Article From:

Login Password and Security Password

When a user registers and generates a password, salt. salt is a random number in the database. When a secure password is generated, if a salt is regenerated, the login password is abolished. It is useless.

Solution 1: Salt is fixed. There will be security problems. Easy to crack.

Solution 2: Change the way of generating salt for secure password. Problem: It is impossible to achieve the same requirement for secure password and login password.

Solution: Add a new security password salt in the database. Problem: When verifying whether the login password is the same as the security password, use the salt of the security password. When verifying whether the security password is the same as the login password, use the salt of the login password.


Empty token problem

When changing the password, call other projects to empty the token interface. Do this in service. Ensure the atomicity of the transaction. If the call to other projects interface fails,

All operations are rolled back. If done at the controller layer, transaction atomicity cannot be guaranteed.

Leave a Reply

Your email address will not be published. Required fields are marked *