在 MySQL 数据库中存储 MS SQL Server 凭据 [英] Storing MS SQL Server credentials in a MySQL Database
问题描述
我正在开发一个连接到用户 MSSQL 数据库以收集信息的网站.用户被分配到不同的 MSSQL 数据库帐户,并使用存储在 MySQL 数据库中的 IP、用户名和密码连接到它们.
I am developing a website that connects to a users MSSQL database to collect information. Users are assigned to different MSSQL database accounts and connect to them using the IP, username and password stored inside the MySQL DB.
目前,我所拥有的是 PHP AES 根据需要加密/解密密码.那似乎不太对.它可以防止您通过查看数据库来查看纯文本密码(这无疑是好的),但我并不认同它的安全级别.
Currently, what I've got is PHP the AES encrypts/decrypts the passwords as needed. That just doesn't seem right. It prevents you from seeing the plain text password by looking in the database (which is undeniably good) but I'm not sold on it's level of security.
如果您不再需要密码,哈希非常棒,但我确实需要.所以我真的不知道如何在网站的这个特定方面实施合理的安全级别.
Hashing is great and all if you never need the password again, but I do. So I don't really know how to go about implementing a reasonable level of security into this particular aspect of the site.
任何建议都会很棒.我是不是完全错了,是个白痴.有没有一种非常优越的方法来做到这一点?
Any suggestions would be great. Am I completely wrong and being an idiot. Is there a vastly superior way to do this?
推荐答案
显然,如果您将密码发送到 MS SQL,您将需要能够反转该值.我认为加密将是这里最正确的答案.无论哪种方式,您的代码仍然可以推断出此密码,否则您将无法连接.
Obviously if you are sending the password over to MS SQL, you are going to need to be able to reverse the value. I would think encryption would be the most correct answer here. Either way your code will still be able to extrapolate this password, otherwise you cannot connect.
如果您想提高安全性,您可以使用根据用户名计算出的校验和来进行加密……但是,如果用户名发生变化,您将需要解密并重新加密.这只会让可能知道您使用 AES 的其他人"更加困难.
If you would like to increase the security, you can seed your encryption with a checksum calculated from the user name... however, if the user name ever changes, you will need to decrypt and re-encrypt. This will only make it a bit tougher for "others" that may know you are using AES.
但是在一天结束时,您将始终能够知道密码是什么,因为您需要解密.在这种情况下,您能做的只有这么多,最好是每次需要时都要求用户提供密码.
But at the end of the day, you will always be able to know what the password is, since you need to decrypt. There is only so much you can do in this situation, the best would be to demand the password from the user every time it's needed.
这篇关于在 MySQL 数据库中存储 MS SQL Server 凭据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
