如何安全地保存和发送登录用户名/密码? [英] How to securely save and send login username/password?
问题描述
我有一个服务器应用程序,它通过Internet/套接字连接接受客户端应用程序的多个实例/用户的登录.用户名和密码将保存在服务器上的数据库中.但是,如何安全地保存它们?以及如何安全地从客户端进行身份验证和发送用户名/密码?目前,我将所有内容都以纯文本字符串形式发送.
I have a server application accepting login by multiple instances/users of a client application, over internet/socket connection. Usernames and passwords will be saved in a database on the server. But how do I save them securely? And how can authentication and sending of username/password from client be done securely? Currently I send everything as plain text strings.
服务器/客户端之间将存在流数据(财务;股票价格),但是该数据并不重要,因此我并不认为有必要对此进行保护.
There will be streaming data (financial; stock prices) between server/client, but this data is not critical, so I don't really see the need to secure that.
推荐答案
您必须对交易执行https,并使用SHA-1哈希和salt存储密码.
You must do https for the transaction and store password using SHA-1 hash and salt.
http://en.wikipedia.org/wiki/Salt_%28cryptography%29
添加一些示例:
http://www.obviex.com/samples/hash.aspx
http://www.aspheute.com/english/20040105.asp
这篇关于如何安全地保存和发送登录用户名/密码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
