1

I have programed a Java program which has access to my MySQL database. Currently I am using Joomla as CMS, therefore I would like to program my Java program so it is able to check the user data(of Joomla) to access the database.

If it isn't possible: Which encryption should I use so I can use it later for my websites ?

Right now my program is just comparing if the Strings in user field and password field with the data from the MySQL database.

I am new to Encryption/Decryption. Any tips how I should approach this subject is appreciated.

thanks in advance

greets

THE-E

4

2 回答 2

2

您不应该在数据库中看到任何纯文本密码。我不确定旧版本的 Joomla 是如何做到的,但当前的 Joomla 以以下格式保存密码:

md5([password][salt]):[salt]

显然,您将 [password] 替换为密码,将 [salt] 替换为 salt。例如,您可能会在用户表的密码字段中看到以下字符串

dc0ea62a2aebf85100609bb67c6886a8:yh9MbHU5hR6ydbd8mCw6bQzCrRFYEI3E

冒号后面的部分是salt,冒号前面的部分是密码salt的md5哈希。现在我可以告诉你这里的密码是'test'。并且该字符串是: md5(testyh9MbHU5hR6ydbd8mCw6bQzCrRFYEI3E):yh9MbHU5hR6ydbd8mCw6bQzCrRFYEI3E

于 2013-06-14T09:34:30.177 回答
0

本质上,您想要做的事情如下。当您存储密码时,请对其进行加密。当用户在表单中输入密码时,对其进行加密,并将其与数据库中的加密密码进行比较。

您不想做的是取消加密存储的密码并将其与表单输入进行比较。

在 PHP 中我使用 Bcrypt。

于 2013-06-12T22:29:15.700 回答