标签:password private 数据库连接 用户登录 数据加密
在连接数据时,用户名密码都是明文,最近网上查资料,使用DES对其进行加密;同时用户注册后,密码都没有进行加密,对于数据库里面数据加密,可以使用password函数直接进行加密,也可以自定义加密,比如使用DES加密。
对数据库连接密码加密具体操作如下:
1.定义DES加密类
public class DESUtils {
private static Key key;
private static String KEY_STR = "qbkeytest";// 密钥
private static String CHARSETNAME = "UTF-8";// 编码
private static String ALGORITHM = "DES";// 加密类型
static {
try {
KeyGenerator generator = KeyGenerator.getInstance(ALGORITHM);
generator.init(new SecureRandom(KEY_STR.getBytes()));
key = generator.generateKey();
generator = null;
} catch (Exception e) {
throw new RuntimeException(e);
}
}
/**
* 对str进行DES加密
*
* @param str
* @return
*/
public static String getEncryptString(String str) {
BASE64Encoder base64encoder = new BASE64Encoder();
try {
byte[] bytes = str.getBytes(CHARSETNAME);
Cipher cipher = Cipher.getInstance(ALGORITHM);
cipher.init(Cipher.ENCRYPT_MODE, key);
byte[] doFinal = cipher.doFinal(bytes);
return base64encoder.encode(doFinal);
} catch (Exception e) {
throw new RuntimeException(e);
}
}
@Test
public void myTest(){
System.out.println(getEncryptString("123"));
}
@Test
public void myTest2(){
System.out.println(getDecryptString("21O/jNn9VXQ="));
}
/**
* 对str进行DES解密
*
* @param str
* @return
*/
public static String getDecryptString(String str) {
BASE64Decoder base64decoder = new BASE64Decoder();
try {
byte[] bytes = base64decoder.decodeBuffer(str);
Cipher cipher = Cipher.getInstance(ALGORITHM);
cipher.init(Cipher.DECRYPT_MODE, key);
byte[] doFinal = cipher.doFinal(bytes);
return new String(doFinal, CHARSETNAME);
} catch (Exception e) {
throw new RuntimeException(e);
}
}
}2.建立jdbc.properties配置文件,并且导入(commons-dbcp-1.4.jar,commons-pool-1.3.jar)包
dbName=my
driverClassName=com.mysql.jdbc.Driver
url=jdbc:mysql://localhost:3306/${dbName}
#userName=root
#password=123456
userName=3z5s3VB5Xng= //加密后的用户名
password=qcwaNpDb718\= //加密后的密码3.建立解密配置文件的类
import org.springframework.beans.factory.config.PropertyPlaceholderConfigurer;
public class EncryptPropertyPlaceholderConfigurer extends
PropertyPlaceholderConfigurer {
private String[] encryptPropNames = { "userName", "password" };
@Override
protected String convertProperty(String propertyName, String propertyValue) {
if (isEncryptProp(propertyName)) {
String decryptValue = DESUtils.getDecryptString(propertyValue);
//System.out.println(propertyName + "解密内容:" + decryptValue);
return decryptValue;
} else {
return propertyValue;
}
}
/**
* 判断是否是加密的属性
*
* @param propertyName
* @return
*/
private boolean isEncryptProp(String propertyName) {
for (String encryptpropertyName : encryptPropNames) {
if (encryptpropertyName.equals(propertyName))
return true;
}
return false;
}
}4.改变spring连接数据库的操作
<!-- <bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource">
<property name="driverClass" value="com.mysql.jdbc.Driver"></property>
<property name="jdbcUrl" value="jdbc:mysql:///my"></property>
<property name="user" value="root"></property>
<property name="password" value="123"></property>
</bean> -->
<!--3.使用加密版的属性文件 -->
<bean class="com.spring.util.EncryptPropertyPlaceholderConfigurer"
p:location="classpath:jdbc.properties" p:fileEncoding="utf-8" />
<context:component-scan base-package="com.spring.*" />
<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource"
destroy-method="close" p:driverClassName="${driverClassName}" p:url="${url}"
p:username="${userName}" p:password="${password}" />同样对于插入数据库数据加密简单的操作是:
public void regist(User user) {
user.setPassword(DESUtils.getEncryptString(user.getPassword()));
this.getHibernateTemplate().save(user);
}以上加密显然还是有点粗糙,更安全的措施,希望之后跟大家交流和我继续学习完善!
本文出自 “qb的博客” 博客,谢绝转载!
标签:password private 数据库连接 用户登录 数据加密
原文地址:http://qinbin.blog.51cto.com/11773640/1928123
