堆栈内存溢出
  简体   繁体   English

如何保护Java应用程序中的凭据

[英]How to secure the credentials in java application

 原文  2015-10-08 10:12:53       java/ rest

问题描述

In am searching for a way to secure the credentials that are used to communicate with other services. 在寻找一种方法来保护用于与其他服务通信的凭据。 I have stored all the credentials in property file and i am fetching it from that file which is not right way of doing. 我已将所有凭据存储在属性文件中,并且正在从该文件中获取它,这是不正确的方法。 One thing which i can do is store the credentials in encrypted format and fetch the encrypted value decrypt it to get the real value or use preferences to store these credentials. 我可以做的一件事是以加密格式存储凭据,并获取加密值,将其解密以获取真实值,或使用首选项来存储这些凭据。 Does any one have any better way of doing this. 有没有人有更好的方法做到这一点。

2 个解决方案

解决方案1
 2 已采纳  2015-10-08 10:26:41

Have a read into Java's support for key stores. 阅读Java对密钥库的支持。

http://docs.oracle.com/javase/7/docs/api/java/security/KeyStore.html https://www.digitalocean.com/community/tutorials/java-keytool-essentials-working-with-java-keystores http://docs.oracle.com/javase/7/docs/api/java/security/KeyStore.html https://www.digitalocean.com/community/tutorials/java-keytool-essentials-working-with-java -keystores

解决方案2
 1  2015-10-08 10:30:47

In a first simple approach, I think you could try hashing/digesting encryption, that is, you could use MD5, SHA1, SHA256, ... to obtain a digest that can't be unencrypted. 在第一种简单的方法中,我认为您可以尝试进行哈希/摘要加密,即可以使用MD5,SHA1,SHA256等来获得无法解密的摘要。

Then, when you want to check someone credentials, you must obtain a digest of credentials provided and check it against previously stored digest. 然后,当您要检查某人的凭据时,必须获取所提供凭据的摘要,并对照先前存储的摘要对其进行检查。

This a more secure way, it is relatively simple and you can keep using a file to store encrypted digests. 这是一种更安全的方法,相对简单,您可以继续使用文件来存储加密的摘要。

Here you are with a MD5 and/or SHA sample, that uses org.apache.commons.codec.digest.DigestUtils from Apache Commons Codec: 这里是MD5和/或SHA示例,该示例使用Apache Commons Codec中的org.apache.commons.codec.digest.DigestUtils 

String digestedSHA = DigestUtils.sha256Hex(clearPass);
String digestedMD5 = DigestUtils.md5Hex(clearPass);

It is easy and straightforward. 这很简单明了。 Of course there are more advanced options. 当然,还有更多高级选项。 Maybe you can start with this. 也许您可以从这里开始。

Hope it helps! 希望能帮助到你!

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何为基于客户端服务器的Java桌面应用程序保护数据库凭据 - How to secure Database Credentials for a client-server based Java Desktop Application 将凭证存储在Java中的安全库中 - Store credentials in secure library in java 如何在 Java Web 服务应用程序中保护 SQL 服务器凭证 - How To Secure SQL Server Credentials In Java Web Service Applicaiton 您将如何在Java中实现安全的静态登录凭据系统? - How would you implement a secure static login credentials system in Java? Java Swing窗口应用程序有多安全 - how much secure is Java Swing window application 如何保护我的Java Web应用程序? - How to secure my java web application? 创建安全的Java应用程序 - Creating secure java application Java安全应用程序关闭 - Java secure application closing 安全的Java应用程序数据库 - Secure Java Application Database 如何保护从Java表单应用程序登录SQL Server的密码 - How to secure password for SQL Server login from a java form application
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM