如何解密和加密 Java 程序的 Joomla 用户密码?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/17064042/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How do I decrypt and encrypt Joomla user password for Java program?
提问by THE-E
I have programed a Java program which has access to my MySQL database. Currently I am using Joomla as CMS, therefore I would like to program my Java program so it is able to check the user data(of Joomla) to access the database.
我编写了一个可以访问我的 MySQL 数据库的 Java 程序。目前我使用 Joomla 作为 CMS,因此我想编写我的 Java 程序,以便它能够检查用户数据(Joomla)以访问数据库。
If it isn't possible: Which encryption should I use so I can use it later for my websites ?
如果不可能:我应该使用哪种加密,以便以后可以在我的网站上使用它?
Right now my program is just comparing if the Strings in user field and password field with the data from the MySQL database.
现在我的程序只是将用户字段和密码字段中的字符串与 MySQL 数据库中的数据进行比较。
I am new to Encryption/Decryption. Any tips how I should approach this subject is appreciated.
我是加密/解密的新手。感谢我应该如何处理这个主题的任何提示。
thanks in advance
提前致谢
greets
问候
THE-E
电子版
回答by bjrn
You shouldn't be seeing any plain text passwords in your database. I don't know for sure how older versions of Joomla do it, but the current ones save passwords in the following format:
您不应该在数据库中看到任何纯文本密码。我不确定旧版本的 Joomla 是如何做到的,但当前版本以以下格式保存密码:
md5([password][salt]):[salt]
Where you'd obviously replace [password] with the password and [salt] with the salt. For instance you might see the following string in the password field of your user table
显然,您将 [password] 替换为密码,将 [salt] 替换为盐。例如,您可能会在用户表的密码字段中看到以下字符串
dc0ea62a2aebf85100609bb67c6886a8:yh9MbHU5hR6ydbd8mCw6bQzCrRFYEI3E
The part after the colon is the salt, and the part before the colon is the md5 hash of the password andthe salt. Now I can tell you that the password here is 'test'. And that the string is: md5(testyh9MbHU5hR6ydbd8mCw6bQzCrRFYEI3E):yh9MbHU5hR6ydbd8mCw6bQzCrRFYEI3E
冒号后的部分是salt,冒号前的部分是密码和salt的md5哈希值。现在我可以告诉你这里的密码是“test”。并且字符串是: md5(testyh9MbHU5hR6ydbd8mCw6bQzCrRFYEI3E):yh9MbHU5hR6ydbd8mCw6bQzCrRFYEI3E
回答by as_bold_as_love
In essence what you want to do is as follows. when you store the password encrypt it. when a user enters a password in to a form encrypt that, and compare it to the encrypted password in the database.
本质上你想要做的如下。当您存储密码时对其进行加密。当用户在表单中输入密码时对其进行加密,并将其与数据库中的加密密码进行比较。
what you dont want to do, is un-encrypt the stored password and compare it to the form input.
您不想做的是取消加密存储的密码并将其与表单输入进行比较。
in PHP i use Bcrypt.
在 PHP 中我使用 Bcrypt。
