在Silverstripe 3.1中存储敏感数据 [英] Store sensitiv data in Silverstripe 3.1

问题描述

我想在Silverstripe的数据对象中存储敏感信息(主要是密码). 数据需要以加密方式存储在数据库中.如果我在模板中调用此字段，则需要解密数据.

I want to store sensitive informations (mainly passwords) in a dataobject in silverstripe. The Data need to be stored crypted in the database. If i call this field in my template, I need the data decrypted.

但是我不知道该怎么做. 有人可以指出我正确的方向吗?

But I don't know how to do this. Can someone point me in the right direction?

谢谢！

推荐答案

您可以做的是创建一个Password DataObject，其中Member对象与Password对象具有一对多的关系.您可以使用具有2种php加密功能的已登录会员的密码来加密和解密密码.

What you could do is create a Password DataObject with the Member object having a one to many relationship to the Password object. You can use the salt of the logged in Member with a 2 way php encrypt function to encrypt and decrypt a password.

此示例代码使用带有成员salt的php mcrypt来加密和解密密码.

This example code uses php mcrypt with the member salt to encrypt and decrypt the password.

密码类具有描述，URL，用户名和密码.它包含一个使用给定密钥加密给定字符串的函数.它还包含一个解密功能，可使用连接的salt成员对存储的密码进行解密.

The password class has a description, a url, username, and password. It contains a function to encrypt a given string using a given key. It also contains a decrypt function to decrypt the stored password using the connected member salt.

密码类别

<?php
class Password extends DataObject
{
    static $db = array (
        'Description' => 'Text', 
        'URL' => 'Text', 
        'Username' => 'Text', 
        'Password' => 'Text'
    );

    static $has_one = array (
        'Member' => 'Member'
    );

    public function decryptedPassword() {
        return rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($this->Member()->Salt), base64_decode($this->Password), MCRYPT_MODE_CBC, md5(md5($this->Member()->Salt))), "\0");
    }

    public function encryptPassword($key, $password) {
        return base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($key), $password, MCRYPT_MODE_CBC, md5(md5($key))));
    }

}

我们需要扩展Member对象，使其与Password对象具有has_many关系:

We need to extend the Member object to have a has_many relationship with the Password object:

MemberPasswordListExtension

<?php
class MemberPasswordListExtension extends DataExtension {

    private static $has_many = array(
        'Passwords' => 'Password'
    );
}

在配置中需要添加扩展名:

This is needed in your config to add the extension:

_config.php

...
Member::add_extension('Member', 'MemberPasswordListExtension');
...

以下是添加密码的表格.提交后，我们使用成员salt和Password类中的crypto函数对密码进行加密.

The following is a form to add a password. On submission we encrypt the password using the member salt and the encrypt function from the Password class.

Page_Controller

...

public function AddPasswordForm() {
    // Create fields
    $fields = new FieldList(
        new TextField('Description'),
        new TextField('URL'),
        new TextField('Username'),
        new TextField('Password')
    );

    // Create actions
    $actions = new FieldList(
        new FormAction('AddPassword', 'Submit')
    );

    return new Form($this, 'AddPasswordForm', $fields, $actions);
}

public function AddPassword($data, $form) {
    if($member = Member::currentUser()) {
        $password = new Password();
        $form->saveInto($password);
        $password->MemberID = $member->ID;
        $password->Password = $password->encryptPassword($member->Salt, $password->Password);
        $password->write();
    }
    return $this->redirectBack();
}

...

在页面模板中，我们调用表单并循环浏览此用户下保存的密码.我们显示用户名，加密的密码和解密的密码，只是为了向我们展示它已经起作用:

In the page template we call the Form and loop through the passwords saved under this user. We display the username, the encrypted password and the decrypted password, just to show us this has worked:

Page.ss模板

...

<% if $CurrentMember %>
$AddPasswordForm
<% end_if %>

<% with $CurrentMember %>
<h3>Passwords</h3>
<% if $Passwords %>
<ul>
<% loop $Passwords %>
    <li>$Username $Password $DecryptedPassword</li>
<% end_loop %>
</ul>
<% else %>
<p>No passwords saved</p>
<% end_if %>
<% end_with %>

...

这应该为您提供所需的基础，并且您应该能够根据需要进行更改.

This should give you a base for what you want to do, and you should be able to change it to your needs.

加密方法是从以下stackoverflow答案中获取的: 使用PHP进行的简单双向加密

The encryption method was taken from this stackoverflow answer: Simplest two-way encryption using PHP

您可以根据需要轻松地用其余的代码替换其他加密/解密方法.

You could easily substitute a different encrypt/decrypt method with the rest of this code as you desire.

这篇关于在Silverstripe 3.1中存储敏感数据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！