密码加密，会话中存储密码 [英] Password Encryption , storing password in session

问题描述

我需要存储密码并再次使用。我觉得这不是安全的。

场景：

我想创建一个网络邮件程序，用户登录用户名和密码，然后检查他们的电子邮件。此工具不打算在db上存储密码。但是在PHP中，我们需要连接到用户导航到的每个页面中的邮件服务器。因此，需要用户名和密码才能连接到邮件服务器。如何以最安全的方式进行？

解决方案

由于存储密码而且还需要重新输入密码多次是不可取的，唯一的解决方案是这样的：

• 加密密码（使用例如AES）具有足够长度的随机密钥


• 将加密的密码和用户名存储在会话中


• 加密用户名可能是错误的和邮件服务器，以防万一。它不会受伤，而假定的攻击者在服务器上没有已知的用户名。


• 将加密密钥存储在cookie中

这不是完美的，但它应该工作得很好，它可能是一个很好的权衡，你可以得到。

对于每个请求，用户的浏览器将发送cookie，PHP脚本可以使用cookie解密存储在会话中的数据，并在IMAP / POP服务器上执行请求。

有人利用您的服务器并访问会话存储将能够窃取加密的密码，但如果随机密钥的长度和随机质量很好，这是非常无效的。

关键是，你只能用一个你不知道的秘密来确保某些的安全。如果您有必要的信息来解密服务器上的一些信息（在这种情况下为IMAP密码），例如在会话存储中，那么利用服务器的每个人都可以这样做。无论你的加密程度如何，它没有任何区别。

确保秘密保密的唯一方法是使用不知道的东西进行加密只有用户（或在这种情况下是用户的浏览器）知道的东西。

这导致了无法解决的问题，在某个时间点，你显然有要知道，至少要几分之一秒。这是接收cookie的Web服务器和退出的PHP脚本之间的时间。在理论上，如果有人访问root的人在那段时间里读过程记忆，他也会知道这个秘密。但是唉，这是你真的无法阻止的。

只要信息永远不会存储在任何地方（甚至在会话中），那么应该是相当安全的。

当然，所有这些都假定至少您网站上的登录页面（最好是所有）通过 https：// ，并且您使用TLS / SSL与邮件服务器进行通信。否则，你可以进行更多的微不足道的攻击。<​​/ p>

I am in need of storing password and use it again. I think this is not at all safe.

Scenario:

I want to create a webmail program where user login with username and password, then check their emails. This tool does not intend to store passwords on db. But in PHP we need to connect to the mail server in each page the user navigates to. So username and password is needed to connect to mail server. How can this be done in the safest way?

解决方案

Since storing the password is not intended, but also having to re-enter the password many times is not desirable either, the only solution I see is this:

• Encrypt the password (using e.g. AES) with a random key of sufficient length
• Store the encrypted password and username in the session
• It's probably no mistake to encrypt the username and mail server too, just in case. It won't hurt, and a presumed attacker doesn't have a known username on a server.
• Store the encryption key in a cookie

This is not perfect, but it should work reasonably well, and it is probably as good of a trade-off as you can get.

With each request, the user's browser will send the cookie, the PHP script can use the cookie to decrypt the data stored in the session and do a request on the IMAP/POP server.

Someone exploiting your server and gaining access to the session store will be able to steal encrypted passwords, but if your random keys are of sufficient length and good random quality, this is pretty futile.

The point is, you can only really secure something with a secret that you don't know. If you have the necessary information to decrypt some information (IMAP password in this case) on your server, for example in the session store, everyone exploiting your server can do the same. No matter how strong your encryption is, it doesn't make any difference.
The only way to make sure secrets remain secret is by encrypting them with something you don't know, something only the user (or in this case the user's browser) knows.

Which leads to the unsolvable problem that at some point in time, you obviously have to know, at least for a fraction of a second. That's the time between the web server receiving the cookie and the PHP script exiting. In theory, if someone with root access was reading the process memory during that time, he would know the secret, too. But alas, that is something you really cannot prevent.
As long as the information is never stored anywhere (not even in the session) it should be reasonably safe, though.

Of course all of this assumes that at least the login page on your site (preferrably all) is served via https://, and you use TLS/SSL to communicate with the mail servers. Otherwise, you're open to much more trivial attacks.

这篇关于密码加密，会话中存储密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！