Shulou(Shulou.com)06/02 Report--

This article mainly explains "how to encrypt Jspxcms user password". The content in the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn "how to encrypt Jspxcms user password".

As we all know, it is very insecure for users to save their login passwords directly in clear text. If the contents of the database are stolen, the password is compromised.

So the password will be encrypted in some way, and then saved to the database, so that even if the content of the database is stolen, it is still impossible to know the user's login password. The commonly used encryption methods are MD5 and Sha1. Jspxcms uses Sha1 encryption.

For encrypted passwords, you can use the rainbow table to crack. Therefore, it is not secure to encrypt the password directly. Need to add some random number to the original password, and then encrypt it. This random number is called Salt. Because salt is a random number, the salt of each user is different, even for the same user, the salt will change every time the password is changed. In other words, even if the original passwords of the two users are the same, the encrypted passwords are different.

Jspxcms8.X code and database related instructions.

Corresponding table: cms_user. Corresponding fields: f_password (sha1 encrypted password), f_salt (random number used to confuse passwords to prevent rainbow table cracking).

Encrypted configuration com.jspxcms.core.ShiroConfig

@ Bean ("credentialsDigest") public SHA1CredentialsDigest credentialsDigest () {return new SHA1CredentialsDigest ();}

The code com.jspxcms.core.security.ShiroDbRealm corresponding to shiro when logging in

@ Autowiredpublic void setCredentialsDigest (CredentialsDigest credentialsDigest) {this.credentialsDigest = credentialsDigest;} Thank you for reading, the above is the content of "how to encrypt Jspxcms user password". After the study of this article, I believe you have a deeper understanding of how to encrypt Jspxcms user password, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.