可以使用Servlet中的char []代替Strings来存储密码吗? [英] Is possible to user char[] instead of Strings in a Servlet for password storing?

问题描述

我阅读了几篇有关安全性的文章和帖子(请注意 将输入密码与网络中存储的哈希密码进行比较app 或为什么使用char []而不是使用String作为密码?

I read several articles and posts about security regarding (note Comparing input password to stored hashed password in a web app or Why is char[] preferred over String for passwords?

由于从请求中检索参数值使用了request.getParameter("passwordFieldName")(该函数返回一个String)，是否有任何选项可以将请求作为char []检索参数?

Since to retrieve a parameter value from request uses request.getParameter("passwordFieldName") which returns a String, is there any option to retrieve a parameter from request as a char[]?

推荐答案

很遗憾，我不知道.

请求参数已经加载，希望在内部以重用byte []或char []的形式加载.但是之后?

The request parameters are already loaded, hopefully internally as reused byte[] or char[]. But then?

那么也许应该重新实现一些HTTP服务器?不是我.

So maybe one should reimplement a bit of HTTP server? Not me.

您可以在客户端将密码拆分为多个变量并对其进行加密.那是否更好?

You could on the client side split the password in more than one variable and encrypt them. Whether that is better?

如果您不信任服务器平台，请更好地使用 OpenID 或其他委托的身份验证.

If you do not trust your server platform, better use OpenID or an other delegated authentication.

这篇关于可以使用Servlet中的char []代替Strings来存储密码吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！