良好的安全的方式来记住用户复选框 [英] Good secure way to remember a user checkbox
问题描述
我有一个要求输入用户名和密码登录页面。这个页面都有一个复选框记住我。
I have a login page which asks for a username and password. This page has a checkbox "Remember Me".
验证是:对于用户名提供,使用存储的用户数据库记录的盐转化提供的密码哈希和比较哈希存储的散列
Authentication is: For the username provided, convert the provided password to a hash using the salt stored with the user db record and compare the hash to the stored hash.
当用户蜱箱子,我应该存储在他们的饼干让他们下次自动登录他们参观?
When a user ticks the box, what should I store in their cookie so they auto login next time they visit?
我在想,一个好办法就是保存自己的用户名和他们在一个cookie密码的散列值,并重新进行身份验证在下次访问该用户。该盐将保持离开存储在数据库中。
I was thinking that a good way was to store their username and a hashed value of their password in a cookie and to re authenticate the user on their next visit. The salt will be kept away stored in a database.
推荐答案
这取决于你想要保持的安全级别。当我检查记住我中,我只希望它记住我的用户名。我还是想提供我的密码是正常的。
It depends on the level of security you want to maintain. When I check a "Remember Me" box, I only want it to remember my username. I still want to provide my password as normal.
存储的用户名和在Cookie哈希密码,似乎是一个坏主意给我。
Storing username and hashed password in a cookie, seems like a bad idea to me.
这篇关于良好的安全的方式来记住用户复选框的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!