发表新帖
发表新帖

How to separate a person's identity from his personal data?

前端 未结
关注
7 1923
挽巷
挽巷 2021-02-09 16:56

I\'m writing an app which main purpose is to keep list of users purchases.

I would like to ensure that even I as a developer (or anyone with full access to the database)

7条回答
  • 佛祖请我去吃肉
    佛祖请我去吃肉 (楼主)
    2021-02-09 17:09

    Actually, there's a way you could possibly do what you're talking about...

    You could have the user type his name and password into a form that runs a purely client-side script which generates a hash based on the name and pw. That hash is used as a unique id for the user, and is sent to the server. This way the server only knows the user by hash, not by name.

    For this to work, though, the hash would have to be different from the normal password hash, and the user would be required to enter their name / password an additional time before the server would have any 'memory' of what that person bought.

    The server could remember what the person bought for the duration of their session and then 'forget', because the database would contain no link between the user accounts and the sensitive info.

    edit

    In response to those who say hashing on the client is a security risk: It's not if you do it right. It should be assumed that a hash algorithm is known or knowable. To say otherwise amounts to "security through obscurity." Hashing doesn't involve any private keys, and dynamic hashes could be used to prevent tampering.

    For example, you take a hash generator like this:

    http://baagoe.com/en/RandomMusings/javascript/Mash.js

    // From http://baagoe.com/en/RandomMusings/javascript/
// Johannes Baagoe , 2010
function Mash() {
  var n = 0xefc8249d;

  var mash = function(data) {
    data = data.toString();
    for (var i = 0; i < data.length; i++) {
      n += data.charCodeAt(i);
      var h = 0.02519603282416938 * n;
      n = h >>> 0;
      h -= n;
      h *= n;
      n = h >>> 0;
      h -= n;
      n += h * 0x100000000; // 2^32
    }
    return (n >>> 0) * 2.3283064365386963e-10; // 2^-32
  };

  mash.version = 'Mash 0.9';
  return mash;
}

    See how n changes, each time you hash a string you get something different.

    • Hash the username+password using a normal hash algo. This will be the same as the key of the 'secret' table in the database, but will match nothing else in the database.
    • Append the hashed pass to the username and hash it with the above algorithm.
    • Base-16 encode var n and append it in the original hash with a delimiter character.

    This will create a unique hash (will be different each time) which can be checked by the system against each column in the database. The system can be set up be allow a particular unique hash only once (say, once a year), preventing MITM attacks, and none of the user's information is passed across the wire. Unless I'm missing something, there is nothing insecure about this.

    0 讨论(0)
 看不清?
提交回复
热议问题