In connection with the data, the user name password is clear text, the recent online search data, using DES to encrypt it, while the user registration, the password is not encrypted, for the data encryption in the database, you can use the password function to encrypt directly, you can also customize encryption, such as using DES encryption.
for database connection password encryption, the following actions are specified:
1. Defining DES encryption classes
public class desutils { private static key key; private static String KEY_STR = "Qbkeytest";// key private static String CHARSETNAME = "UTF-8";// encoding private static String ALGORITHM = "DES";// encryption type static { try { keygenerator generator = keygenerator.getinstance ( algorithm); generator.init (new SecureRandom (Key_str.getbytes ())); key = generator.generatekey (); Generator = null; } catch (exception e) { throw new runtimeexception (e); } } /** * des encryption * * @param for STR str * @return */ Public static string getencryptstring (STRING STR) { base64encoder base64encoder = new base64encoder (); try { byte[] bytes = str.getbytes (CharsetName); cipher&nbsP;cipher = cipher.getinstance (algorithm); cipher.init (Cipher.encrypt_mode, key); byte[] dofinal = cipher.dofinal (bytes); return base64encoder.encode (dofinal); } catch (exception e) { throw new runtimeexception (e); } } @Test public void mytest () { system.out.println (getEncryptString ("123")); } @Test public void mytest2 () { &Nbsp; system.out.println (getdecryptstring ("21o/jnn9vxq=")); } /** * des decryption for STR * * @param str * @return */ public static string getdecryptstring (String STR) { base64decoder base64decoder = new base64decoder (); try { byte[] bytes = base64decoder.decodebuffer (str); Cipher cipher = Cipher.getinstance (algorithm); Cipher.init (Cipher.decrypt_mode, key), byte[] dofinal = Cipher.dofinal (bytes); return new string (dofinal, charsetname); } catch ( Exception e) { throw new runtimeexception (e); } }}
2. Build the Jdbc.properties configuration file and import (Commons-dbcp-1.4.jar,commons-pool-1.3.jar) the package
Dbname=mydriverclassname=com.mysql.jdbc.driverurl=jdbc:mysql://localhost:3306/${dbname} #userName =root#password =123456username=3z5s3vb5xng=//encrypted user name password=qcwanpdb718\=//password after encryption
3. Create a class to decrypt the configuration file
import org.springframework.beans.factory.config.propertyplaceholderconfigurer;public class Encryptpropertyplaceholderconfigurer extendspropertyplaceholderconfigurer {private string[] encryptPropNames = { "userName", "password" }; @Override Protected string convertproperty (String propertyname, string propertyvalue) { if (Isencryptprop (PropertyName)) { String decryptValue = Desutils.getdecryptstring (PropertyValue); //system.out.println (propertyname + "decrypted content:" + decryptvalue); return decryptValue; } else { return propertyvalue; }}/** * Determines whether the attribute is encrypted * * @param propertyname * @ Return */ private boolean isencryptprop (String propertyname) { for (string Encryptpropertyname : encryptpropnames) { if (Encryptpropertyname.equals (PropertyName)) return true; } return false; }}
4. Change the Spring Connection database operation
<!-- <bean id= "DataSource" class= "Com.mchange.v2.c3p0.ComboPooledDataSource" >< Property name= "Driverclass" value= "Com.mysql.jdbc.Driver" ></property><property name = "Jdbcurl" value= "jdbc:mysql:///my" ></property><property name= "user" value= "root" ></property><property name= "password" value= "123" ></property></bean> --> <!--3. Use the encrypted version of the properties file --> <bean class= " Com.spring.util.EncryptPropertyPlaceholderConfigurer " p: location= "Classpath:jdbc.properties" p:fileencoding= "Utf-8" /> < Context:component-scan base-package= "com.spring.*" /> <bean Id= "DataSource" class= "Org.apache.commons.dbcp.BasicDataSource" destroy-method= "Close" p:driverclasSname= "${driverclassname}" p:url= "${url}" p:username= "${ UserName} " p:password=" ${password} " />
The same simple operation for inserting database data encryption is:
public void regist (user user) {User.setpassword (desutils.getencryptstring (User.getpassword ())); This.gethibernatetemplate (). Save (user);
The above encryption is still a little rough, more secure measures, hope to communicate with you and I continue to learn to improve!
This article is from the "QB blog" blog, declined reprint!
Database password encryption of user login registration