用戶登錄註冊之數據庫密碼加密
阿新 • • 發佈:2017-05-22
password private 數據庫連接 用戶登錄 數據加密
在連接數據時,用戶名密碼都是明文,最近網上查資料,使用DES對其進行加密;同時用戶註冊後,密碼都沒有進行加密,對於數據庫裏面數據加密,可以使用password函數直接進行加密,也可以自定義加密,比如使用DES加密。
對數據庫連接密碼加密具體操作如下:
1.定義DES加密類
public class DESUtils { private static Key key; private static String KEY_STR = "qbkeytest";// 密鑰 private static String CHARSETNAME = "UTF-8";// 編碼 private static String ALGORITHM = "DES";// 加密類型 static { try { KeyGenerator generator = KeyGenerator.getInstance(ALGORITHM); generator.init(new SecureRandom(KEY_STR.getBytes())); key = generator.generateKey(); generator = null; } catch (Exception e) { throw new RuntimeException(e); } } /** * 對str進行DES加密 * * @param str * @return */ public static String getEncryptString(String str) { BASE64Encoder base64encoder = new BASE64Encoder(); try { byte[] bytes = str.getBytes(CHARSETNAME); Cipher cipher = Cipher.getInstance(ALGORITHM); cipher.init(Cipher.ENCRYPT_MODE, key); byte[] doFinal = cipher.doFinal(bytes); return base64encoder.encode(doFinal); } catch (Exception e) { throw new RuntimeException(e); } } @Test public void myTest(){ System.out.println(getEncryptString("123")); } @Test public void myTest2(){ System.out.println(getDecryptString("21O/jNn9VXQ=")); } /** * 對str進行DES解密 * * @param str * @return */ public static String getDecryptString(String str) { BASE64Decoder base64decoder = new BASE64Decoder(); try { byte[] bytes = base64decoder.decodeBuffer(str); Cipher cipher = Cipher.getInstance(ALGORITHM); cipher.init(Cipher.DECRYPT_MODE, key); byte[] doFinal = cipher.doFinal(bytes); return new String(doFinal, CHARSETNAME); } catch (Exception e) { throw new RuntimeException(e); } } }
2.建立jdbc.properties配置文件,並且導入(commons-dbcp-1.4.jar,commons-pool-1.3.jar)包
dbName=my driverClassName=com.mysql.jdbc.Driver url=jdbc:mysql://localhost:3306/${dbName} #userName=root #password=123456 userName=3z5s3VB5Xng= //加密後的用戶名 password=qcwaNpDb718\= //加密後的密碼
3.建立解密配置文件的類
import org.springframework.beans.factory.config.PropertyPlaceholderConfigurer; public class EncryptPropertyPlaceholderConfigurer extends PropertyPlaceholderConfigurer { private String[] encryptPropNames = { "userName", "password" }; @Override protected String convertProperty(String propertyName, String propertyValue) { if (isEncryptProp(propertyName)) { String decryptValue = DESUtils.getDecryptString(propertyValue); //System.out.println(propertyName + "解密內容:" + decryptValue); return decryptValue; } else { return propertyValue; } } /** * 判斷是否是加密的屬性 * * @param propertyName * @return */ private boolean isEncryptProp(String propertyName) { for (String encryptpropertyName : encryptPropNames) { if (encryptpropertyName.equals(propertyName)) return true; } return false; } }
4.改變spring連接數據庫的操作
<!-- <bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource"> <property name="driverClass" value="com.mysql.jdbc.Driver"></property> <property name="jdbcUrl" value="jdbc:mysql:///my"></property> <property name="user" value="root"></property> <property name="password" value="123"></property> </bean> --> <!--3.使用加密版的屬性文件 --> <bean class="com.spring.util.EncryptPropertyPlaceholderConfigurer" p:location="classpath:jdbc.properties" p:fileEncoding="utf-8" /> <context:component-scan base-package="com.spring.*" /> <bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close" p:driverClassName="${driverClassName}" p:url="${url}" p:username="${userName}" p:password="${password}" />
同樣對於插入數據庫數據加密簡單的操作是:
public void regist(User user) { user.setPassword(DESUtils.getEncryptString(user.getPassword())); this.getHibernateTemplate().save(user); }
以上加密顯然還是有點粗糙,更安全的措施,希望之後跟大家交流和我繼續學習完善!
本文出自 “qb的博客” 博客,謝絕轉載!
用戶登錄註冊之數據庫密碼加密