如何设置密码和用户名限制？ [英] How Do I Make Password And Username Restriction?

问题描述

如何为其他用户限制密码和用户名？

how do i make password and username restricted for other users?

推荐答案

首先，您不希望限制密码与其他用户相同 因为它提供了关于其他用户密码内容的信息 ：至少有一个用户正在使用该密码。那是一个很好的安全漏洞，就在那里。



其次，不应该检查密码，因为你应该存储它们而不是文本 - 文本密码是一个巨大的安全问题 - 来自两个不同用户的两个相同密码的哈希值不应该是相同的！



一定要检查用户名：那太微不足道了！在允许新用户在您的系统上创建标识之前，只需查看数据库以查看具有该名称的用户是否已存在。

First off, you don't want to restrict passwords from being the same as other users because that gives information away about the content of other users passwords: that there is at least one user that is using that password. And that is a nice big security hole, right there.

Secondly, it shouldn't be possible to check passwords, because you should be storing them hashed rather than as text - text passwords are a massive security problem - and the hash of two identical passwords from two different users shouldn't be the same anyway!

By all means check usernames: that's trivial! Just look in the database to see if a user with that name exists already before you allow the new user to create an identity on your system.

这篇关于如何设置密码和用户名限制？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！