Design:
I want to give a general authentication design long time ago.
Now I just sit down and do it.
As dipicted above, we only concern two aspects for security:
- Network transmission
- storage on server side
1.Network transmission
The best way is alway using SSL.
Asymmetric encryption is another choice.
1) Every time user needs to login, server generates privateKey and publickey pair and sends the publicKey to client.
2) Client encrypts sensitive data and send the encrypted data to server.
2.storage on server side
1) decrypt the sensitive data to get the original data (don't record the orignal data)
2) use some hash functions to encrypt the sensitive data,such as sha1.
For example:
- sha(salt$password+secret)
- md5(md5(password)+salt))
- sha1(md5(pass)+userID+siteConfigSecret)
- salt$base64(sha1(pwd))
- hash255+salt
3) storage the encrypted data
Now even the db administrator can't get the orignal sentive data.
By the way, what should we do if user forgets the password.
1) server generates a token associated with the uid. then send it to user's email such as: http://xxx.com/?reset=xxxxxxxxxxxxxx
2) user clicks the link and is redirected to the reset page.
Impliment:
1.For Network transmission
1) SSL
Pending....
2) Asymmetric encryption
Pending...
2.storage on server side
Pending....
some of References:
http://www.iamcal.com/publish/articles/security/authentication/
http://www.cnblogs.com/guogangj/archive/2012/03/05/2381117.html