Shulou(Shulou.com)06/02 Report--

This article mainly introduces "how to design the security module of Java". In the daily operation, I believe many people have doubts about how to design the security module of Java. The editor consulted all kinds of materials and sorted out simple and easy-to-use operation methods. I hope it will be helpful to answer the doubts of "how to design the security module of Java". Next, please follow the editor to study!

The security module flow and pseudo code of the client are as follows:

In the Flying Q security interface, it is divided into "security overview", "common fraud", "change password", "modify secret protection" Security Overview Security Overview your current Flying Q security status if (set secret protection and password level is good or above) {security status is good please continue to maintain good habits can immediately complete setting password} else if (set secret protection and password level below medium) {security situation is hidden Please change your password regularly and finish setting your password immediately. Else {Security situation is dangerous. Please set up Secret Security questions immediately. Complete Secret Security immediately. Common fraudulent centralized frauds: phishing URL Video fraud, lottery fraud, pretending to be a friend fraud Before changing the password, make sure to set the secret guarantee; if you do not set the secret guarantee question, please set the secret guarantee question first to ensure the security of the account. If you set up a secret guarantee question, please enter the original secret guarantee question first and check the user's identity. The secret guarantee can only be modified correctly, if it is wrong, I am sorry, the password cannot be changed. If (three secret protection questions are available) {Sorry, the answer to the secret protection question cannot be empty! Else {get the answer to the corresponding secret protection question from the server If (wrong answer) {hint: sorry, the answer to the secret protection question cannot be cleared correctly. Re-enter} else {change password enter the old password if (the old password entered is correct) {if (the new password is empty) {hint: the password cannot be empty} else if (password twice Input is inconsistent) {hint: two passwords are inconsistent} else if (two passwords are consistent and not empty) {send the new password}} else {hint: the password is incorrect Please re-enter} to modify the secret guarantee. If the secret guarantee question is not set, set the secret guarantee question. If you set up a secret guarantee question, please enter the original secret guarantee question first and check the user's identity. The secret guarantee can only be modified if it is correct. if it is wrong, I am sorry, it cannot be modified. If (no secret guarantee is set) {choose secret guarantee question to answer If (repeat the selected secret guarantee question) {hint: repeat the selected secret guarantee question, re-select the secret guarantee question} Else if (verify that the secret guarantee question is empty when modifying the secret guarantee) {hint: modify the secret guarantee. Verify that the secret guarantee question is empty} Else {the server sends the answer to the new secret guarantee question and the corresponding new secret guarantee question}} else {has been set up to get the answer to the corresponding secret guarantee question from the server enter the secret guarantee question answer (user) If (wrong answer) ) {Tip: sorry The answer to the secret protection question cannot be cleared out correctly. Re-enter} else {modify Secret Security Select Secret Security question answer If (repeat the selected Secret Security question) {hint: repeat the selected Secret Security question} Else if (modify Secret Security question) The time guarantee verifies that the secret guarantee question is empty) {hint: verify that the secret guarantee question is empty when modifying the secret guarantee problem} Else {the server sends the new secret guarantee question and the answer corresponding to the new secret guarantee question}

The flow chart is as follows:

The security module of the server is divided into the following submodules:

Set the secret protection module

Judge whether to set the secret protection module

Judge whether the secret protection answer is correct module

Modify secret protection module

Modify password module

Retrieve the password.

The process pseudo code on the server side is as follows:

1. Set the secret protection module, the user sends the modified friend nickname information packet, the server parses it into basic data, finds the user's information in the database, and writes the secret protection question and answer to the user's database. If there is a secret protection problem, go to the reset secret protection module 2, determine whether to set the secret protection module user to send the request, the server parses the data, and finds the friend in the database. Check whether the friend sets secret guarantee, If (set secret guarantee) {return secret guarantee question} Else if (no secret guarantee) {send back no secret guarantee logo} 3, judge whether the secret guarantee answer module user sends secret guarantee answer information to the server, the server parses the corresponding data, looks up the user's information from the database, and gets the secret guarantee question and answer. To determine whether all three questions are answered to If (all three secret protection questions are correct) {send a successful verification message to the user client} Else (three questions are not all right or all wrong) {send authentication failure information to the user client} 4, modify the secret guarantee module to explain here The module that modifies the secret guarantee can only be entered on the premise of verifying that the answer is correct, so this module only covers the user. It is hereby declared that, hehe, the declaration is a bit late. There is no complex logic judgment, the idea is as follows: the user sends the new secret protection information to the server, the server parses the corresponding data, finds the user from the database, rewrites the person's secret protection question and answer in the database, and then the child thread receives it. 5, modify password module statement as shown in 7.4, do not repeat the idea is as follows: the user sends the new password information to the server, the server parses the corresponding data, finds the user from the database, rewrites the person's password in the database, and adds the newly set password to the user password hashmap in memory, and then the child thread receives it. 6. To find the password, to retrieve the password and to reset the secret guarantee is to first verify whether the secret guarantee information is correct, and then make the corresponding processing according to whether it is correct or not. After the user sends the request, the server parses the data, finds the friend in the database, and checks whether the friend has set secret protection. If (set secret protection) {return the secret protection question. Determine whether the accepted secret guarantee answer is correct If (all three questions are answered correctly) {return the verification success information, notify the client to transfer to the reset password module} Else {return verification failure information}} Else if (no secret guarantee is set) {send back the identity of no password set to inform the user that the password has not been set The password cannot be recovered by this method. }

The flow chart of each sub-module of the security module of the server is as follows:

1. Set the secret protection module

2. Judge whether to set the secret protection module.

3. Module to judge whether the secret protection answer is correct.

4. Modify the secret protection module

5. Modify password module

6. Retrieve the password

At this point, the study on "how to design the security module of Java" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.