开发者

Restlet DigestAuthenticator hashed local secret

开发者 https://www.devze.com 2023-01-28 23:04 出处：网络

I am trying to use a DigestAuthenticator to secure some parts of an API I am creating using Restlet. In all of the examples, the DigestAuthenticator expects to wrap a LocalVerifier that will return th

相关专题：digest-authentication restlet

I am trying to use a DigestAuthenticator to secure some parts of an API I am creating using Restlet. In all of the examples, the DigestAuthenticator expects to wrap a LocalVerifier that will return the local secret in plain text. Obviously, I do not want to store all of my users' passwords in plain text. How can I use HTTP Digest with Restlet while not providing the local开发者_如何学运维 secret in plain text?

I have written a LocalVerifier that uses the identifer to query a db and retrieve a sha1'd password, but it doesn't work unless my Verifier returns the password in plain text.

Any ideas?

So basically I hashed all the passwords on the server side in the database, and I hashed the password on the client side before it was hashed by http digest. Seems like a more secure solution to me anyway.