Google mayelana nokushintsha indlela yokucubungula okuqukethwe okuxubile emakhasini avulwe nge-HTTPS. Ngaphambilini, uma bekunezingxenye emakhasini ezivulwe nge-HTTPS ebezilayishwe ngaphandle kokubethela (nge-http:// protocol), kuboniswe inkomba ekhethekile. Esikhathini esizayo, kunqunywe ukuthi kuvinjwe ukulayishwa kwezinsiza ezinjalo ngokuzenzakalelayo. Ngakho, amakhasi avulwe nge-“https://” azoqinisekiswa ukuthi aqukethe kuphela izinsiza ezilandwe ngesiteshi sokuxhumana esivikelekile.
Kuyaphawulwa ukuthi okwamanje ngaphezu kuka-90% wamasayithi avulwa abasebenzisi be-Chrome basebenzisa i-HTTPS. Ukuba khona kwezinto ezifakiwe ezilayishwe ngaphandle kokubethela kudala izinsongo zokuphepha ngokuguqulwa kokuqukethwe okungavikelekile uma kunokulawula isiteshi sokuxhumana (isibonelo, lapho uxhuma nge-Wi-Fi evulekile). Inkomba yokuqukethwe okuxubile itholwe ingasebenzi futhi idukisa umsebenzisi, njengoba inganikezi ukuhlolwa okucacile kokuvikeleka kwekhasi.
Okwamanje, izinhlobo eziyingozi kakhulu zokuqukethwe okuxubile, njengemibhalo nama-iframe, sezivinjelwe ngokuzenzakalela, kodwa izithombe, amafayela alalelwayo namavidiyo asengalandwa nge-http://. Ngokukhwabanisa kwesithombe, umhlaseli angashintsha amakhukhi okulandelela umsebenzisi, azame ukuxhaphaza ubungozi kumaphrosesa wesithombe, noma enze umgunyathi ngokushintsha ulwazi olunikezwe esithombeni.
Ukwethulwa kokuvinjwa kuhlukaniswe izigaba eziningana. I-Chrome 79, ehlelelwe uDisemba 10, izofaka isilungiselelo esisha esizokuvumela ukuthi ukhubaze ukuvinjwa kwamasayithi athile. Lesi silungiselelo sizosetshenziswa kokuqukethwe okuxubile osekuvinjiwe kakade, okufana nemibhalo nama-iframe, futhi kuzobizwa ngemenyu eyehlelayo lapho uchofoza uphawu lokukhiya, esikhundleni senkomba ehlongoziwe ngaphambilini yokukhubaza ukuvimba.
I-Chrome 80, okulindeleke ngo-February 4, izosebenzisa uhlelo oluthambile lokuvimba amafayela omsindo nevidiyo, okusho ukushintshwa okuzenzakalelayo kwezixhumanisi ze-http:// ezino-https://, ezizogcina ukusebenza uma isisetshenziswa esiyinkinga futhi sifinyeleleka nge-HTTPS. . Izithombe zizoqhubeka zilayisheka ngaphandle kwezinguquko, kodwa uma zilandwa nge-http://, amakhasi we-https:// azobonisa inkomba yokuxhumana engavikelekile kulo lonke ikhasi. Ukuze ushintshele ku-https noma uvimbele izithombe ngokuzenzakalelayo, abathuthukisi besayithi bazokwazi ukusebenzisa i-CSP yokuthuthukisa i-insecure-requests kanye ne-block-all-mixed-content. I-Chrome 81, ihlelelwe uMashi 17, izolungisa ngokuzenzakalelayo i-http:// ukuya ku-https:// ukuze kulayishwe izithombe ezixubile.
Ngaphezu kwalokho, i-Google mayelana nokuhlanganiswa kokunye kokukhishwa okulandelayo kwesiphequluli se-Chome sengxenye entsha Yokuhlola Iphasiwedi, ngaphambilini ngesimo . Ukuhlanganiswa kuzoholela ekubonakaleni kumphathi wephasiwedi ojwayelekile we-Chrome wamathuluzi okuhlaziya ukuthembeka kwamaphasiwedi asetshenziswa umsebenzisi. Uma uzama ukungena kunoma iyiphi isayithi, ukungena kwakho nephasiwedi kuzobhekwa kusizindalwazi sama-akhawunti onakalisiwe, kube nesixwayiso esivezwayo uma izinkinga zitholwa. Ukuhlolwa kwenziwa ngokumelene nesizindalwazi esihlanganisa ama-akhawunti onakalisiwe angaphezu kwezigidigidi ezi-4 avele kuzigcinilwazi zabasebenzisi eziputshuziwe. Isexwayiso sizophinda sivele uma uzama ukusebenzisa amagama ayimfihlo angathi shu njengokuthi "abc123" (by I-Google 23% yabantu baseMelika isebenzisa amagama ayimfihlo afanayo), noma uma isebenzisa igama-mfihlo elifanayo kumasayithi amaningi.
Ukugcina ubumfihlo, lapho ufinyelela i-API yangaphandle, ama-byte amabili okuqala kuphela e-hashi yokungena nephasiwedi adluliselwa (i-algorithm ye-hashing isetshenziswa. ). I-hashi egcwele ibethelwe ngokhiye okhiqizwe ohlangothini lomsebenzisi. Ama-hashi asekuqaleni kusizindalwazi se-Google nawo abethelwe ngokungeziwe futhi amabhayithi amabili okuqala kuphela e-hashi asele ukuze afakwe ohlwini. Ukuqinisekiswa kokugcina kwama-hashes awela ngaphansi kwesiqalo samabhayithi amabili adlulisiwe kwenziwa ngasohlangothini lomsebenzisi kusetshenziswa ubuchwepheshe be-cryptographic "“, lapho kungekho muntu owazi okuqukethwe kwedatha ehlolwayo. Ukuze kuvikelwe okuqukethwe kwesizindalwazi sama-akhawunti onakalisiwe anqunywa amandla anonya ngesicelo seziqalo ezingafanele, idatha edlulisiwe ibethelwa ngokuhlobene nokhiye owenziwe ngesisekelo senhlanganisela eqinisekisiwe yokungena nephasiwedi.
Source: opennet.ru