如何存储的用户信息 [英] How to store user information

查看:348
本文介绍了如何存储的用户信息的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我想知道,当我们签署了社交网络,如何以及在哪里做网络存储中的数据,它是如何在我们每次登录时比较信息。 请回答!

I want to know that when we sign up for social networks, how and where does the network store the data and how does it compare the information each time we log in. Please answer!

推荐答案

最广泛的Web站点(需要注册)使用的安全远程密码协议(SRP) ,以验证用户身份。

Most widely used web-sites (that require log-in) use some variation of Secure Remote Password Protocol (SRP) in order to authenticate a user.

基本答案:
本身是无处保存在服务器上的密码。取而代之的是的,而且是从口令生成和盐保持一定数量。这个数字实际上是秘密口令。但是,用户不能在中间人一>),可能会发生,而不是 - 有一个例程包括各种通信步骤,使服务器对用户进行认证,并且用户而没有揭示真正的密码来认证服务器

Basic answer:
The passwords themselves are kept nowhere on the server. Instead a salt and some number that was generated from the password and salt is kept. This number is actually the "secret password". But the user cannot send it directly, otherwise some attacks (like man in the middle) can occur, instead - there is a routine including various communication steps that allows the server to authenticate the user and the user to authenticate the server without ever revealing the real password.

详细说明:

在帐户创建:

  1. 在用户选择一个密码( PWD ),和盐(指取值)也 随机生成的。
  2. 然后用户计算 H(研发,PWD) - 其中 ^ h 是predefined哈希 功能。
  3. 然后 V =摹^ X模p 进行计算,其中 P 是一些素数。
  4. 在用户发送到服务器的值 v 取值 - 他们 存储在密码文件。在这里的秘密是 v 密码,盐(取值)是那里prevent的字典攻击的 在系统上,如果密码文件露出。
  1. The user chooses a password (pwd), and a salt (denote s) is also randomly generated.
  2. The user then calculates H(d,pwd) - where H is a predefined hash function.
  3. Then v = g^x mod p is calculated, where p is some prime number.
  4. The user sends to the server the values v and s - and they are stored in the password file. The 'secret' in here is the v password, the salt (s) is there to prevent dictionary attacks on the system if the passwords file was exposed.

在身份验证(登录):

  1. 在用户向服务器发送用户名。
  2. 在服务器与盐
    3. 回复
  3. 然后向用户产生使用一些随机数 A 的值: A =(V ^ x)^ A ,并将其发送到服务器。 ( v 是计算并发送到帐户创建期间基于密码的服务器的数量)。
  4. 服务器计算 B = V + G ^ B (其中 B 是一些随机数),以及把它发送给用户连同 U ,这是一些随机数。
  5. 用户,然后计算 S =(BV)^(A + UX),K = H(S),M1 = H(A,B,K) ,并发送 M1 到服务器。
  6. 服务器然后验证 M1 ,并将用户 M2 = H(A,M1,K)
  7. 然后,用户验证 M2值,有效地保证他确实与 M2 说。
  1. The user sends the server the user name.
  2. The server replies with the salt
  3. The user is then generating using some random number a the value: A=(v^x)^a, and sends it to the server. (v is the number calculated and sent to the server based on the password during account creation).
  4. The server is calculating B=v+g^b (where b is some random number), and sends it to the user along with u, which is some random number.
  5. The user is then calculating S=(B-v)^(a+ux), K=H(S), M1=H(A,B,K), and sends M1 to the server.
  6. The server then verifies M1, and sends the user M2 = H(A,M1,K).
  7. The user then verifies the value of M2, and effectively ensures he is indeed speaking with M2.

在整个过程中 - 密码(或 v )从未明确地发送过来的网页

During the entire process - the password (or v) is never explicitly sent over the web.

非秘密数据可以存储在不同的方式,根据不同的社交网络的性质和用户的行为。做到这一点的常用方法是使用关系数据库,如的 SQL

The non "secret" data can be stored in various ways, depending on the nature of the social network and the users' behavior. A common way to do it is using relational data base, such as SQL.

这篇关于如何存储的用户信息的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
C/C++最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