如何在JsonStore Worklight 6.2中实现密码保护安全性？ [英] How to implement password protect security in JsonStore Worklight 6.2?

问题描述

我想使用JsonStore保护在worklight中实现应用程序我希望根据登录用户存储密码，并将这些密码添加到 WL.JSONStore.init（集合，选项）中的选项。数据对象中的其余详细信息 data = {} ;

I want to implement the app in worklight using JsonStore protection i want to store password based on logined user and add those password to options in WL.JSONStore.init(collections,options). The rest of the details in data object data={};

以及如何解压缩保存的密码 WL.JSONStore.init（collections，options）用于对其余函数进行api调用的选项对象？

and how do i extract the password saved WL.JSONStore.init(collections,options) options object for making api calls for rest of the functions?

推荐答案

我对这个问题的看法：

在设备中存储密码确实不是一个好习惯。

Storing the password in the device is indeed not a good practice to follow.

还有一个额外的问题，即用户名和密码来自哪里？注册（而不是登录）何时发生？这是IMO的重要信息。

There is also the additional question of where the username and password are coming from originally? When does the sign-up (rather than log-in) happens? This is IMO crucial information.

在我的一个应用程序中，我初始化了一个JSONStore并使用用户的密码对其进行了加密，并在集合中保存了用户名。

In one of my applications I have initialized a JSONStore and encrypted it using the user's password and in the collection I saved the username.

这样，下次用户尝试打开JSONStore时（读取：登录），它将尝试使用输入的密码。如果此步骤成功，则它将输入的用户名与存储的用户名进行比较。如果此步骤也成功，则可以假定有效的登录凭据。

This way, the next time the user tries to open the JSONStore (read: "to log-in"), it will try to do so with the inputted password. If this step is successful, it will then compare the inputted username with the stored username. If this step is successful as well, valid login credentials can be assumed.

var collections = {
    userCredentials : {
        searchFields : {
            username: 'string'
        }
    }
};

var username, password;

username = $("#username").val();
password = $"("#password").val();

WL.JSONStore.init(collections, {password:password})
// first step is successful
.then(function() {          
    return WL.JSONStore.get("myCollectionName").find({username:username});
})  
// second step is successful
.then(function(searchResult) {
    if (searchResult[0].json.username == username) {
        // valid login.
    }
})
.fail(function() {
    alert ("Invalid credentials, try again.);
})

请注意，上面的代码有点抽象且通用，而将需要处理所有类型的边缘情况。 >
我强烈建议彻底阅读所有 JSONStore文档和培训模块。

Note that the above code is a bit abstract and "generic", and you will need to handle all sort of edge cases.
I highly recommend to thoroughly read all of the JSONStore documentation and training modules.

这篇关于如何在JsonStore Worklight 6.2中实现密码保护安全性？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！