将WebDAV凭据安全地存储在数据库中
[英]Securely storing WebDAV credentials in a database
问题描述
I'm currently implementing a WebDAV FileBrowser (Backend is based on FlySystem) in a web page. 
我目前正在网页中实现WebDAV FileBrowser(后端基于FlySystem)。 Everything works but I'm not quite sure how to properly store the credentials of the users in the database (the goal is that the user only has to login on the portal (based on OpenID Connect, which isn't supported by our WebDAV solution)). 一切正常,但是我不太确定如何在数据库中正确存储用户的凭据(目标是用户只需要登录门户即可(基于OpenID Connect,我们的WebDAV解决方案不支持此功能) ))。
Storing them in plaintext is obviously no solution and storing them as an MD5 hash and using Digest Authentication doesn't work because of the nonce. 将它们以纯文本格式存储显然不是解决方案,并且将它们存储为MD5哈希,并且由于现时的原因,因此无法使用摘要式身份验证。
Any ideas? 有任何想法吗?
1 个解决方案
解决方案1
0 已采纳 2016-06-29 21:47:40
You can and should store the a1md5 factor from the digest spec. 您可以并且应该存储摘要规范中的a1md5因子。 This is a very secure form of hashing, and is compatible with Digest auth. 这是一种非常安全的哈希形式,并且与摘要身份验证兼容。
For java code that does this see Milton webdav 's DigestGenerator, where you would use the encodePasswordInA1Format method: 有关执行此操作的Java代码,请参见Milton webdav的DigestGenerator,在此处应使用encodePasswordInA1Format方法:
public String encodePasswordInA1Format( String username, String realm, String password ) {
String a1 = username + ":" + realm + ":" + password;
String a1Md5 = DigestUtils.md5Hex( a1 );
return a1Md5;
}
https://github.com/miltonio/milton2/blob/master/milton-server-ce/src/main/java/io/milton/http/http11/auth/DigestGenerator.java https://github.com/miltonio/milton2/blob/master/milton-server-ce/src/main/java/io/milton/http/http11/auth/DigestGenerator.java
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.