多个用户的登录表单 [英] login form for multiple users
本文介绍了多个用户的登录表单的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我正在使用语音聊天软件,希望将用户的电子邮件ID设置为他的用户名,并且在注册时想确保他/她是经过身份验证的用户(通过比较存储的用户名和密码)他自己注册时在MYSQL数据库中).但是不能这样做.如何比较密码和用户名???请帮助我
Hi I am working with a voice chat software and want to set the email id of the user as his username and while signing up want to make sure that he/she is an authenticated user (by comparing the user name and password stored in the MYSQL database while he registered himself). But am not able to do so.. How to compare the password and username??? plz help me
推荐答案
首先,不要将密码存储在任何地方.这将不是可接受或安全的做法,并且不需要进行身份验证.除了创建原始密码的人之外,没有人有权知道原始密码,无论该密码具有多少访问权限.最受欢迎的方法之一是使用加密哈希函数.您可以在提交用户名/密码对之前仅计算哈希函数的结果,然后仅发送哈希函数的结果.在服务器端,仅存储散列值;因此,您总是将哈希与哈希进行比较.请参阅:
http://en.wikipedia.org/wiki/Cryptographic_hash_function [ http://en.wikipedia.org/wiki/Computational_complexity_theory#Intractability [ http://en.wikipedia.org/wiki/MD5 [ http://en.wikipedia.org/wiki/SHA-1 [ http://en.wikipedia.org/wiki/SHA-2 [ http://msdn.microsoft.com/en-us/library/system. security.cryptography.hashalgorithm.aspx [ ^ ].
另请参阅我过去的答案:
base64Encode函数最适合编码密码字符串? [ ^ ].
—SA
First of all, don''t store passwords anywhere. This would not be an acceptable or safe practice and is not needed for authentication. No one has a right to know original password except the person who created it, not matter how much access to the system one has. One of the most popular way is using cryptographic hash function. You can calculate hash function before submitting a username/password pair and transmit only the result of the hash function; one the server side, only hashed values are stored; so you always compare hash with hash. Please see:
http://en.wikipedia.org/wiki/Cryptographic_hash_function[^].
The nature of hash function algorithm makes inverting of it infeasible, so it is infeasible to find out an original password. Please see:
http://en.wikipedia.org/wiki/Computational_complexity_theory#Intractability[^].
It is important not to use MD5 or SHA-1. These algorithms are proven broken and should not be used for any security purposes. Please see:
http://en.wikipedia.org/wiki/MD5[^],
http://en.wikipedia.org/wiki/SHA-1[^].
I would recommend to use one of the algorithms of SHA-2 family. Please see:
http://en.wikipedia.org/wiki/SHA-2[^].
The cryptographic hash function algorithms are well implemented in .NET. Please see:
http://msdn.microsoft.com/en-us/library/system.security.cryptography.hashalgorithm.aspx[^].
See also my past answer:
Is base64Encode function is best for encode a password string?[^].
—SA
这篇关于多个用户的登录表单的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
