摘要
越来越多的网站访问都需要进行身份认证,这对信息安全领域又提出了新的要求。为了解决HTTP协议的无状态性,提出了Cookie这一概念,Cookie是实现身份认证的主要手段之一,首先对身份认证技术及Cookie的特性进行研究,提出了基于Cookie的Web平台的身份认证机制。该认证机制主要分为两部分,用户名、密码初始登录身份认证和登录后的身份认证。初始登录身份认证使用MD5加盐加密算法以及给时间戳设定实效性的方法来提高该身份认证机制的安全性;登录后的认证采用PHP扩展库中的加密算法以及验证IP和User-Agent信息来提高认证机制的安全性。
More and more websites require authentication, which brings new requirements to the fieldof information security. In order to solve the stateless HTTP protocol, put forward the concept ofCookie, Cookie is one of the major means to realize identity authentication, this paper firstly characteristics of identity authentication technology and Cookie, the Cookie authentication mechanism basedon Web platform. The authentication mechanism is mainly divided into two parts, user name, password initial login, identity authentication and identity authentication after login. The initial logon authentication encryption algorithm using MD5 and time stamp to salt setting method to improve the effectiveness of the security authentication mechanism; login authentication using PHP extended encryption algorithm in the library and verify IP and UserAgent information to improve the security authentication mechanism.
出处
《江西科学》
2018年第1期141-144,共4页
Jiangxi Science
基金
国家自然科学基金项目(61772211)
广州城建职业学院重点课题研发计划项目(Z201607)
关键词
信息安全
COOKIE
身份认证
加密算法
information security
Cookie
identity authentication
encryption algorithm
