使用Spring / Hibernate进行密码加密 - Jasypt或其他东西? [英] Password encryption with Spring/Hibernate - Jasypt or something else?
问题描述
据了解,我会使用 JCA 支持加密密码的算法,但如果有简单的方法,我宁愿不必实现包装逻辑。
I看着Jasypt,并a)想知道这是一个不错的选择,以及如何做到这一点,b)其他人正在使用这个。如果有人使用Jasypt或其他替代方法,那么您的体验细节就会很棒。
Java已经为您提供了所有必需的库。如 OWASP 所述,只需创建一个用盐实现散列的实用程序方法>。
如果你真的不想拥有该代码,并且不介意额外的依赖,那么似乎 Shiro 库(以前称为 JSecurity )有一个实施的OWASP描述的内容。
它看起来像你提到的JASYPT库有一个类似的实用工具。
我意识到这个答案没有提到Spring或Hibernate,但我不清楚你是如何在这种情况下使用它们的。
In a Java application stack with Spring & Hibernate (JPA) in the Data Access Layer, what are good methods of applying the password encryption (hopefully using annotations), and where can you find out more about getting it done (tutorial, etc)?
It's understood that I would use a JCA supported algorithm for encrypting the passwords, but I would prefer to not have to implement the wrapper logic if there is an easy way.
I was looking at Jasypt, and was a) wondering if that's a good option and how to do it and b) what else people are using for this. If anyone is using Jasypt or an alternative, details of your experience it would be great.
Java has all of the required libraries already provided for you. Simply create a utility method that implements hashing with a salt as described at OWASP.
If you really don't want to own that code and don't mind an extra dependency, it seems that the Shiro library (formerly JSecurity) has an implementation of what is described by OWASP.
It also looks like the JASYPT library you mentioned has a similar utility.
I realize that this answer doesn't mention Spring or Hibernate but I'm not clear how you are hoping to utilize them in this scenario.
这篇关于使用Spring / Hibernate进行密码加密 - Jasypt或其他东西?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!