如何在SQL Server中将数据库中的密码显示为机密 [英] How to display the password in database as confidential in SQL server

问题描述

在我的应用程序中，我有更改密码选项，当用户点击更改密码时，他需要给他的旧密码新密码并确认密码。我能够这样做，但如果我在数据库中的密码字段中给ramya @ 123密码保存为ramya @ 123而不是我需要使用一些数字和字母表来显示一些未知格式，当我执行它时，我需要查看我给出的实际密码。我可以这样做。目前我的密码是varchar



我尝试过：



i无法找到任何来源

解决方案

Quote：

我需要查看我给出的实际密码

不，你没有。



你应该存储密码的盐渍哈希，使用一个独特的盐每条记录。当您需要验证它时，检索盐，将其与用户输入的密码相结合，应用您在创建记录时使用的相同哈希算法，并将结果与​​保存的密码哈希值进行比较。



您从不需要查看用户的密码。如果他们忘记密码，你只需重置密码。



安全密码身份验证简单解释 [ ^ ]

Salted Password哈希 - 正确行事 [ ^

In my application i have change password option and when user clicks change password he need to give his old password new password and confirm password.I am able to do this but if i give ramya@123 in the password field in database the password gets saved as ramya@123 instead i need to diplay some unknown format with some numbers and alphabets and wheni execute it i need to view the actual password that i had given.how can i do this.currently my password is varchar

What I have tried:

i could not find any source for doing this

解决方案

Quote:

i need to view the actual password that i had given

No, you don't.

You should be storing a salted hash of the password, using a unique salt for each record. When you need to verify it, you retrieve the salt, combine it with the password the user has entered, apply the same hashing algorithm that you used when you created the record, and compare the result to the saved password hash.

You NEVER need to view the user's password. If they forget their password, you just reset it.

Secure Password Authentication Explained Simply[^]
Salted Password Hashing - Doing it Right[^]

这篇关于如何在SQL Server中将数据库中的密码显示为机密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！