How to ensure the security of user name and password submission at the front end?

my project is Mini Program, and there is a requirement that the front end obtains the token, through the user name and password, but my project does not have a login page, so the back end wants me to fix a user name and password on the front page, no matter who visits it. But there are security problems that will arise again.
I think there are two kinds, one is to get the http request and the username and password by grabbing the package, and the other is to get the user name and password from the source file, such as a tool like firebug.
are there any good solutions to these two risks?
and is there a problem with our fixed way of obtaining token with a dead username and password? is there a better solution?
the project I worked on before does not have this kind of security requirement. Is it a wrong way to log in directly with the user name and password?


haven't you ever done Mini Program backend? This requirement should not have appeared at all before there is an introduction to the login process for the
Mini Program document, so that you can learn at the back end.


. Just get unid or openid


in that case, encrypt the username and password sent.
the same question can be found here:
https://codeshelper.com/q/10.

Mini Program can also use MD5 encryption
https://codeshelper.com/q/10.


Mini Program forces https, not to grasp the package


No matter who visits it, wear this user name and password, that is to say, anyone can log in, so why are you still afraid of others grabbing your package and getting your user name and password? aren't you all open to access by doing so?


the password from POST to the server is encrypted by the user password MD5. When the user logs in again, the correct password encrypted by MD5 must be consistent with that stored by the server. If the password is inconsistent, the password is entered incorrectly ~

.

this process does not need to pass the user's real password, which is more secure ~


Big error. Guess you want to be like APP. Then encrypt it. Anyway, no one else can get your encryption algorithm.


HTTPS is not necessarily secure. Some package grabbing tools can be cracked. It is best to use symmetric encryption at the front and back end. For example,


Mini Program has a login process. Let the backend read the documents and get the openid. And Mini Program's login process is encrypted by Wechat for you, so there will be no security problems. Even if there is a problem with Wechat


, when the front and rear ends are separated, the user credential Mini Program uses openid. If you do not want to use it, let the backend log in to a single location, and then record the ip,ip changes and force you to log in again to update the token information. This is basically fine

MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1e46172-270c4.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1e46172-270c4.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?