堆栈内存溢出
  简体   繁体   English

如何在数据库中存储加密的密码?

[英]How to store password encrypted in database?

 原文  2011-03-15 10:00:35       java/ database/ encryption

问题描述

I am trying to store the password into the database in the encrypted form with the help of JSP and Servlets. 我试图在JSP和Servlets的帮助下以加密的形式将密码存储到数据库中。 How I can do that? 我怎么能这样做?

3 个解决方案

解决方案1
 8  2011-12-28 08:38:04

Self-written algorithms are a security risk, and painful to maintain. 自编算法存在安全风险,维护起来很痛苦。
MD5 is not secure . MD5 不安全

Use the bcrypt algorithm, provided by jBcrypt (open source): 使用jBcrypt提供的bcrypt算法(开源): 

// Hash a password
String hashed = BCrypt.hashpw(password, BCrypt.gensalt());

// Check that an unencrypted password matches or not
if (BCrypt.checkpw(candidate, hashed))
    System.out.println("It matches");
else
    System.out.println("It does not match");

If you use Maven, you can get the library by inserting the following dependency in your pom.xml (if a newer version is available please let me know) : 如果您使用Maven,可以通过在pom.xml中插入以下依赖项来获取库(如果有更新的版本可以请告诉我) 

<dependency>
    <groupId>de.svenkubiak</groupId>
    <artifactId>jBCrypt</artifactId>
    <version>0.4.1</version>
</dependency>

解决方案2
 0  2011-03-15 10:06:45

Try something like this to encrypt your data. 尝试这样的方法来加密您的数据。 

MessageDigest md = MessageDigest.getInstance("MD5");


......


synchronized (md) {

md.reset(); 
byte[] hash = md.digest(plainTextPassword.getBytes("CP1252"));

StringBuffer sb = new StringBuffer();
for (int i = 0; i < hash.length; ++i) {
sb.append(Integer.toHexString((hash[i] & 0xFF) | 0x100).toUpperCase().substring(1, 3));
}

String password = sb.toString();
}

解决方案3
 -1  2011-03-15 11:09:43

You can also use something like below. 你也可以使用下面的东西。 Below is a crypt method which takes a string input and will return and encrypted string. 下面是一个crypt方法,它接受一个字符串输入并返回并加密字符串。 You can pass password to this method. 您可以将密码传递给此方法。 

public static String crypt(String str) {
    if (str == null || str.length() == 0) {
        throw new IllegalArgumentException(
                "String to encrypt cannot be null or zero length");
    }

    StringBuffer hexString = new StringBuffer();

    try {
        MessageDigest md = MessageDigest.getInstance("MD5");
        md.update(str.getBytes());
        byte[] hash = md.digest();

        for (int i = 0; i < hash.length; i++) {
            if ((0xff & hash[i]) < 0x10) {
                hexString.append("0"
                        + Integer.toHexString((0xFF & hash[i])));
            } else {
                hexString.append(Integer.toHexString(0xFF & hash[i]));
            }
        }
    } catch (NoSuchAlgorithmException e) {

    }

    return hexString.toString();
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在Spring的属性文件中存储加密的密码 - How to store password as encrypted in properties file in Spring 加密的数据库密码MongoDb - encrypted database password MongoDb 登录时如何将原始密码与数据库中的加密密码条目匹配 - How to match original password with encrypted password entry in database on login 如何将UCanAccess连接到使用数据库密码加密的Access数据库? - How to connect UCanAccess to an Access database encrypted with a database password? 如何将哈希密码存储在数据库中? - How to store hashed password in database? HSQLDB 为加密数据库重置密码 - HSQLDB reset password for encrypted database 如何通过DataSourceBuilder将Jasypt加密密码传递给数据库 - How to pass jasypt encrypted password to database through DataSourceBuilder 将加密的密码存储在mysql中并在获取时解密 - Store encrypted password in mysql and decrypt while fetching 如何在数据库中安全存储Java应用程序密码 - how to store java application password safely in database 无法在数据库中使用 BCryptPassword 保存加密密码 - Unable to save an encrypted password with BCryptPassword in database
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM