这是安全的吗? [英] Is this secure
本文介绍了这是安全的吗?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我MD5加密我的数据库的用户表中的密码。我有一个全局的
应用程序对象(在global.aspx中启动),其中包含一些
静态成员(用于在线计算用户等)。因为MD5加密
算法用于创建新用户,并且在用户登录时,我认为将它放在共享位置。如果我把它作为公共静态方法放在全局对象中,会不会有任何安全风险?b $ b风险?或者这是个坏主意吗?
Paul
I MD5 encrypt passwords in a user table of my database. I have a global
application object (initiated in global.aspx) which contains a few
static members (for counting users online etc). because the MD5 encrypt
algorithm is used on creation of a new user, and on login of a user, I
considered putting it in a shared place. Would there be any security
risk if I put it as a public static method in the global object? Or is
this a bad idea?
Paul
推荐答案
我看不出有什么原因会造成安全风险。
-
HTH,
>
凯文斯宾塞
微软MVP
专业Numbskull
努力工作是一种药物
没有安慰剂。
< Ge ********** @ gmail.com>在留言中写道
news:11 ********************** @ u72g2000cwu.googlegr oups.com ...
I can''t see any reason why it would be a security risk.
--
HTH,
Kevin Spencer
Microsoft MVP
Professional Numbskull
Hard work is a medication for which
there is no placebo.
<Ge**********@gmail.com> wrote in message
news:11**********************@u72g2000cwu.googlegr oups.com...
我MD5加密我的数据库的用户表中的密码。我有一个全局的
应用程序对象(在global.aspx中启动),其中包含一些静态成员(用于在线计算用户等)。因为MD5加密算法用于创建新用户,并且在用户登录时,我认为将其放在共享位置。如果我把它作为公共静态方法放在全局对象中,会有任何安全风险吗?或者这是一个坏主意?
保罗
I MD5 encrypt passwords in a user table of my database. I have a global
application object (initiated in global.aspx) which contains a few
static members (for counting users online etc). because the MD5 encrypt
algorithm is used on creation of a new user, and on login of a user, I
considered putting it in a shared place. Would there be any security
risk if I put it as a public static method in the global object? Or is
this a bad idea?
Paul
如果你的记忆被劫持怎么办?你可能会说什么?
问这个问题为什么微软创建System.Security.SecureString()
会话可以被劫持等......
>
将对象保持为移动内存目标。让它变得更加困难。
SA
< Ge ********** @ gmail.com>在留言中写道
news:11 ********************** @ u72g2000cwu.googlegr oups.com ...
what if your memory gets hijacked? You might say what?
Ask this question why did Microsoft create System.Security.SecureString()
Sessions can by hijacked etc...
Keep your objects a moving memory target. just make it more difficult.
SA
<Ge**********@gmail.com> wrote in message
news:11**********************@u72g2000cwu.googlegr oups.com...
我MD5加密我的数据库的用户表中的密码。我有一个全局的
应用程序对象(在global.aspx中启动),其中包含一些静态成员(用于在线计算用户等)。因为MD5加密算法用于创建新用户,并且在用户登录时,我认为将其放在共享位置。如果我把它作为公共静态方法放在全局对象中,会有任何安全风险吗?或者这是一个坏主意吗?
保罗
I MD5 encrypt passwords in a user table of my database. I have a global
application object (initiated in global.aspx) which contains a few
static members (for counting users online etc). because the MD5 encrypt
algorithm is used on creation of a new user, and on login of a user, I
considered putting it in a shared place. Would there be any security
risk if I put it as a public static method in the global object? Or is
this a bad idea?
Paul
加密函数不包含任何敏感内容这样。它是
接受一个字符串,MD5加密它,并返回加密的字符串。是否
你说持久性对象,例如在应用程序启动时启动的对象,是否存在潜在的安全风险?此外,一旦我对用户进行身份验证,
我存储了他们在会话中创建的对象中进行身份验证的事实
start - 没有任何信息,只有他们的角色,用户名并且
isLoggedIn = true等。这样做有误吗?如果是这样的话,那将是一个什么样的保证用户成功记录知识的安全方式
in?
paul
The encrypt function wouldn''t contain anything sensitive as such. It
takes a string, MD5 encrypts it, and returns the encrypted string. Are
you saying persistent objects, such as ones initiated at application
start, are a potential security risk? Also, once I authenticate a user,
I store the fact they are authenticated in an object created at session
start - no sesntive information is there, just their role, username and
isLoggedIn = true etc. Is this wrong to do? If so, what would be a
secure way of maintaining the knowledge a user has successfully logged
in?
paul
这篇关于这是安全的吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文