这是安全的吗？ [英] Is this secure

问题描述

我MD5加密我的数据库的用户表中的密码。我有一个全局的

应用程序对象（在global.aspx中启动），其中包含一些

静态成员（用于在线计算用户等）。因为MD5加密

算法用于创建新用户，并且在用户登录时，我认为将它放在共享位置。如果我把它作为公共静态方法放在全局对象中，会不会有任何安全风险？b $ b风险？或者这是个坏主意吗？


Paul

I MD5 encrypt passwords in a user table of my database. I have a global
application object (initiated in global.aspx) which contains a few
static members (for counting users online etc). because the MD5 encrypt
algorithm is used on creation of a new user, and on login of a user, I
considered putting it in a shared place. Would there be any security
risk if I put it as a public static method in the global object? Or is
this a bad idea?

Paul

推荐答案

我看不出有什么原因会造成安全风险。


-

HTH，

凯文斯宾塞

微软MVP

专业Numbskull


努力工作是一种药物

没有安慰剂。


< Ge ********** @ gmail.com>在留言中写道

news：11 ********************** @ u72g2000cwu.googlegr oups.com ...

I can''t see any reason why it would be a security risk.

--
HTH,

Kevin Spencer
Microsoft MVP
Professional Numbskull

Hard work is a medication for which
there is no placebo.

<Ge**********@gmail.com> wrote in message
news:11**********************@u72g2000cwu.googlegr oups.com...

我MD5加密我的数据库的用户表中的密码。我有一个全局的
应用程序对象（在global.aspx中启动），其中包含一些静态成员（用于在线计算用户等）。因为MD5加密算法用于创建新用户，并且在用户登录时，我认为将其放在共享位置。如果我把它作为公共静态方法放在全局对象中，会有任何安全风险吗？或者这是一个坏主意？

保罗

I MD5 encrypt passwords in a user table of my database. I have a global
application object (initiated in global.aspx) which contains a few
static members (for counting users online etc). because the MD5 encrypt
algorithm is used on creation of a new user, and on login of a user, I
considered putting it in a shared place. Would there be any security
risk if I put it as a public static method in the global object? Or is
this a bad idea?

Paul

如果你的记忆被劫持怎么办？你可能会说什么？

问这个问题为什么微软创建System.Security.SecureString（）

会话可以被劫持等......

将对象保持为移动内存目标。让它变得更加困难。


SA

< Ge ********** @ gmail.com>在留言中写道

news：11 ********************** @ u72g2000cwu.googlegr oups.com ...

what if your memory gets hijacked? You might say what?
Ask this question why did Microsoft create System.Security.SecureString()
Sessions can by hijacked etc...

Keep your objects a moving memory target. just make it more difficult.

SA
<Ge**********@gmail.com> wrote in message
news:11**********************@u72g2000cwu.googlegr oups.com...

我MD5加密我的数据库的用户表中的密码。我有一个全局的
应用程序对象（在global.aspx中启动），其中包含一些静态成员（用于在线计算用户等）。因为MD5加密算法用于创建新用户，并且在用户登录时，我认为将其放在共享位置。如果我把它作为公共静态方法放在全局对象中，会有任何安全风险吗？或者这是一个坏主意吗？

保罗

I MD5 encrypt passwords in a user table of my database. I have a global
application object (initiated in global.aspx) which contains a few
static members (for counting users online etc). because the MD5 encrypt
algorithm is used on creation of a new user, and on login of a user, I
considered putting it in a shared place. Would there be any security
risk if I put it as a public static method in the global object? Or is
this a bad idea?

Paul

加密函数不包含任何敏感内容这样。它是
接受一个字符串，MD5加密它，并返回加密的字符串。是否

你说持久性对象，例如在应用程序启动时启动的对象，是否存在潜在的安全风险？此外，一旦我对用户进行身份验证，

我存储了他们在会话中创建的对象中进行身份验证的事实

start - 没有任何信息，只有他们的角色，用户名并且

isLoggedIn = true等。这样做有误吗？如果是这样的话，那将是一个什么样的保证用户成功记录知识的安全方式

in？


paul

The encrypt function wouldn''t contain anything sensitive as such. It
takes a string, MD5 encrypts it, and returns the encrypted string. Are
you saying persistent objects, such as ones initiated at application
start, are a potential security risk? Also, once I authenticate a user,
I store the fact they are authenticated in an object created at session
start - no sesntive information is there, just their role, username and
isLoggedIn = true etc. Is this wrong to do? If so, what would be a
secure way of maintaining the knowledge a user has successfully logged
in?

paul

这篇关于这是安全的吗？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！