Database password encryption of user login registration

In connection with the data, the user name password is clear text, the recent online search data, using DES to encrypt it, while the user registration, the password is not encrypted, for the data encryption in the database, you can use the password function to encrypt directly, you can also customize encryption, such as using DES encryption.

for database connection password encryption, the following actions are specified:

1. Defining DES encryption classes

public class desutils {    private static key key;     private static String KEY_STR =  "Qbkeytest";//  key      private static String CHARSETNAME =  "UTF-8";//  encoding      private static String ALGORITHM =  "DES";//  encryption type       static {        try {             keygenerator generator = keygenerator.getinstance ( algorithm);             generator.init (new  SecureRandom (Key_str.getbytes ()));             key  = generator.generatekey ();             Generator = null;        } catch  (exception e)  {             throw new runtimeexception (e);         }    }    /**      *  des encryption      *      *  @param for STR  str     *  @return      */     Public static string getencryptstring (STRING STR)  {         base64encoder base64encoder = new base64encoder ();         try {             byte[] bytes = str.getbytes (CharsetName);             cipher&nbsP;cipher = cipher.getinstance (algorithm);             cipher.init (Cipher.encrypt_mode, key);             byte[] dofinal = cipher.dofinal (bytes);             return base64encoder.encode (dofinal);         } catch  (exception e)  {             throw new runtimeexception (e);         }    }         @Test      public void mytest () {    system.out.println (getEncryptString ("123"));     }         @Test     public  void mytest2 () { &Nbsp;  system.out.println (getdecryptstring ("21o/jnn9vxq="));    }      /**     *  des decryption for STR      *       *  @param  str     *  @return       */    public static string getdecryptstring (String  STR)  {        base64decoder base64decoder = new  base64decoder ();        try {             byte[] bytes = base64decoder.decodebuffer (str);             Cipher cipher =  Cipher.getinstance (algorithm);             Cipher.init (Cipher.decrypt_mode, key),             byte[] dofinal =  Cipher.dofinal (bytes);             return new  string (dofinal, charsetname);        } catch  ( Exception e)  {            throw new  runtimeexception (e);         }    }}

2. Build the Jdbc.properties configuration file and import (Commons-dbcp-1.4.jar,commons-pool-1.3.jar) the package

Dbname=mydriverclassname=com.mysql.jdbc.driverurl=jdbc:mysql://localhost:3306/${dbname} #userName =root#password =123456username=3z5s3vb5xng=//encrypted user name password=qcwanpdb718\=//password after encryption

3. Create a class to decrypt the configuration file

import org.springframework.beans.factory.config.propertyplaceholderconfigurer;public class  Encryptpropertyplaceholderconfigurer extendspropertyplaceholderconfigurer {private string[]  encryptPropNames = {  "userName",  "password"  }; @Override      Protected string convertproperty (String propertyname, string propertyvalue)  {         if  (Isencryptprop (PropertyName))  {             String decryptValue =  Desutils.getdecryptstring (PropertyValue);             //system.out.println (propertyname +  "decrypted content:"  + decryptvalue);             return decryptValue;         } else {            return propertyvalue;         }}/**     *  Determines whether the attribute is encrypted      *       *  @param  propertyname     * @ Return     */    private boolean isencryptprop (String  propertyname)  {        for  (string  Encryptpropertyname : encryptpropnames)  {             if  (Encryptpropertyname.equals (PropertyName))                  return true;         }        return false;    }}

4. Change the Spring Connection database operation

<!-- <bean id= "DataSource"  class= "Com.mchange.v2.c3p0.ComboPooledDataSource" >< Property name= "Driverclass"  value= "Com.mysql.jdbc.Driver" ></property><property name = "Jdbcurl"  value= "jdbc:mysql:///my" ></property><property name= "user"  value= "root" ></property><property name= "password"  value= "123" ></property></bean>  --> <!--3. Use the encrypted version of the properties file  -->    <bean class= " Com.spring.util.EncryptPropertyPlaceholderConfigurer "        p: location= "Classpath:jdbc.properties"  p:fileencoding= "Utf-8"  />     < Context:component-scan base-package= "com.spring.*"  />     <bean  Id= "DataSource"  class= "Org.apache.commons.dbcp.BasicDataSource"          destroy-method= "Close"  p:driverclasSname= "${driverclassname}"  p:url= "${url}"         p:username= "${ UserName} " p:password=" ${password} " />

The same simple operation for inserting database data encryption is:

public void regist (user user) {User.setpassword (desutils.getencryptstring (User.getpassword ())); This.gethibernatetemplate (). Save (user);

The above encryption is still a little rough, more secure measures, hope to communicate with you and I continue to learn to improve!

This article is from the "QB blog" blog, declined reprint!

Database password encryption of user login registration