Index: ssts-datasync/src/main/java/com/forgon/disinfectsystem/verification/action/VerificationCodeAction.java
===================================================================
diff -u -r31653 -r34034
--- ssts-datasync/src/main/java/com/forgon/disinfectsystem/verification/action/VerificationCodeAction.java	(.../VerificationCodeAction.java)	(revision 31653)
+++ ssts-datasync/src/main/java/com/forgon/disinfectsystem/verification/action/VerificationCodeAction.java	(.../VerificationCodeAction.java)	(revision 34034)
@@ -1,18 +1,22 @@
 package com.forgon.disinfectsystem.verification.action;
 
 import java.util.List;
+
 import net.sf.json.JSONObject;
+
 import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.lang.StringUtils;
 import org.apache.struts2.convention.annotation.Action;
 import org.apache.struts2.convention.annotation.Namespace;
 import org.apache.struts2.convention.annotation.ParentPackage;
+
 import com.forgon.disinfectsystem.verification.service.VerificationCodeManager;
 import com.forgon.exception.SystemException;
 import com.forgon.security.model.User;
 import com.forgon.security.service.UserManager;
 import com.forgon.tools.StrutsParamUtils;
 import com.forgon.tools.StrutsResponseUtils;
+import com.forgon.tools.crypto.rsa.RSAEncrypt;
 import com.forgon.tools.json.JSONUtil;
 
 /**
@@ -105,8 +109,12 @@
 		String newPassword = StrutsParamUtils.getPraramValue("newPassword", "");
 		JSONObject result = JSONUtil.buildJsonObject(true, "密码修改成功！");
 		try {
+			//对用户名、密码进行rsa解密
+			loginName = RSAEncrypt.decrypt(loginName);
+			newPassword = RSAEncrypt.decrypt(newPassword);
 			verificationCodeManager.modifyPassword(loginName, newPassword);
 		} catch (Exception e) {
+			e.printStackTrace();
 			result = JSONUtil.buildJsonObject(false, e.getMessage());
 		}
 		StrutsResponseUtils.output(result);
Index: ssts-web/src/main/webapp/logon.jsp
===================================================================
diff -u -r31643 -r34034
--- ssts-web/src/main/webapp/logon.jsp	(.../logon.jsp)	(revision 31643)
+++ ssts-web/src/main/webapp/logon.jsp	(.../logon.jsp)	(revision 34034)
@@ -444,13 +444,19 @@
 		alert(checkPasswordResult.msg);
 		return false;
 	}
+	//对用户名、密码进行rsa加密
+	var publicKey = "<%=logonRSAPublicKey %>";
+    var encrypt = new JSEncrypt();
+    encrypt.setPublicKey(publicKey);
+    var encryptedUserName = encrypt.encrypt(userName);
+    var encryptedPassword = encrypt.encrypt(confirmPwd);
 	$.ajax({
 	    type:'post',
 	    dataType:'json',
         url :  '${ctx}/disinfectSystem/verification/verificationCodeAction!modifyPassword.do',
 		data:{
-			'loginName':userName,
-			'newPassword':confirmPwd
+			'loginName':encryptedUserName,
+			'newPassword':encryptedPassword
 		},
         success : function(result) {
        		if(result.success){