Topic: Jute是如何生成登陆时校验用的安全码的? |
 Print this page
|
| 1.Jute是如何生成登陆时校验用的安全码的? | Copy to clipboard |
|
Posted by: rainman Posted on: 2002-11-27 01:22 跨平台运行,不需要额外资源,速度快,不占服务器空间。 下面就解释一下算法: 1. 首先用户选择登录的时候,会在session里存一个临时生成的乱数(当然字符也行啊,中文都可以,不过用户还是输入数字最方便。注意到jute的session是不占服务器资源的哦(Jute新发明之一) 2.然后将乱数的加密串传递给另一个程序(专门根据加密串生成图片),将乱数显示成图片给用户看; 用户点击登陆后,服务器会将输入的code和session里的code对比。 3.code过期时间,每个临时生成的乱数只能用90s(可调),这样即方便用户登陆,如果输错密码,可以倒退再来过,有过期时间也不能被机器人来利用。 4.事实上,即使代码被反编译,看了算法也不能破解这个登录安全码。 5.另外,jute的算法并不会生成一大堆图片文件,大家看到xxxxxxxxxxxxxxxxxx.gif事实上只是一个假象啦,如果每个jute都生成一堆图片,即使定时清理,对服务器的消耗也是很大的。Jute可是非常爱惜服务器的。 | |
| 2.Re:Jute是如何生成登陆时校验用的安全码的? [Re: rainman] | Copy to clipboard |
|
Posted by: SimonLei Posted on: 2002-11-27 08:08 Jute的session不占用服务器资源这个怎么讲?Thanks. | |
| 3.Re:Jute是如何生成登陆时校验用的安全码的? [Re: SimonLei] | Copy to clipboard |
|
Posted by: SimonLei Posted on: 2002-11-27 08:10 SimonLei wrote: 明白了,你是指放在cookie当中,所以生成的这个乱数不占用服务器资源。呵呵 | |
| 4.呵呵,差不多哦 [Re: SimonLei] | Copy to clipboard |
|
Posted by: rainman Posted on: 2002-11-27 08:52 cookie的值是加密的,修改一个字符都不行。 | |
| 5.cool [Re: rainman] | Copy to clipboard |
|
Posted by: via Posted on: 2002-11-27 11:00 很好的创意! | |
| 6.我也看看第二条 [Re: rainman] | Copy to clipboard |
|
Posted by: 九佰 Posted on: 2002-11-27 11:06 | |
| 7.Re:Jute是如何生成登陆时校验用的安全码的? [Re: rainman] | Copy to clipboard |
|
Posted by: netboy Posted on: 2002-11-27 17:02 我也要看看。 | |
| 8.不错 [Re: rainman] | Copy to clipboard |
|
Posted by: s2s Posted on: 2002-11-27 17:58 nice idea。我也做了一个 perl 的。不过是生成临时图片文件的,图片本身也有时效性。login 页面不会被频繁使用,图片文件也很小,用 cronjob 清理过期的图片对服务器的消耗可以忽略不计的。 哈,发贴了才看得隐藏的东东。 perl 跟 java 不一样,实现的方式不一样但意思一样的。 | |
| 9.Re:Jute是如何生成登陆时校验用的安全码的? [Re: rainman] | Copy to clipboard |
|
Posted by: neosun Posted on: 2002-11-27 18:17 q1q | |
| 10.偶也要看 [Re: SimonLei] | Copy to clipboard |
|
Posted by: snowbug Posted on: 2002-11-27 22:26 | |
| 11.Re:不错 [Re: s2s] | Copy to clipboard |
|
Posted by: rainman Posted on: 2002-11-27 22:31 生成临时图片也不错啊,不过这样生成图片得在login页面出来前哦。偶这种方法是并行的。偶就是不太喜欢一堆文件啊,crond执行的权限有些用户没有,不过可以做在登录程序里,1个小时清理一次。嗯,用Perl,PHP得加装GD模块吧?另外ImageMagick也很好啊,不需要X-windows启动就支持,都支持perl,java。不过偶没有采用,因为我首先要求解决方案必须是pure java的。 | |
| 12.Re:Jute是如何生成登陆时校验用的安全码的? [Re: rainman] | Copy to clipboard |
|
Posted by: javait Posted on: 2002-11-28 06:39 kan 1 kan | |
| 13.Re:Jute是如何生成登陆时校验用的安全码的? [Re:rainman] [Re: rainman] | Copy to clipboard |
|
Posted by: snobi Posted on: 2002-12-03 10:34 看看 | |
| 14.Re:Jute是如何生成登陆时校验用的安全码的? [Re: rainman] | Copy to clipboard |
|
Posted by: qqcat Posted on: 2002-12-04 22:39 很好的创意,可惜我看不到。 | |
| 15.xxxxxxxxxxx.gif [Re: qqcat] | Copy to clipboard |
|
Posted by: via Posted on: 2002-12-05 10:02 5.另外,jute的算法并不会生成一大堆图片文件,大家看到xxxxxxxxxxxxxxxxxx.gif事实上只是一个假象啦,如果每个jute都生成一堆图片,即使定时清理,对服务器的消耗也是很大的。Jute可是非常爱惜服务器的。 --xxxxxxxxxxx.gif是怎么实现的? 能说一下思路吗 | |
| 16.Re:xxxxxxxxxxx.gif [Re: via] | Copy to clipboard |
|
Posted by: rainman Posted on: 2002-12-05 10:04 用pathinfo读点号前的数啊,那些数是有含义的。 | |
| 17.lll [Re: rainman] | Copy to clipboard |
|
Posted by: sarkara Posted on: 2002-12-05 10:20 ll | |
| 18.Re:Jute是如何生成登陆时校验用的安全码的? [Re: rainman] | Copy to clipboard |
|
Posted by: enoch Posted on: 2002-12-05 12:34 学习 | |
