【发布时间】:2013-02-19 09:37:11
【问题描述】:
我正在使用 Mojolicious Web 框架构建一个小型站点。我的目标是强大的安全性。第一步是保护登录信息,主要是用户名和密码。我想实现这篇帖子Username, Password, Salting, Encrypting, Hash - How does it all work? 的提问者给出的逻辑。用户名和密码在通过互联网发送到 Mojolicious 网络服务器之前,必须至少在用户的浏览器中进行加盐和哈希处理。我认为最好的方法是使用嵌入式 perl 来操作表单值,然后重新分配它们,这样当按下“提交”按钮时,只有加盐和散列的用户名,在控制器内部接收密码:mojolicious 中的逻辑就像(复制来自 Mojolicious 网站。MyUsers.pm 处理服务器上的登录验证,我将对其进行调整以处理加盐和散列字符串。)
#!/usr/bin/env perl
use Mojolicious::Lite;
use lib 'lib';
use MyUsers;
# Helper to lazy initialize and store our model object
helper users => sub { state $users = MyUsers->new };
# /?user=sri&pass=secr3t
any '/' => sub {
my $self = shift;
$self->render('login');
};
any '/' => sub {
my $self = shift;
$self->render('login');
};
any 'check_login' => sub {
my $self = shift;
# Query parameters
my $user = $self->param('user') || '';
my $pass = $self->param('pass') || '';
# Check password
return $self->render(text => "Welcome $user.")
if $self->users->check($user, $pass);
# Failed
$self->render(text => 'Wrong username or password.');
};
app->start;
__DATA__
@@ login.html.ep
% title 'Login Page.';
<form name="input" action="check_login" method="post">
User: <input type="text" name="user"><div>
Pass: <input type="password" name="pass"><div>
<!-- DO SOMETHING HERE to salt and hash $user and $pass before post -->
<input type="submit" value="Submit">
</form>
【问题讨论】:
标签: perl mojolicious