用戶登錄註冊之數據庫密碼加密
阿新 • • 發佈:2017-05-22
password private 數據庫連接 用戶登錄 數據加密
在連接數據時,用戶名密碼都是明文,最近網上查資料,使用DES對其進行加密;同時用戶註冊後,密碼都沒有進行加密,對於數據庫裏面數據加密,可以使用password函數直接進行加密,也可以自定義加密,比如使用DES加密。
對數據庫連接密碼加密具體操作如下:
1.定義DES加密類
public class DESUtils {
private static Key key;
private static String KEY_STR = "qbkeytest";// 密鑰
private static String CHARSETNAME = "UTF-8";// 編碼
private static String ALGORITHM = "DES";// 加密類型
static {
try {
KeyGenerator generator = KeyGenerator.getInstance(ALGORITHM);
generator.init(new SecureRandom(KEY_STR.getBytes()));
key = generator.generateKey();
generator = null;
} catch (Exception e) {
throw new RuntimeException(e);
}
}
/**
* 對str進行DES加密
*
* @param str
* @return
*/
public static String getEncryptString(String str) {
BASE64Encoder base64encoder = new BASE64Encoder();
try {
byte[] bytes = str.getBytes(CHARSETNAME);
Cipher cipher = Cipher.getInstance(ALGORITHM);
cipher.init(Cipher.ENCRYPT_MODE, key);
byte[] doFinal = cipher.doFinal(bytes);
return base64encoder.encode(doFinal);
} catch (Exception e) {
throw new RuntimeException(e);
}
}
@Test
public void myTest(){
System.out.println(getEncryptString("123"));
}
@Test
public void myTest2(){
System.out.println(getDecryptString("21O/jNn9VXQ="));
}
/**
* 對str進行DES解密
*
* @param str
* @return
*/
public static String getDecryptString(String str) {
BASE64Decoder base64decoder = new BASE64Decoder();
try {
byte[] bytes = base64decoder.decodeBuffer(str);
Cipher cipher = Cipher.getInstance(ALGORITHM);
cipher.init(Cipher.DECRYPT_MODE, key);
byte[] doFinal = cipher.doFinal(bytes);
return new String(doFinal, CHARSETNAME);
} catch (Exception e) {
throw new RuntimeException(e);
}
}
}2.建立jdbc.properties配置文件,並且導入(commons-dbcp-1.4.jar,commons-pool-1.3.jar)包
dbName=my
driverClassName=com.mysql.jdbc.Driver
url=jdbc:mysql://localhost:3306/${dbName}
#userName=root
#password=123456
userName=3z5s3VB5Xng= //加密後的用戶名
password=qcwaNpDb718\= //加密後的密碼3.建立解密配置文件的類
import org.springframework.beans.factory.config.PropertyPlaceholderConfigurer;
public class EncryptPropertyPlaceholderConfigurer extends
PropertyPlaceholderConfigurer {
private String[] encryptPropNames = { "userName", "password" };
@Override
protected String convertProperty(String propertyName, String propertyValue) {
if (isEncryptProp(propertyName)) {
String decryptValue = DESUtils.getDecryptString(propertyValue);
//System.out.println(propertyName + "解密內容:" + decryptValue);
return decryptValue;
} else {
return propertyValue;
}
}
/**
* 判斷是否是加密的屬性
*
* @param propertyName
* @return
*/
private boolean isEncryptProp(String propertyName) {
for (String encryptpropertyName : encryptPropNames) {
if (encryptpropertyName.equals(propertyName))
return true;
}
return false;
}
}4.改變spring連接數據庫的操作
<!-- <bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource">
<property name="driverClass" value="com.mysql.jdbc.Driver"></property>
<property name="jdbcUrl" value="jdbc:mysql:///my"></property>
<property name="user" value="root"></property>
<property name="password" value="123"></property>
</bean> -->
<!--3.使用加密版的屬性文件 -->
<bean class="com.spring.util.EncryptPropertyPlaceholderConfigurer"
p:location="classpath:jdbc.properties" p:fileEncoding="utf-8" />
<context:component-scan base-package="com.spring.*" />
<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource"
destroy-method="close" p:driverClassName="${driverClassName}" p:url="${url}"
p:username="${userName}" p:password="${password}" />同樣對於插入數據庫數據加密簡單的操作是:
public void regist(User user) {
user.setPassword(DESUtils.getEncryptString(user.getPassword()));
this.getHibernateTemplate().save(user);
}以上加密顯然還是有點粗糙,更安全的措施,希望之後跟大家交流和我繼續學習完善!
本文出自 “qb的博客” 博客,謝絕轉載!
用戶登錄註冊之數據庫密碼加密