英文:
Login architechture for a local java desktop application
问题
嗨,
我正在尝试编写我的第一个简单的本地桌面应用程序,具有登录功能。应支持具有不同访问权限的不同类型的用户。我已经设法创建了在程序的简单版本中运作的东西,但在多个层面上都感觉有缺陷。我只是不知道我在整个应用程序的结构方面是否走在正确的轨道上。我对安全性也非常不确定。
这是我目前的实现(仅涉及登录的类/方法):
问题:
有人对如何实现这种类型的系统有什么建议吗?或者有没有什么地方可以让我更多地了解如何以有意义的方式构建应用程序的结构?我已经学习了许多设计模式和面向对象的原则,但在实际应用中很难应用它们。
注意:
如果上下文有关,该应用程序是一个虚构的计算机商店,允许管理员向库存中添加不同类型的计算机部件。客户可以搜索和筛选这些零件,并创建自己的配置。然后客户可以订购该配置。
英文:
Hi,<br />
I am trying to write my first simple local desktop application with login capabilities. There should be support for different types of users with different access rights. I have managed to come up with something that works in a simple version of the program, however, it feels flawed on several levels. I simply don't know if I am on the right track with the structure of the entire application. I am also very uncertain about security.
Here is my current implementation (only the login specific classes/methods):
Question:<br />
Does anyone have recommendations for how to implement this kind of system? Or is there somewhere I can learn more about how to structure an application in a way that makes sense? I have been learning a lot of design patterns and OOB principals, but I have a hard time applying them in a real application.
NB:
If context matters, the application is a fictional computer store that lets administrators add different types of computer components to an inventory. Customers can search and filter through these parts and create their own configuration. Customers can then order that configuration.
答案1
得分: 1
密码功能的意义何在?如果运行在某个由某个用户控制而不是您控制的机器上,他们肯定会有权限访问。对于这一点,您无能为力。
一般来说,对于完全在本地运行的应用程序,可以利用操作系统本身;将数据存储在用户的主目录中,并确保文件的访问权限设置得使其他(非管理员)用户无法读取。其他管理员用户呢?嗯,他们就是管理员用户。如果他们想要读取,他们可以读取,这是这类用户的目的。您无法阻止他们这样做。如果您将每个用户的相关数据存储在只有他们可以读取的文件中,根本不需要用户名/密码提示;他们的“登录”就是他们的本地用户名,而他们的“身份验证”是固有的。简单明了。
唯一有可能有意义的用户/密码设置场景是,如果应用程序由管理员启动,并以锁定模式启动,在此模式下,操作键盘和鼠标的人无法接触系统的机箱,也无法关闭应用程序。例如,ATM的工作方式就是这样:它们只是Windows机器,其中“键盘”只是一个数字键盘,鼠标和计算机系统本身被锁在一堆砖和金属中。如果您这样做,请确保使用适当的密码安全措施;不要存储密码,而是存储其bcrypt/pbkdf/argon2/scrypt哈希。这样,如果有人获取了该文件,您的应用程序可能会受损,但至少如果该用户在其他站点上重复使用密码(用户经常这样做),黑客也无法获取这些密码。
我假设您没有采取这种措施,这就让我们回到了最初的问题:您想通过密码实现什么目标呢?
英文:
What's the point of the password feature? If it runs on a machine that is under the control of some user and not under yours, they will have access. There's nothing you can do about this.
Generally, for apps that run entirely locally, piggyback on the OS itself; store the data in the user's home dir and make sure the file's access rights are such that other (non-admin) users can't read it. Other admin users? Well, they are admin users. If they wanna read it, they can, that's sort of the point of such users. You can't stop them from doing this. If you store the relevant data per user in a file that only they can read, there's no need for a username/password prompt at all; their 'login' is their local username, and their 'authentication' is inherent. Simple.
The one time where a user/pass setup MIGHT make sense is if the app is started by an administrator and is started in a locked down mode, where the one operating the keyboard and mouse cannot get at the case of the system and cannot close the app at all. That's for example how an ATM works: Those are just windows machines, where the 'keyboard' is just a numpad, and the mouse and the computer system itself are locked away in a bunch of brick and metal. If you do this, make sure you apply proper password hygiene; don't store it, store its bcrypt/pbkdf/argon2/scrypt hash instead. That way if someone gets at that file, your app is hosed but at least if that user re-used their passwords on other sites (which users do, in spades), the hack won't expose that too.
I assume you don't have that, which brings us back to: What are you attempting to accomplish with the password?
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论