I'm currently implementing a WebDAV FileBrowser (Backend is based on FlySystem) in a web page. Everything works but I'm not quite sure how to properly store the credentials of the users in the database (the goal is that the user only has to login on the portal (based on OpenID Connect, which isn't supported by our WebDAV solution)).
Storing them in plaintext is obviously no solution and storing them as an MD5 hash and using Digest Authentication doesn't work because of the nonce.
Any ideas?
分享 You can and should store the a1md5 factor from the digest spec. This is a very secure form of hashing, and is compatible with Digest auth.
For java code that does this see Milton webdav's DigestGenerator, where you would use the encodePasswordInA1Format method:
public String encodePasswordInA1Format( String username, String realm, String password ) {
String a1 = username + ":" + realm + ":" + password;
String a1Md5 = DigestUtils.md5Hex( a1 );
return a1Md5;
}
