如何加密SQL Server数据库中的数据 [英] How to encrypt data in an sql server database

问题描述

嗨
我有一个具有表单emloyeDetails的winform，该表单将员工信息(例如姓名，用户名和密码)保存到数据库中.现在我想对密码列进行加密，以便对其进行保护.有人可以告诉我如何执行此操作.同样也需要加密用户名列.
感谢您的帮助.

Hi
i have a winform that has a form emloyeDetails, The form save the employee information say Name, username and password to the database. Now i want to encrypt the password column so it can be secured.can someone show me how to do this. And also is it necesary to encrypt the username column as well.
Thanks for help

推荐答案

加密密码不会使其安全.如果您可以解密密码，那么有人可以用相同的方式进行加密，对吗?

最常见的做法是:永远不要存储任何密码.绝对不需要身份验证.您认为不是吗?然后再想一想.没有线索?继续阅读.

您需要要求用户创建一个密码，计算该密码的密码散列函数并将其存储.当用户尝试进行身份验证时，您将执行相同的功能，然后将哈希与哈希进行比较.这样，无论此人具有何种许可级别，其他任何人(用户除外)都无法找到密码，这是基于密码的系统的最重要要求之一.而且，从根本上讲，这是可能的，因为加密哈希函数是一种单向函数:倒置不可行.

请参阅:
http://en.wikipedia.org/wiki/Cryptographic_hash_function [ http://en.wikipedia.org/wiki/SHA2 [ http://en.wikipedia.org/wiki/SHA1 [ http://en.wikipedia.org/wiki/MD5 [ http://msdn.microsoft.com/en-us/library/system. security.cryptography.hashalgorithm.aspx [ ^ ].

祝你好运，

-SA

Encrypting passwords would not make them secure. If you can decrypt a password, someone can do it in the same way, right?

The most usual practice is: never store any passwords. It is absolutely not needed for authentication. You think it is not so? Then think again. No clue? Keep reading.

You need to ask a user to create a password, calculate a cryptographic hash function of it and store it. When a user tries to authenticate, you perform the same function and then compare hash with hash. This way, nobody else (except the user) cannot find out the password, no matter what level of permission this person has, which is one of the most important requirements to password-based systems. And, fundamentally, this is possible because the cryptographic hash function is a one-way function: it is infeasible to invert.

Please see:
http://en.wikipedia.org/wiki/Cryptographic_hash_function[^],
http://en.wikipedia.org/wiki/SHA2[^] (one of the functions to be used),
http://en.wikipedia.org/wiki/SHA1[^] (should not be used: unsafe for cryptography),
http://en.wikipedia.org/wiki/MD5[^] (should not be used: unsafe for cryptography).

With C#, you have good set of functions already implemented for you. Please see:
http://msdn.microsoft.com/en-us/library/system.security.cryptography.hashalgorithm.aspx[^].

Good luck,

—SA

在此处，要进行列加密，请遵循:

Here, for column encryption, follow it: MSDN: How to: Encrypt a Column of Data[^]

But, the usual practice is to store a hash of the password in database.
Like:

HASHBYTES('SHA1', convert(varbinary(32), @password))

无论何时需要，都可以将其与哈希进行比较，然后可以验证密码是否匹配.这样，您自己也不知道密码.
使用此方法，即使黑客获得了对数据库的完全访问权限，他仍然不知道密码.

Whenever you need, compare with a hash and you can verify if the password matches. This way, you yourself also don''t know the password.
Using this, even if a hacker gains complete access to your database, he still does not know the passwords.

这篇关于如何加密SQL Server数据库中的数据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！