是否应该对安全问题答案进行哈希处理? [英] Should security question answers be hashed?

问题描述

我正在为Web应用程序的安全系统-管理员部分工作.如果一位管理员想要对应用程序进行一些重要的更改，他将需要回答一个安全问题.

I'm working to a security system for a web application - admin section. If one admin want to make some important changes in application he will need to a answer to a security question.

我的问题是:这个问题的答案应该在数据库中散列吗?

My question is: the answer to this question should be hashed in database?

此外，我正在考虑让管理员可以更改他们的问题/答案，但是管理员可以做到这一点，即使他使用密码确认自己的身份.这是个好方法吗?

Also, I'm thinking to give to the administrators posibility to change their question/answer but admin could do this just if he confirm his identity using password. Is this a good approach?

推荐答案

哈希是一个好主意.由于除了原始用户之外，没有人真正需要了解它，因此最好不要仅仅撬开眼睛就可以保留更多的秘密"信息.

Hashing it is a great idea, in my opinion. As no one really needs to know it other then the original user, so better to keep that more of a "Secret" from just prying eyes.

就更改密码的能力而言，这也是一个好主意，要求他/她输入密码进行更改是另一种很好的安全性方法.

As far as the ability to change it, that is a great idea as well, and requiring him/her to enter their password to change it is another good security approach.

我认为您的思路正确.

I think you are on the right track with your thinking.

这篇关于是否应该对安全问题答案进行哈希处理?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！