如何加密mysql数据库中的列并使用C＃代码进一步解密它。 [英] how to encrypt a column in mysql database and further decrypt it using C# code.

问题描述

我有MySql数据库，想要加密'users'表的'password'列，这样如果有人进入数据库，那么他就看不到了。我正在尝试这样做但是不能成功。

我在查询中所做的是。

I have MySql database and want to encrypt the 'password' column of 'users' table, so that if any one enters to database it is not visible to him.I am trying to do it but could not succeed.
What i am doing in query is.

insert into users(id,password) values('09678M',AES_ENCRYPT('secretkey'));

但它返回：无法执行查询我在哪里犯错误。



请指导我正确的语法。



谢谢。

but it returns:The query could not be executed Where i am making mistakes.

Please guide me the correct syntax.

Thanks.

推荐答案

除了解决方案1和2：



用于密码存储和身份验证的哈希函数应该是加密哈希函数： http://en.wikipedia.org/wiki/Cryptographic_hash_function [ ^ ]。



实现是随时可用，附带.NET Framework FCL。请查看我过去的答案：

我已经加密了密码但是当我登录时给出了我错了。如何解密 [ ^ ] ，

解密加密密码 [ ^ ]，

存储密码值int sql server with secure方式 [ ^ ]，

使用用户名和密码进行TCP连接 [ ^ ]。

-SA

In addition to Solution 1 and 2:

The hash function you use for password storage and authentication should be cryptographic hash function: http://en.wikipedia.org/wiki/Cryptographic_hash_function[^].

The implementations are readily available, come with .NET Framework FCL. Please see my past answers:
i already encrypt my password but when i log in it gives me an error. how can decrypte it[^],
Decryption of Encrypted Password[^],
storing password value int sql server with secure way[^],
TCP Connection with username and password[^].

—SA

首先尝试实现此方法的方法是错误的。永远不要以纯文本或加密格式存储密码。



正确的方法是存储密码的哈希值。也就是说，尝试使用SHA256之类的单向加密哈希函数从密码生成哈希值，将其存储在数据库中。您还应该使用salt.See this link：初学者指南以安全的方式存储密码 [ ^ ]



每当用户尝试登录时，使用相同的算法从输入的密码生成哈希值将其与存储的进行比较。所以现在，你正在比较哈希到哈希，而不是密码到密码。

The way you are trying to implement this is wrong at first place. Never ever store password either in plain text or in encrypted format.

The correct way is to store hash of the password. That is,try using one way cryptographic hash function like SHA256 to generate hash from password,store it in database. You should also use salt.See this link : Beginners guide to a secure way of storing passwords[^]

Whenever user tries to login,generate hash from the entered password using the same algorithm and compare it with stored one. So now,your are comparing hash to hash,not password to password.

AES_ENCRYPT should be like
<pre>insert into users(id,password) values('09678M',AES_ENCRYPT('actualpassword','secretkeyusedtoencrytp'));</pre>

但Rohan是正确的，sha256是问题太快哈希算法，但它仍然比AES或纯文本更好。

But Rohan is correct, sha256 is prob too fast hash algorithm but it is still better then AES or plain text.

这篇关于如何加密mysql数据库中的列并使用C＃代码进一步解密它。的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！