安全问题。哈希答案？ [英] Security question. Hash Answer?

问题描述

我正在为Web应用程序的安全系统工作 - 管理部分。如果一个管理员想要在应用程序中做出一些重要更改，他需要回答一个安全问题。

我的问题是：这个问题的答案应该散列在数据库？

另外，我想让管理员可以更改他们的问题/答案，但管理员可以这样做，只要他使用密码确认他的身份。这是一个好方法吗？

解决方案

在我看来，这是一个好主意。由于没有人真的需要知道它，而不是原来的用户，所以更好地保持更多的秘密，而不是只是窥探。

就改变它的能力而言，这也是一个好主意，并且要求他/她输入密码来改变它是另一个很好的安全方法。

我认为你的思维正处于正确的轨道上。

I'm working to a security system for a web application - admin section. If one admin want to make some important changes in application he will need to a answer to a security question.

My question is: the answer to this question should be hashed in database?

Also, I'm thinking to give to the administrators posibility to change their question/answer but admin could do this just if he confirm his identity using password. Is this a good approach?

解决方案

Hashing it is a great idea, in my opinion. As no one really needs to know it other then the original user, so better to keep that more of a "Secret" from just prying eyes.

As far as the ability to change it, that is a great idea as well, and requiring him/her to enter their password to change it is another good security approach.

I think you are on the right track with your thinking.

这篇关于安全问题。哈希答案？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！