堆栈内存溢出
  简体   繁体   English

如何在数据库中安全存储Java应用程序密码

[英]how to store java application password safely in database

 原文  2019-07-02 12:35:34       java/ database/ passwords

问题描述

I have java application that connects to other tools via API. 我有通过API连接到其他工具的Java应用程序。 currently all password are stored locally in the application. 当前,所有密码都存储在应用程序本地。

I want to store them safely in database, hash password within database and decrypt when I retrieve passwords at run time. 我想将它们安全地存储在数据库中,哈希数据库中的密码,并在运行时检索密码时解密。 is this the best approach ? 这是最好的方法吗?

thanks 谢谢

4 个解决方案

解决方案1
 0  2019-07-02 12:45:11

您可以使用非对称密码术或其他任何方法安全地存储在数据库中

解决方案2
 0  2019-07-02 12:49:14

I would create a Spring-Boot Application. 我将创建一个Spring-Boot应用程序。 Spring uses a BCryptEncoder /-decoder to store passwords in a database in a secure way. Spring使用BCryptEncoder / -decoder以安全的方式将密码存储在数据库中。

If you don`t want to use Spring maybe the following link can help you. 如果您不想使用Spring,那么以下链接可以为您提供帮助。

https://www.stubbornjava.com/posts/hashing-passwords-in-java-with-bcrypt https://www.stubbornjava.com/posts/hashing-passwords-in-java-with-bcrypt

解决方案3
 0  2019-07-02 13:17:49

Another alternative if only administrators have access to the server the application is running on is to provide the secrets (passwords) as environment variables. 如果只有管理员有权访问正在运行应用程序的服务器,则另一种选择是将机密信息(密码)作为环境变量提供。

The most basic way of accessing these is System.getEnv(String envKey) . 访问它们的最基本方法是System.getEnv(String envKey) For example: 例如:

export SOME_ENV_VARIABLE="your secret"; java -jar yourapplication.jar export SOME_ENV_VARIABLE="your secret"; java -jar yourapplication.jar ; export SOME_ENV_VARIABLE="your secret"; java -jar yourapplication.jar ;

If you're using AWS or something similar they often have tools for storing these secrets in a secure way. 如果您使用的是AWS或类似工具,则它们通常具有用于以安全方式存储这些机密的工具。

解决方案4
 0 已采纳  2019-07-05 16:22:52

You can use cryptographic hashing for storing password. 您可以使用加密哈希来存储密码。

https://auth0.com/blog/hashing-passwords-one-way-road-to-security/ https://auth0.com/blog/hashing-passwords-one-way-road-to-security/

If you want additional security then you can add salt to hashing. 如果您需要额外的安全性,则可以在哈希中添加盐。

https://auth0.com/blog/adding-salt-to-hashing-a-better-way-to-store-passwords/ https://auth0.com/blog/adding-salt-to-hashing-a-better-way-to-store-passwords/

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何安全地存储加密密码 - How to store crypto password safely Java将个人数据安全地存储在分布式应用程序中 - Java Safely Store Personal Data in Distributed Application 在 java 桌面应用程序中安全地存储数据库密码的位置 - Where to store database password secure in java desktop application 如何以及在何处存储 Java 桌面应用程序的主密码 - How and where to store master password for a Java desktop application 如何在java中安全地存储用户密码以在整个应用程序中重复使用 - How to securely store a user password in java for reuse throughout application 如何在数据库中存储加密的密码? - How to store password encrypted in database? 如何将哈希密码存储在数据库中? - How to store hashed password in database? 从应用程序更改和存储Java Mail密码 - Changing and store Java Mail password from application 如何安全地在Android上存储密码? - How to safely store passwords on Android? 如何使用Java在ldap服务器中存储密码 - How to store password in ldap server using java
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM