika Wi-Fi). Chiratidzo chemukati chakavhenganiswa chakawanikwa chisingabatsiri uye chinotsausa kumushandisi, sezvo chisingapi kuongororwa kwakajeka kwekuchengetedzwa kwepeji.
Parizvino, mhando dzine njodzi dzemukati dzakasanganiswa, senge zvinyorwa uye iframe, dzakatovharwa nekusingaperi, asi mifananidzo, maodhiyo mafaira uye mavhidhiyo anogona kudhawunirodha kuburikidza ne http://. Kuburikidza nemufananidzo spoofing, munhu anorwisa anogona kutsiva mushandisi wekutevera Cookies, edza kushandisa kusagadzikana mumagadzirirwo emifananidzo, kana kuita manyepo nekutsiva ruzivo rwakapihwa mumufananidzo.
Kuiswa kwekuvharira kwakakamurwa kuita nhanho dzinoverengeka. Chrome 79, yakarongerwa Zvita 10, ichange iine marongero matsva ayo achakubvumidza kudzima kuvharira kune chaiwo masaiti. Kuseta uku kuchaiswa kune zvakasanganiswa izvo zvakatovharwa, senge zvinyorwa uye iframes, uye ichadaidzwa kumusoro kuburikidza nemenu inodonha kana iwe uchidzvanya pane yekukiya chiratidzo, kutsiva iyo yakambotaurwa chiratidzo chekudzima kuvharika.
Chrome 80, inotarisirwa muna Kukadzi 4, ichashandisa yakapfava yekuvharira hurongwa hwemaodhiyo nemavhidhiyo mafaera, zvichireva kutsiva otomatiki kwe http: // zvinongedzo ne https://, izvo zvinochengetedza kushanda kana dambudziko rinowanikwa richiwanikwa kuburikidza neHTTPS. . Mifananidzo icharamba ichikwira pasina shanduko, asi kana yakadhawunirodha kuburikidza nehttp://, mapeji e https:// anoratidza chiratidzo chekubatanidza chisina kuchengetedzeka chepeji rese. Kuti uchinje otomatiki kuita https kana kuvharisa mifananidzo, vanogadzira saiti vanozokwanisa kushandisa CSP zvivakwa kusimudzira-insecure-zvikumbiro uye block-all-mixed-content. Chrome 81, yakarongerwa Kurume 17, ichagadzirisa otomatiki http:// ku https:// yemifananidzo yakasanganiswa yekuiswa.
Mukuwedzera, Google nezve kubatanidzwa mune imwe yekutevera kuburitswa kweChome browser yeiyo nyowani Password Checkup chikamu, kare muchimiro . Kubatanidzwa kunotungamira mukuonekwa mune yenguva dzose Chrome password maneja wezvishandiso zvekuongorora kuvimbika kwemapassword anoshandiswa nemushandisi. Paunenge uchiedza kupinda mune chero saiti, yako yekupinda uye password inotariswa uchitarisana nedhatabhesi yeakakanganiswa maakaundi, ine yambiro inoratidzwa kana matambudziko aonekwa. Cheki inoitwa ichipokana nedhatabhesi inofukidza anopfuura mabhiriyoni mana akakanganiswa maakaundi akaonekwa mune akaburitswa mushandisi dhatabhesi. Yambiro icharatidzwawo kana ukaedza kushandisa mapassword mashoma se "abc4" (by Google 23% yevanhu vekuAmerica vanoshandisa mapassword akafanana), kana pavanenge vachishandisa password yakafanana pamasaiti akawanda.
Kuti uchengetedze zvakavanzika, kana uchiwana yekunze API, chete maviri ekutanga mabyte ehashi yelogin uye password anofambiswa (iyo hashing algorithm inoshandiswa. ) Iyo hashi yakazara yakavharidzirwa nekiyi inogadzirwa parutivi rwemushandisi. Iwo epakutanga hashes muGoogle dhatabhesi zvakare akavharidzirwa uye chete maviri ekutanga mabyte ehashi asara kuti anyore. Kuongororwa kwekupedzisira kwema hashes anowira pasi peiyo inofambiswa maviri-byte prefix inoitwa parutivi rwemushandisi uchishandisa cryptographic tekinoroji "", umo pasina bato rinoziva zviri mukati me data iri kuongororwa. Kuti udzivirire kubva pane zviri mukati medhatabhesi yeakaunzi akatemerwa akatemerwa nechisimba nechisimba nechikumbiro chekupokana prefixes, iyo data inotumirwa inovharirwa maererano nekiyi inogadzirwa pahwaro hwekubatanidzwa kwakasimbiswa kwekupinda uye password.
Source: opennet.ru