I-Google ixwayise ngoshintsho endleleni yokusingatha okuqukethwe okuxubile emakhasini avulwe nge-HTTPS. Phambilini, uma ngabe kunezakhi emakhasini avulekile ane-HTTPS elayishwe ngaphandle kokubethela (kusetshenziswa i-http: // protocol), ukuboniswa okukhethekile kubonisiwe.
Manje, kuzinguqulo ezilandelayo zesiphequluli, kuthathwe isinqumo sokuvimba ukulayishwa kwalezi zinsiza okuzenzakalelayo. Ngakho-ke, kuzoqinisekiswa ukuthi amakhasi avulwa nge- "https: //" aqukethe kuphela izinsiza ezilayishwe ngesiteshi sokuxhumana esiphephile.
Kuyabonakala ukuthi njengamanje abasebenzisi be-Chrome bavula ngaphezu kwama-90% amasayithi besebenzisa i-HTTPS. Ukuba khona kokufakwa okulandiwe ngaphandle kokubethela kudala usongo lokwephulwa kokuphepha ngokuguqulwa kokuqukethwe okungavikelekile phambi kokulawulwa kwesiteshi sokuxhumana (ngokwesibonelo, lapho uxhuma nge-Wi-Fi evulekile).
Isibonisi sokuqukethwe okuxubile sibonwa njengesingasebenzi futhi sidukisa, njengoba inganikeli ukuhlolwa okungaqondakali kokuphepha kwekhasi.
Okwamanje, izinhlobo eziyingozi kakhulu zokuqukethwe okuxubekile, njengezikripthi nama-iframes, sezivele zivinjiwe ngokuzenzakalela, kepha izithombe, amafayela womsindo namavidiyo asengalandwa nge- “http: //”.
Ngokufaka izithombe, umhlaseli angangena esikhundleni sezenzo zokulandelela amakhukhi, azame ukusizakala ngokuba sengozini kuzicubunguli zesithombe noma enze umgunyathi, angene esikhundleni solwazi olunikezwe esithombeni.
Isingeniso se-blockade sehlukaniswe ngezigaba eziningana. Ku-Chrome 79 (ehlelelwe uDisemba 10), Isilungiselelo esisha sizovela esizokhubaza ukuvinjwa kwamasayithi athile.
Amasethingi acacisiwe azosetshenziswa kokuqukethwe okuxubile okuvele kuvinjelwe, okufana nemibhalo kanye nama-iframes futhi kuzokwenziwa kusebenze ngemenyu evela lapho uchofoza uphawu lokhiye, esikhundleni senkomba ehlongozwe ngaphambilini ukukhubaza ukukhiya.
Ngenkathi nge-Chrome 80 (kulindeleke ngoFebhuwari 4) uhlelo lokuvimba luzosetshenziselwa amafayela alalelwayo namavidiyo, okubandakanya ukufaka okuzenzakalelayo kusuka ku-http: // kuye ku-https: // okuzokugcina kusebenza uma insiza yenkinga itholakala nge-HTTPS.
Izithombe zizoqhubeka nokulayisha zingashintshiwe, kepha uma ulanda nge-http: // kumakhasi we-https: // wekhasi lonke, kuzokhonjiswa inkomba yokuxhumana okungaphephile. Ngokushintshwa okuzenzakalelayo nge-https noma izithombe ezivinjiwe, abathuthukisi besiza bazokwazi ukusebenzisa izakhiwo ezivuselelwe-ezingavikeleki-futhi bavimbe konke okuqukethwe okuxubekile kwe-CSP.
Ukwethulwa kwe-Chrome 81, kuhlelwe ngoMashi 17, izosebenzisa i-AutoCorrect kusuka ku-http: // kuya ku-https: // ukulanda okuxubile kwezithombe.
Ngaphezu kwalokho, i-Google imemezele ukuhlanganiswa nenye yezinguqulo ezilandelayo zesiphequluli seChome, ingxenye entsha ye- Ukuhlola iphasiwedi, yathuthukiswa ngaphambilini njenge-plugin yangaphandle.
Ukuhlanganiswa kuzoholela ekubukekeni kumphathi we-password wesikhathi esigcwele Amathuluzi we-Chrome ukuhlaziya ukuthembeka kwamaphasiwedi asetshenzisiwe ngomsebenzisi. Uma uzama ukufaka noma yiliphi isayithi, igama lomsebenzisi nephasiwedi kuzoqinisekiswa ngokumelene ne-database yama-akhawunti afakwe engozini ngesexwayiso uma kunezinkinga.
Ukuqinisekiswa kwenziwa ku-database ehlanganisa ama-akhawunti angaphezu kwezigidi eziyizinkulungwane ezine okwethulwa ekuvuza kwemininingwane yolwazi yomsebenzisi. Isexwayiso sizophinde siboniswe lapho kuzanywa ukusebenzisa amaphasiwedi amancane afana ne- "abc123" (Izibalo ze-Google ezingama-23% zabantu baseMelika zisebenzisa lawa maphasiwedi), noma lapho basebenzisa iphasiwedi efanayo kumasayithi amaningi.
Ukugcina imfihlo, lapho ufinyelela i-API yangaphandle, ama-byte amabili okuqala we-hash adluliswa esuka ekuxhumekeni kusuka ekungeneni ngemvume ne-password (i-Argon2 algorithm isetshenziselwa i-hash). I-hashi ephelele ibethelwe ngokhiye owenziwe umsebenzisi.
Ama-hashes okuqala kudathabheyisi yeGoogle nawo abethelwe ngokungeziwe futhi kusala ama-byte amabili okuqala we-hash wokukhomba.
Ukuze uvikele ekutholeni okuqukethwe kwe-database yama-akhawunti afakwe engozini ngokufaka iziqalo ezingahleliwe, idatha ebuyisiwe ibethelwe ngokuhlobene nokhiye owenziwe ngokususelwa kusixhumanisi sokungena ngemvume ne-password esiqinisekisiwe.
Umthombo: https://security.googleblog.com