Spring Security 3哈希密码编码器
[英]Spring Security 3 Hash Password Encoders
问题描述
I have an application uses Spring Security 3 application. 
我有一个应用程序使用Spring Security 3应用程序。 There are some choices for hash: 哈希有一些选择:
<password-encoder hash="many options">
Which one is more secure one and what are the advantages/disadvantages of it over others? 哪一个是更安全的,它相对于另一个有什么优点/缺点?
1 个解决方案
解决方案1
1 已采纳 2011-09-11 16:56:27
Well this is not really a Spring question. 好吧,这实际上不是Spring问题。
You should opt for the most secure algorithm. 您应该选择最安全的算法。
For example you should avoid md4 since MD4 is insecure. 例如,由于MD4不安全,因此应避免使用md4 。
Also you should opt to sha-256 over md5 . 另外,您应该选择对md5 sha-256 。 These are actual options for the password-encoder element. 这些是password-encoder元素的实际选项。
{sha} if I recall is used along with LDAP stores. 如果我记得将{sha}与LDAP存储一起使用。
And of course you could inject your own implementation of password-encoder 当然,您可以注入自己的password-encoder
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.