| 19.see [Re: rainman] | Copy to clipboard |
|
Posted by: mx0122 Posted on: 2002-12-05 13:35 | |
| 20.kk? [Re: rainman] | Copy to clipboard |
|
Posted by: shyguy Posted on: 2002-12-09 16:55 kankan | |
| 21.kk [Re: rainman] | Copy to clipboard |
|
Posted by: floater Posted on: 2002-12-09 23:38 | |
| 22.look [Re: rainman] | Copy to clipboard |
|
Posted by: libinbin Posted on: 2002-12-10 15:19 look | |
| 23.Re:Jute是如何生成登陆时校验用的安全码的? [Re: rainman] | Copy to clipboard |
|
Posted by: morchory Posted on: 2002-12-11 02:18 kan e kan | |
| 24.look [Re: rainman] | Copy to clipboard |
|
Posted by: ryanzhou Posted on: 2002-12-11 08:37 look | |
| 25.let me see [Re: rainman] | Copy to clipboard |
|
Posted by: mleeee Posted on: 2002-12-11 10:06 | |
| 26.Re:Jute是如何生成登陆时校验用的安全码的? [Re: rainman] | Copy to clipboard |
|
Posted by: skyknight Posted on: 2002-12-16 11:01 see | |
| 27.see [Re: rainman] | Copy to clipboard |
|
Posted by: menzy Posted on: 2002-12-16 13:29 good | |
| 28.Re:rainman [Re: rainman] | Copy to clipboard |
|
Posted by: mild7 Posted on: 2002-12-18 19:46 看看。 | |
| 29.Re:Jute是如何生成登陆时校验用的安全码的? [Re: rainman] | Copy to clipboard |
|
Posted by: xyeon Posted on: 2002-12-19 12:46 hide? | |
| 30.偶要看 [Re: rainman] | Copy to clipboard |
|
Posted by: 绿颖 Posted on: 2002-12-20 09:04 偶要看 | |
| 31.ReRERe(老说标题不够长) [Re: rainman] | Copy to clipboard |
|
Posted by: yadan Posted on: 2002-12-24 19:56 看看先。 | |
| 32.let me [Re: rainman] | Copy to clipboard |
|
Posted by: caxls Posted on: 2002-12-27 16:30 kan kan | |
| 33.Re:xxxxxxxxxxx.gif [Re:via] [Re: rainman] | Copy to clipboard |
|
Posted by: cex Posted on: 2002-12-27 19:05 see | |
| 34.look [Re: rainman] | Copy to clipboard |
|
Posted by: payaqa Posted on: 2002-12-27 23:50 look | |
| 35.Re:Jute是如何生成登陆时校验用的安全码的? [Re: rainman] | Copy to clipboard |
|
Posted by: seaboy Posted on: 2002-12-29 16:12 kan kan | |
| 36.hghghgj [Re: rainman] | Copy to clipboard |
|
Posted by: atom Posted on: 2003-01-06 02:08 nmgvouyfkgfkh | |
| 37.Re:Jute是如何生成登陆时校验用的安全码的? [Re: rainman] | Copy to clipboard |
|
Posted by: beeke Posted on: 2003-01-09 13:31 try | |
| 38.Re:Jute是如何生成登陆时校验用的安全码的? [Re: rainman] | Copy to clipboard |
|
Posted by: sztony Posted on: 2003-01-14 01:43 
| |
| 39.Re:Jute是如何生成登陆时校验用的安全码的? [Re: rainman] | Copy to clipboard |
|
Posted by: t123 Posted on: 2003-01-20 08:17 d | |
| 40.Re:Jute是如何生成登陆时校验用的安全码的? [Re: rainman] | Copy to clipboard |
|
Posted by: whisperwind Posted on: 2003-01-24 11:16 good idea | |
| 41.Re:Jute是如何生成登陆时校验用的安全码的? [Re: rainman] | Copy to clipboard |
|
Posted by: gnome Posted on: 2003-02-20 21:43 郁闷啊,要发多少帖子才能得到这一点积分啊 
| |
| 42.Re:Jute是如何生成登陆时校验用的安全码的? [Re: gnome] | Copy to clipboard |
|
Posted by: gnome Posted on: 2003-02-20 21:49 cookie的值是用什么方式加密的?呵呵,如果搞到你的源码,是不是有可能破解cookie的加密呢? | |
| 43.Re:Jute是如何生成登陆时校验用的安全码的? [Re: gnome] | Copy to clipboard |
|
Posted by: rainman Posted on: 2003-02-21 01:55 不可以啦,反编译源代码也不行。 | |
 |
Powered by Jute Powerful Forum® Version Jute 1.5.6 Ent Copyright © 2002-2021 Cjsdn Team. All Righits Reserved. 闽ICP备05005120号-1 客服电话 18559299278 客服信箱 714923@qq.com 客服QQ 714923 |