堆栈内存溢出
  简体   繁体   English

如何以标准方式实现身份验证?

[英]How to implement authentication in Standard way?

 原文  2014-12-23 11:17:32       java/ passwords/ password-encryption/ jasypt

问题描述

I am trying to develop a user authentication for my project. 我正在尝试为我的项目开发用户身份验证。 To realize this I have created a table have two columns having username and password. 为了实现这一点,我创建了一个表,该表有两列,分别包含用户名和密码。 The username is stored as it is, where as the password is encrypted using jasypt. 用户名按原样存储,使用jasypt加密密码。

ie The password entered by the user during registration is encrypted using a encryption key and then placed in the corresponding column. 即,用户在注册过程中输入的密码使用加密密钥加密,然后放在相应的列中。

When the user wants to logging to the application, the program fetch the encrypted password of the same user, the password is decrypted using the same encryption key. 当用户想要登录到应用程序时,程序将获取同一用户的加密密码,然后使用相同的加密密钥对密码进行解密。

then the decrypted password is then matched with the one that is entered. 然后将解密后的密码与输入的密码进行匹配。

Is this the right way of implementing? 这是正确的实施方式吗?

I did even found out that there are other ways to implement key and value pair. 我什至发现,还有其他方法可以实现键值对。 But I was not able to understand that. 但是我无法理解。 Kindly help with the resource. 请帮助该资源。 Or some brief explanation 或一些简短的解释

2 个解决方案

解决方案1
 0 已采纳  2014-12-23 12:10:23

sounds correct :) why change something that's already works? 听起来是正确的:)为什么要更改已经起作用的东西? :) the are no perfect security but you did good afford and the are others methods to it but i see no problem with yours(no need for another encrypt). :)并不是完美的安全性,但是您负担得起,还有其他方法,但是我认为您的没有问题(不需要其他加密)。

Android: Encrypt password Android:加密密码

http://nelenkov.blogspot.co.il/2012/04/using-password-based-encryption-on.html http://nelenkov.blogspot.co.il/2012/04/using-password-based-encryption-on.html

http://security.blogoverflow.com/2013/09/about-secure-password-hashing/ http://security.blogoverflow.com/2013/09/about-secure-password-hashing/

no need for another info ;) 不需要其他信息;)

解决方案2
 0  2014-12-23 12:32:29

The problem of your method is you must take good care of the security of encryption key 您的方法的问题是您必须注意加密密钥的安全性

This is a mormal way for websites or applications authentication: 这是网站或应用程序身份验证的一种常见方式:

During registration use hash algorithm (MD5 is popular before but proved to be unsafe now) to encrypt the password+salt, where salt is a random string. 在注册过程中,使用哈希算法(以前很流行MD5,但现在证明不安全)对密码+盐进行加密,其中salt是随机字符串。 Then store hash value and salt with username. 然后使用用户名存储哈希值和盐。

When a user wants to log in and enter username and password, first add the salt to password and use the same hash algorithm to encrypt it. 当用户想要登录并输入用户名和密码时,首先将盐添加到密码中并使用相同的哈希算法对其进行加密。 Then see if the result matches stored hash value. 然后查看结果是否与存储的哈希值匹配。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何以标准方式在Play Framework中实现JPA - How to implement JPA in Play Framework in a standard way 在Java中跨类实现Logger的标准方法? - Standard way to implement a Logger across classes in Java? 是否有与服务器无关的方式来实现BASIC身份验证? - Is there a server agnostic way to implement BASIC Authentication? Java Spring实现用户身份验证的常用方法 - Java Spring common way to implement user authentication 如何使用Glassfish实现基本身份验证? - How to implement basic authentication with Glassfish? JWT 认证:如何实现注销? - JWT authentication: How to implement logout? 以下反射语言功能和标准实现方式是否有名称? - Is there a name for the following reflection language feature and standard way to implement? 我如何实现自定义身份验证? - How I can implement a custom authentication? 如何实现加密的Android登录验证? - How to implement encrypted Android login authentication? 如何在Spring Boot中实现基本身份验证? - How to implement basic authentication in Spring boot?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM