散列数据库密码[休眠] [英] Hashed Database Password [Hibernate]

问题描述

由于安全要求，我需要将数据库密码作为md5-hash存储在我的hibernate.cfg.xml中，但据我所知，Hibernate不支持散列密码。我使用的是hibernate 5.1.0。

我的hibernate.cfg.xml如下所示：

 <？xml version ='1.0'encoding ='UTF-8'？> 
<！DOCTYPE hibernate-configuration PUBLIC 
 -  // Hibernate / Hibernate Configuration DTD // EN
http://www.hibernate.org/dtd/hibernate-configuration- 3.0.dtd> 
< hibernate-configuration> 
< session-factory> 
< property name =hibernate.connection.driver_class> org.h2.Driver< / property> 
< property name =hibernate.connection.url> jdbc：h2：tcp：// localhost /〜/ test< / property> 
< property name =hibernate.connection.username> sa< / property> 
< property name =hibernate.connection.password>< / property> 
< property name =show_sql> true< / property> 
< property name =hibernate.c3p0.min_size> 5< / property> 
< property name =hibernate.c3p0.max_size> 20< / property> 
< property name =hibernate.c3p0.timeout> 300< / property> 
< property name =hibernate.c3p0.max_statements> 50< / property> 
< property name =dialect> org.hibernate.dialect.MySQLDialect< / property> 
< property name =hibernate.hbm2ddl.auto>更新< / property> 
 
< / session-factory> 
< / hibernate-configuration> 
  

这就是我创建sessionFactory的方式：

  import org.hibernate.SessionFactory; 
导入org.hibernate.cfg.Configuration; 
 
 public class HibernateUtility {
 private static final SessionFactory sessionFactory = buildSessionFactory（）; 
 
 private static SessionFactory buildSessionFactory（）{
 try {
 //从hibernate.cfg.xml创建SessionFactory 
返回新的Configuration（）
。 configure（）
 .buildSessionFactory（）。 
} catch（Throwable ex）{
 System.err.println（Initial SessionFactory creation failed。+ ex）; 
抛出新的ExceptionInInitializerError（ex）; 
 
 
 
 public static SessionFactory getSessionFactory（）{
 return sessionFactory; 
 
 
 $ / code $ 
 $ b有没有一种方法可以使用散列数据库密码hibernate？
解决方案
在 hibernate.connection.password 中提供的密码是用于hibernate连接数据库，因此它需要实际密码而不是哈希密码。
 
 
 
只有当您需要验证用户的身份时才存储哈希密码，因为一次任何文本都被散列，不可逆。  
 
 
 这是一个单向过程：您可以从您的密码获取散列文本，但是您无法获取密码从生成的哈希文本返回。  
     c $ c>那么你的hibernate将无法连接到数据库，因为没有办法从MD5哈希获取密码。所以这是不可能的。
 
 
 
另请参阅：散列算法和加密算法之间的根本区别 
 
 
 
但是，您可以在 hibernate.cfg.xml中加密密码请参阅此问题。
 
Due to security requirements I need to store the Database password as a md5-hash in my hibernate.cfg.xml, but as far as I know Hibernate does not support hashed passwords. I am using hibernate 5.1.0.

My hibernate.cfg.xml looks like this:
    <?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE hibernate-configuration PUBLIC
"-//Hibernate/Hibernate Configuration DTD//EN"
"http://www.hibernate.org/dtd/hibernate-configuration-3.0.dtd">
<hibernate-configuration>
<session-factory>
    <property name="hibernate.connection.driver_class">org.h2.Driver </property>
    <property name="hibernate.connection.url">jdbc:h2:tcp://localhost/~/test</property>
    <property name="hibernate.connection.username">sa</property>
    <property name="hibernate.connection.password"></property>
      <property name="show_sql">true</property>
  <property name="hibernate.c3p0.min_size">5</property>
  <property name="hibernate.c3p0.max_size">20</property>
  <property name="hibernate.c3p0.timeout">300</property>
  <property name="hibernate.c3p0.max_statements">50</property>
    <property name="dialect">org.hibernate.dialect.MySQLDialect</property>
    <property name="hibernate.hbm2ddl.auto">update</property>

</session-factory>
</hibernate-configuration>
This is how I create a sessionFactory:
import org.hibernate.SessionFactory;
import org.hibernate.cfg.Configuration;

public class HibernateUtility {
    private static final SessionFactory sessionFactory = buildSessionFactory();

    private static SessionFactory buildSessionFactory() {
        try {
            // Create the SessionFactory from hibernate.cfg.xml
            return new Configuration()
                    .configure()
                    .buildSessionFactory().;
        } catch (Throwable ex) {
            System.err.println("Initial SessionFactory creation failed." + ex);
            throw new ExceptionInInitializerError(ex);
        }
    }

    public static SessionFactory getSessionFactory() {
        return sessionFactory;
    }
}
Is there a way to use a hashed Database password for hibernate?
解决方案
The password supplied within hibernate.connection.password is used by hibernate to connect to database and hence it needs actual password instead of Hashed password.

You store hashed passwords only when you need to verify the identity of the user because once any text has been hashed, it's irreversible. 

It's a one way process:
You can get hashed text from your password but you cannot get password back from generated hashed text.

If you store hashed password in hibernate.connection.password then your hibernate won't be able connect to database because there's no way to get password from MD5 hash. So it's not possible.

see also: Fundamental difference between Hashing and Encryption algorithms

However, you can encrypt password in hibernate.cfg.xml see this question.

                        
这篇关于散列数据库密码[休眠]的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！