1
我正在使用Mojolicious web框架來構建一個小型站點。我的目標是強大的安全。第一步是確保登錄信息主要是用戶名和密碼。我想執行這個帖子的提問者Username, Password, Salting, Encrypting, Hash - How does it all work?給出的邏輯。用戶名和密碼在通過互聯網發送到Mojolicious web服務器之前,必須至少在用戶的瀏覽器中進行醃製和散列。我認爲最好的方法是使用嵌入式perl來操縱表單值,然後重新分配它們,這樣當'submit'按鈕被按下時只會被淹沒和散列的用戶名,密碼會在控制器中被接收到:mojolicious中的邏輯將像從Mojolicious網站。MyUsers.pm處理登錄驗證服務器上,我會調整它來處理鹹魚和散列字符串。)如何在Mojolicious中做到這一點? =>用戶名,密碼,醃製,加密,哈希 - 它是如何工作的
#!/usr/bin/env perl
use Mojolicious::Lite;
use lib 'lib';
use MyUsers;
# Helper to lazy initialize and store our model object
helper users => sub { state $users = MyUsers->new };
# /?user=sri&pass=secr3t
any '/' => sub {
my $self = shift;
$self->render('login');
};
any '/' => sub {
my $self = shift;
$self->render('login');
};
any 'check_login' => sub {
my $self = shift;
# Query parameters
my $user = $self->param('user') || '';
my $pass = $self->param('pass') || '';
# Check password
return $self->render(text => "Welcome $user.")
if $self->users->check($user, $pass);
# Failed
$self->render(text => 'Wrong username or password.');
};
app->start;
__DATA__
@@ login.html.ep
% title 'Login Page.';
<form name="input" action="check_login" method="post">
User: <input type="text" name="user"><div>
Pass: <input type="password" name="pass"><div>
<!-- DO SOMETHING HERE to salt and hash $user and $pass before post -->
<input type="submit" value="Submit">
</form>