V2EX = way to explore V2EX 是一个关于分享和探索的地方
Sign Up Now For Existing Member Sign In
NGINX NGINX Trac 3rd Party Modules Security Advisories CHANGES OpenResty ngx_lua Tengine 在线学习资源 NGINX 开发从入门到精通 NGINX Modules ngx_echo
This topic created in 2164 days ago, the information mentioned may be changed or developed.
nginx 的 ngx_http_auth_basic_module 模块,校验密码一般是通过 apr1 算法( MD5 迭代 1000 )实现的吧,不安全。 我们自己 web 服务校验是使用 pbkdf2 算法,但是使用的某些开源组件需要走 nginx 进行 basic 认证。 想问下有没有现成的插件实现了更安全的算法,还是有其他更好的方案做密码校验?
 | 1 johnniang May 27, 2020 via Android htpasswd |
 | 3 0ZXYDDu796nVCFxq May 27, 2020 via Android |
 | 4 Xusually May 27, 2020 怎么可能不支持? http://nginx.org/en/docs/http/ngx_http_auth_basic_module.html The following password types are supported: encrypted with the crypt() function; can be generated using the “htpasswd” utility from the Apache HTTP Server distribution or the “openssl passwd” command; hashed with the Apache variant of the MD5-based password algorithm (apr1); can be generated with the same tools; specified by the “{scheme}data” syntax (1.0.3+) as described in RFC 2307; currently implemented schemes include PLAIN (an example one, should not be used), SHA (1.3.13) (plain SHA-1 hashing, should not be used) and SSHA (salted SHA-1 hashing, used by some software packages, notably OpenLDAP and Dovecot). |
 | 5 nuk May 28, 2020 不是有 PAM 模块 |
 | 6 Weixk OP |
 | 7 pmispig May 28, 2020 用 openresty,你想用什么加密方式都可以。。 |
Select Language