维护用户登录和信息的安全数据库?
我想在我正在构建的慈善网站上有一个登录表单(这是为了朋友,我正在旅途中学习),并且我想知道我应该学习哪些语言/软件来构建用于用户登录和信息的数据库?注意:对于具有中等编程经验的人来说,它必须是安全的并且相对简单易学。
更新:我知道 CMS 提供了很好的登录工具等,但我想自己完成这一切。
I want to have a login form on a charity website I am building (it's for a friend, and I'm learning on the go), and I want to know what languages/software should I learn to build databases for user logins and info? Note: it HAS to be secure and relatively simple to learn for someone with moderate programming experience.
Update: I understand that CMSs offer good tools for logins etc. but I want to do this all by myself.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您可以做的最简单的事情是在将密码输入数据库之前对其进行哈希处理并应用盐。 “邪恶的跳蚤”在另一个问题中有一个很好的答案这里。
您是否考虑过购买现成的 CMS?大多数像样的 CMS 应该包含一个简单的慈善网站所需的所有功能。它还将为您的登录表单问题提供可靠的解决方案。
编辑
至于使用什么语言。只要您对此感到满意并愿意投入时间和精力,这实际上并不是很重要。它在您的个人资料中表明您希望学习 PHP。看起来用 PHP 编写登录表单将是一个很好的起点。至于数据库后端。再说一次,这并不重要。只是请不要使用 MS Access。大多数 PHP 开发人员(假设)似乎都使用 MySQL,因为它通常包含在 PHP Web 主机中。
关于安全性,散列和向密码添加盐是您可以做的最简单的事情。您可以执行以下操作:
一旦用户需要登录,您可以执行类似以下操作:
最后,切勿以纯文本形式通过电子邮件向用户发送密码。如果用户忘记了密码,只需允许他们创建一个新密码即可。您可以通过在用户的电子邮件中向用户发送一个链接来完成此操作,这将使他们能够执行此操作。
老实说,您最好的选择可能是完成此任务并用您的代码回发(新问题)。从那里我们可以分析它并从那里获取它。
类似的东西应该满足您的要求。
The simplest thing you could do is hash and apply a salt to your passwords before entering them into the database. "The Wicked Flea" has a pretty good answer in another question here.
Have you thought about grabbing an off the shelf CMS? Most decent CMS's should contain all the functionality you need for a simple charity website. It would also give you a solid solution to your login form issue.
EDIT
As for what language to use. It really isn't very important so long as you are comfortable with it and willing to put time and effort. It shows in your profile that you're looking to learn PHP. Looks like writing a login form in PHP would be a nice starting point. As for a database back end. Again, it doesn't really matter. Just please just do not use MS Access. Most PHP developers (assuming) seem to use MySQL since it's usually what is included with a PHP web host.
About security, hashing and adding a salt to your password is about the easiest thing you can do. You could do something like this:
Once the user needs to log in, you can do something similar to:
Lastly, never email your user their password in plain text. If the user forgets their password, simply allow them to create a new password. You can do this by sending the user a link in their email which will give them the ability to do so.
Honestly, your best bet is probably to complete this task and post back (new question) on SO with your code. From there we can analyze it and take it from there.
Something along those lines should fulfill your requirements.