我如何在java servlet中解密md5中的请求参数？ [英] How I can decrypt a request parameter in md5 in a java servlet ?

问题描述

你好朋友，



我有一个关于JSP页面和servlet的web应用程序。



我有一个带有密码输入的表单的jsp页面，但当我单击表单按钮时，我发送了

javascript函数中的表单元素，打开一个调用servlet的新窗口。



打开一个新窗口的javascript函数，将参数发送到servlet，但是这个参数可以在导航栏中查看，包括密码。



我使用MD5 javacript函数来加密我的密码并将其发送到sevlet，但我不知道如何从servlet端恢复我的密码。因为我从javascript端加密了我的密码，但是如何从我的servlet端恢复我的密码???



md5加密函数（javascript）是一个md5。我从网上下载的js图书馆。



请有人帮我吗？



提前致谢

Att：

Leonardo Ayala R.

Hello Friends,

I have a web aplication with JSP pages and servlets.

I have a jsp page with a form with a password input, but when I clicked in the form button I send
the form elements in javascript function that open a new window calling a servlet.

the javascript function that open a new window, send the parameters to the servlet, but this parameters can be view in the navigation bar including the password.

I use an MD5 javacript function to encrypt my password and sending it to the sevlet, but I dont know how I recover my password from the servlet side. Because I encrypt my password from javascript side, but how I recover my password from my servlet side???

the md5 encrypt function (javascript) is form a md5.js library that I download from internet.

Please Anyone can help me??

Thanks in advance
Att:
Leonardo Ayala R.

推荐答案

没有人应该恢复密码，否则它会击败密码中最重要的一个属性。密码永远不应该是可恢复的。如果密码丢失，则应创建一个全新的密码。我想说，密码恢复的主要目的是犯罪。验证时永远不需要原始形式的密码。此外，密码永远不会存储在任何地方，但密码的加密哈希可以合理的安全性存储。



请查看我过去的答案：

我已经加密了我的密码但是当我登录时给了我一个错误。如何解密 [ ^ ] ，

解密加密密码 [ ^ ]，

存储密码值int sql server with secure方式 [ ^ ]。



另请参阅问题评论中的讨论。 H. Brydon是对的：MD5绝对不能用于安全目的。

-SA

Nobody is supposed to "recover a password", otherwise it would defeat one of the most important properties of the passwords. Passwords should not be recoverable, ever. If a password is lost, a brand new one should be created. I would say, the major purpose of password recovery would be committing a crime. Passwords in their original form is never needed for authentication. Also, passwords are never stored anywhere, but the cryptographic hash of a password can be stored with reasonable security.

Please see my past answers:
i already encrypt my password but when i log in it gives me an error. how can decrypte it[^],
Decryption of Encrypted Password[^],
storing password value int sql server with secure way[^].

Please also see the discussion in the comments to the question. H. Brydon is right: MD5 should never be used for security purposes.

—SA

这篇关于我如何在java servlet中解密md5中的请求参数？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！