0
由於安全要求,我需要將數據庫密碼作爲md5-hash存儲在我的hibernate.cfg.xml中,但據我所知,Hibernate不支持哈希密碼。我正在使用休眠5.1.0。哈希數據庫密碼[休眠]
我的hibernate.cfg.xml是這樣的:
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE hibernate-configuration PUBLIC
"-//Hibernate/Hibernate Configuration DTD//EN"
"http://www.hibernate.org/dtd/hibernate-configuration-3.0.dtd">
<hibernate-configuration>
<session-factory>
<property name="hibernate.connection.driver_class">org.h2.Driver </property>
<property name="hibernate.connection.url">jdbc:h2:tcp://localhost/~/test</property>
<property name="hibernate.connection.username">sa</property>
<property name="hibernate.connection.password"></property>
<property name="show_sql">true</property>
<property name="hibernate.c3p0.min_size">5</property>
<property name="hibernate.c3p0.max_size">20</property>
<property name="hibernate.c3p0.timeout">300</property>
<property name="hibernate.c3p0.max_statements">50</property>
<property name="dialect">org.hibernate.dialect.MySQLDialect</property>
<property name="hibernate.hbm2ddl.auto">update</property>
</session-factory>
</hibernate-configuration>
這是我如何創建一個SessionFactory:
import org.hibernate.SessionFactory;
import org.hibernate.cfg.Configuration;
public class HibernateUtility {
private static final SessionFactory sessionFactory = buildSessionFactory();
private static SessionFactory buildSessionFactory() {
try {
// Create the SessionFactory from hibernate.cfg.xml
return new Configuration()
.configure()
.buildSessionFactory().;
} catch (Throwable ex) {
System.err.println("Initial SessionFactory creation failed." + ex);
throw new ExceptionInInitializerError(ex);
}
}
public static SessionFactory getSessionFactory() {
return sessionFactory;
}
}
是否有使用哈希數據庫密碼休眠的方式?
請注意,MD5是一個非常弱(和碎)加密哈希算法。要麼使用帶有x次迭代的鹽漬SHA256 +,要麼更好地切換到像BCrypt這樣的密碼哈希算法。 –
另請注意,哈希值不能顛倒,這就是爲什麼你不能使用它們登錄到任何系統。 –
絕對與JPA API無關。刪除TAG –