Distributed app, password hash
Question
We have a distributed app and db table with users. Their passwords will be stored as hash values. App consists of win services,winforms, asp and java programs. One of the Java developers has a function that computes md5 hash for the string (with hardcoded key) and offers to use it everywhere else (which means importing java code to c# and multiplying over the apps that need it). Is that an ok idea? What would be your suggestions and what do people usually do in such cases?
PS We use Oracle db.
2 answers
solution1
1 2011-01-10 18:33:30
Md5 Doesn't really have a key, as it's a hash not an encryption. Md5 hashing is built in to both java and c#.
What code does any body need to write? It is at most a couple of lines in each implementation language...plus a handful of tests to check that everybody comes up with the same results, capitalisation etc.
solution2
1 ACCPTED 2011-01-10 18:37:52
you could have all the apps pass the password to the DB and have a stored procedure in the db that checks the given password against the stored hash.
There is a standard PL/SQL function for calculating hashes: DBMS_OBFUSCATION_TOOLKIT.MD5
You can find a more complete write up of this method here : http://www.oracle-base.com/articles/9i/StoringPasswordsInTheDatabase9i.php
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.