I18n和非US-ASCII，Latin1或Win1252的密码 [英] I18n and Passwords that aren't US-ASCII, Latin1, or Win1252

问题描述

当用户输入最好用Unicode或其他非拉丁字符编码表示的内容时，如何处理服务的密码?

How do you handle passwords for services when the user enters something that is best represented in Unicode or some other non-Latin character encoding?

特别是，您可以使用西里尔密码作为Oracle的密码吗?如果密码以UTF-8的形式提供，您将如何根据Windows身份验证机制来验证用户的密码?

Specifically, can you use a Cyrillic password as a password to Oracle? What do you do to verify a user's password against a Windows authentication mechanism if the password is provided as UTF-8?

我对如何在我们的代码中进行处理有一些想法，但是我正在寻求其他人的建议，以确保我们的方向是正确的.

I have some ideas on how this should be handled in our code, but I'm looking for advice from others to make sure our direction is sound.

推荐答案

您可能在身份验证机制长度限制方面遇到问题.

You might have problems with the authentication mechanisms length restrictions.

例如如果系统指定最大长度为12个字节，那么在utf-8中很容易会被五个汉字所超过，因此这不是问题，因为四个汉字应具有足够的熵，但是您需要注意错误消息.

e.g. If the system specifies a max length of 12 bytes, this could easily be exceeded by five chinese characters in utf-8, this is not a problem as such because four chinese characters should have enough entropy, but, you need to be careful about error messsages.

如果身份验证机制强制执行诸如大写，小写，标点和数字字符中的至少一个"之类的规则，则可能会出现其他问题-几种语言没有大写/小写字符，并且在Unicode中定义了数十个字符以英语为母语的人会认为是数字，但可能由于实施不当的规则而无法被理解为数字.

Other problems may arise if the authentication mechnism enforces rules like "at least one each of upper case, lower case, punctuation and numeric characters" - several languages have no upper/lower case characters, and there are dozens characters defined in unicode that a native speaker would think of as numbers but may not be recognised as such by a poorly implemented rule.

这篇关于I18n和非US-ASCII，Latin1或Win1252的密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！