stackoom
  简体   繁体   中英

Securely storing WebDAV credentials in a database

 原文  2016-06-29 07:25:27       php/ security/ webdav

Question

I'm currently implementing a WebDAV FileBrowser (Backend is based on FlySystem) in a web page. Everything works but I'm not quite sure how to properly store the credentials of the users in the database (the goal is that the user only has to login on the portal (based on OpenID Connect, which isn't supported by our WebDAV solution)).

Storing them in plaintext is obviously no solution and storing them as an MD5 hash and using Digest Authentication doesn't work because of the nonce.

Any ideas?

1 answers

solution1
 0 ACCPTED  2016-06-29 21:47:40

You can and should store the a1md5 factor from the digest spec. This is a very secure form of hashing, and is compatible with Digest auth.

For java code that does this see Milton webdav 's DigestGenerator, where you would use the encodePasswordInA1Format method: 

public String encodePasswordInA1Format( String username, String realm, String password ) {
    String a1 = username + ":" + realm + ":" + password;
    String a1Md5 = DigestUtils.md5Hex( a1 );

    return a1Md5;
}

https://github.com/miltonio/milton2/blob/master/milton-server-ce/src/main/java/io/milton/http/http11/auth/DigestGenerator.java

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Storing Database Security Credentials in PHP Securely Storing values securely in mySQL Database Storing sensitive data securely in a database Securely storing user credentials in DB, for PHP web application Storing freshly created database credentials Securely storing database connection details. Why use .inc at all? Storing MS SQL Server credentials in a MySQL Database Securely storing private images Storing Scripts Securely Securely storing data
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM