问题描述
我正在为Web应用程序的安全系统-管理员部分工作.如果一位管理员想要对应用程序进行一些重要的更改,他将需要回答一个安全问题.
I'm working to a security system for a web application - admin section. If one admin want to make some important changes in application he will need to a answer to a security question.
我的问题是:这个问题的答案应该在数据库中散列吗?
My question is: the answer to this question should be hashed in database?
此外,我正在考虑让管理员可以更改他们的问题/答案,但是管理员可以做到这一点,即使他使用密码确认自己的身份.这是个好方法吗?
Also, I'm thinking to give to the administrators posibility to change their question/answer but admin could do this just if he confirm his identity using password. Is this a good approach?
推荐答案
哈希是一个好主意.由于除了原始用户之外,没有人真正需要了解它,因此最好不要仅仅撬开眼睛就可以保留更多的秘密"信息.
Hashing it is a great idea, in my opinion. As no one really needs to know it other then the original user, so better to keep that more of a "Secret" from just prying eyes.
就更改密码的能力而言,这也是一个好主意,要求他/她输入密码进行更改是另一种很好的安全性方法.
As far as the ability to change it, that is a great idea as well, and requiring him/her to enter their password to change it is another good security approach.
我认为您的思路正确.
I think you are on the right track with your thinking.
这篇关于是否应该对安全问题答案进行哈希处理?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!