uphando malunga nokutshintsha indlela yokwenza umxholo oxutyiweyo kumaphepha avulwe nge-HTTPS. Ngaphambili, ukuba bekukho amacandelo kumaphepha avulwe nge-HTTPS alayishwe ngaphandle koguqulelo oluntsonkothileyo (nge-http:// protocol), isalathisi esikhethekileyo saboniswa. Kwixesha elizayo, kuye kwagqitywa ukuvala ukulayishwa kwezixhobo ezinjalo ngokungagqibekanga. Ke, amaphepha avulwe nge-"https://" aya kuqinisekiswa ukuba aqulathe kuphela izixhobo ezikhutshelweyo ngejelo lonxibelelwano elikhuselekileyo.
Kuyaphawulwa ukuba ngoku ngaphezu kwe-90% yeendawo ezivulwa ngabasebenzisi beChrome basebenzisa i-HTTPS. Ubukho bezinto ezifakiweyo ezilayishwe ngaphandle kwe-encryption zidala izisongelo zokhuseleko ngokuguqulwa komxholo ongakhuselekanga ukuba kukho ulawulo kwijelo lonxibelelwano (umzekelo, xa udibanisa nge-Wi-Fi evulekile). Isalathisi somxholo oxubileyo sifunyenwe singasebenzi kwaye silahlekisa umsebenzisi, njengoko singaboneleli ngovavanyo olucacileyo lokhuseleko lwephepha.
Okwangoku, ezona ntlobo ziyingozi kakhulu zomxholo oxutyiweyo, njengezikripthi kunye nee-iframes, sele zivaliwe ngokungagqibekanga, kodwa imifanekiso, iifayile zomsindo kunye neevidiyo zinokukhutshelwa nge-http: //. Ngokusebenzisa i-spoofing yemifanekiso, umhlaseli unokuthatha indawo ye-cookies zokulandela umkhondo wabasebenzisi, azame ukuxhaphaza ubuthathaka kwiiprosesa zemifanekiso, okanye enze umgunyathi ngokutshintshela ulwazi olunikezwe emfanekisweni.
Ukuqaliswa kokubhloka kwahlula ngamanqanaba amaninzi. IChrome 79, ebikelwe uDisemba 10, iya kuba nesetingi esitsha esiza kukuvumela ukuba ukhubaze ukubhloka kweziza ezithile. Olu seto luza kusetyenziswa kumxholo oxutyiweyo osele uvaliwe, njengezikripthi kunye nee-iframes, kwaye ziya kubizwa phezulu ngemenyu eyehlayo xa ucofa isimboli sokutshixa, ibuyisela isalathisi esicetywayo sangaphambili sokukhubaza ukuvala.
I-Chrome 80, ekulindeleke ngoFebruwari 4, iya kusebenzisa isikimu sokuthintela okuthambileyo kwiifayile zeaudio kunye nevidiyo, oku kuthetha ukutshintshwa ngokuzenzekelayo kwe-http: // amakhonkco kunye ne-https: //, eya kugcina ukusebenza ukuba uvimba oyingxaki uyafikeleleka nge-HTTPS. . Imifanekiso iya kuqhubeka ilayisha ngaphandle kotshintsho, kodwa ukuba ikhutshelwe nge-http://, i-https:// amaphepha aya kubonisa isalathisi soqhagamshelwano olungakhuselekanga kulo lonke iphepha. Ukutshintsha ngokuzenzekelayo kwi-https okanye kwi-block imifanekiso, abaphuhlisi besayithi baya kukwazi ukusebenzisa iipropathi ze-CSP zokuphucula-izicelo ezikhuselekileyo kunye ne-block-all-mixed-content. IChrome 81, ecwangciselwe uMatshi 17, iya kuzilungisa ngokuzenzekelayo i-http: // ukuya ku-https: // ukuze kufakwe imifanekiso exutyiweyo.
Ukongeza, uGoogle malunga nokudityaniswa kwenye yokukhutshwa okulandelayo kweChome isikhangeli secandelo elitsha lokuHlolwa kwePassword, ngaphambili kwifom . Ukudibanisa kuya kukhokelela ekubonakaleni kumphathi wephasiwedi weChrome rhoqo wezixhobo zokuhlalutya ukuthembeka kweephasiwedi ezisetyenziswa ngumsebenzisi. Xa uzama ukungena kuyo nayiphi na indawo, igama lakho lokungena kunye negama lokugqitha liya kujongwa ngokuchasene nesiseko sedatha yeeakhawunti ezithotyiweyo, kunye nesilumkiso esibonisiweyo ukuba iingxaki zibhaqiwe. Ukutshekishwa kwenziwa ngokuchasene nedathabheyisi egubungela ngaphezulu kwe-4 yeebhiliyoni zeeakhawunti ezichaphazelekileyo ezivele koovimba bolwazi abavuzayo. Isilumkiso siya kuboniswa ukuba uzama ukusebenzisa amagama ayimfihlo angenamsebenzi anje ngo "abc123" (nge I-Google 23% yabantu baseMelika basebenzisa iiphasiwedi ezifanayo), okanye xa usebenzisa igama eliyimfihlo kwiindawo ezininzi.
Ukugcina ubumfihlo, xa ufikelela kwi-API yangaphandle, kuphela iibytes ezimbini zokuqala ze-hash yokungena kunye negama lokugqitha zihanjiswa (i-algorithm ye-hashing isetyenziswa ). I-hash epheleleyo iguqulelwe ngokuntsonkothileyo ngesitshixo esenziwe kwicala lomsebenzisi. I-hashes yasekuqaleni kwi-database ye-Google nayo ifakwe kwi-encrypted kwaye kuphela i-bytes yokuqala yokuqala ye-hash eseleyo kwi-indexing. Ukuqinisekiswa kokugqibela kwee-hashes eziwela phantsi kwe-prefix ye-byte ezimbini ezigqithisiweyo zenziwa kwicala lomsebenzisi usebenzisa itekhnoloji ye-cryptographic "", apho kungekho mntu uwaziyo imixholo yedatha ejongwayo. Ukukhusela imixholo yogcino-lwazi lweeakhawunti ezithotyiweyo ezimiselwa ngamandla akhohlakeleyo ngesicelo sezimaphambili ezingenasizathu, idatha egqithisiweyo iguqulelwe ngokuntsonkothileyo ngokudityaniswa nesitshixo esiveliswe kwisiseko sokungqinisiswa kwendibaniselwano yokungena kunye negama eliyimfihlo.
umthombo: opennet.ru