我如何在java servlet中解密md5中的请求参数? [英] How I can decrypt a request parameter in md5 in a java servlet ?
问题描述
你好朋友,
我有一个关于JSP页面和servlet的web应用程序。
我有一个带有密码输入的表单的jsp页面,但当我单击表单按钮时,我发送了
javascript函数中的表单元素,打开一个调用servlet的新窗口。
打开一个新窗口的javascript函数,将参数发送到servlet,但是这个参数可以在导航栏中查看,包括密码。
我使用MD5 javacript函数来加密我的密码并将其发送到sevlet,但我不知道如何从servlet端恢复我的密码。因为我从javascript端加密了我的密码,但是如何从我的servlet端恢复我的密码???
md5加密函数(javascript)是一个md5。我从网上下载的js图书馆。
请有人帮我吗?
提前致谢
Att:
Leonardo Ayala R.
Hello Friends,
I have a web aplication with JSP pages and servlets.
I have a jsp page with a form with a password input, but when I clicked in the form button I send
the form elements in javascript function that open a new window calling a servlet.
the javascript function that open a new window, send the parameters to the servlet, but this parameters can be view in the navigation bar including the password.
I use an MD5 javacript function to encrypt my password and sending it to the sevlet, but I dont know how I recover my password from the servlet side. Because I encrypt my password from javascript side, but how I recover my password from my servlet side???
the md5 encrypt function (javascript) is form a md5.js library that I download from internet.
Please Anyone can help me??
Thanks in advance
Att:
Leonardo Ayala R.
推荐答案
没有人应该恢复密码,否则它会击败密码中最重要的一个属性。密码永远不应该是可恢复的。如果密码丢失,则应创建一个全新的密码。我想说,密码恢复的主要目的是犯罪。验证时永远不需要原始形式的密码。此外,密码永远不会存储在任何地方,但密码的加密哈希可以合理的安全性存储。
请查看我过去的答案:
我已经加密了我的密码但是当我登录时给了我一个错误。如何解密 [ ^ ] ,
解密加密密码 [ ^ ],
存储密码值int sql server with secure方式 [ ^ ]。
另请参阅问题评论中的讨论。 H. Brydon是对的:MD5绝对不能用于安全目的。
-SA
Nobody is supposed to "recover a password", otherwise it would defeat one of the most important properties of the passwords. Passwords should not be recoverable, ever. If a password is lost, a brand new one should be created. I would say, the major purpose of password recovery would be committing a crime. Passwords in their original form is never needed for authentication. Also, passwords are never stored anywhere, but the cryptographic hash of a password can be stored with reasonable security.
Please see my past answers:
i already encrypt my password but when i log in it gives me an error. how can decrypte it[^],
Decryption of Encrypted Password[^],
storing password value int sql server with secure way[^].
Please also see the discussion in the comments to the question. H. Brydon is right: MD5 should never be used for security purposes.
—SA
这篇关于我如何在java servlet中解密md5中的请求参数?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!