以安全的方式存储密码值int sql server [英] storing password value int sql server with secure way

问题描述

hai朋友
我想以安全的方式将密码存储在sql服务器中.另外，我还需要将此密码与用户登录名进行比较以进行身份​​验证.请帮助我
谢谢

hai friends
i want to store password in sql server with secure way.and also i need to compare this password with user login for authentication.please help me
thank you

推荐答案

这不是一件容易的事，有很多注意事项.我建议阅读以下文章，以帮助您决定如何存储密码.它不是我的文章，而是我发现非常有用的文章！

http://throwingfire.com/storing-passwords-securely/ [

This is not a simple thing to do, there are many considerations. I recommend reading the following article to help you decide how you want to store your passwords. Its not my article, but one that I have found very useful!

http://throwingfire.com/storing-passwords-securely/[^]

Hogan

不，您不需要存储密码.没有安全方式".出于身份验证的目的，永远不需要在任何地方存储密码.想一想:除了拥有密码的用户以外，是否有人需要知道密码?所有身份验证需要确保由身份验证的用户输入的字符串与该用户在密码创建过程中输入的字符串相同.乍一看，它看起来像知道密码，但实际上并非如此.在逻辑上如何做这个练习?

解决此问题的常用方法之一是在两种情况下计算密码学哈希函数并存储哈希.如果您想说此存储的值只是加密的密码，请再考虑一遍.最大的区别是:加密哈希完全无法解密，这是单向函数.因此，从哈希计算密码是不可行(当然，它与系统权限无关:这对任何人都是不可行的).而且这不是必需的:您只需存储哈希并将哈希与哈希进行比较.

请参阅:
http://en.wikipedia.org/wiki/Cryptographic_hash_function [ shorkie 引用的文章.

—SA

No, you never need to store a password. There is no a "secure way". Storing a password anywhere is never needed for authentication purposes. Think about it: does anyone (except the user who owns the password) needs to know the password, ever? All authentication needs is to make sure, that the string entered by a authenticated user is the same that this user entered in the process of password creation. From the first glance, it looks like knowing of the password, but in fact this is not true. What to do this exercise in logic?

One of the ways of solving this problem which is usually used is calculation of a cryptographic hash function in both cases and storing the hash. If you want to say that this stored value is just the encrypted password, think again. The big difference is: the cryptographic hash cannot be decrypted at all, this is a one-way function. So, it''s infeasible to calculate a password from hash (and, of course, it has nothing to do with system permissions: this is equally infeasible for anyone). And this is not needed: you just store hash and compare hash with hash.

Please see:
http://en.wikipedia.org/wiki/Cryptographic_hash_function[^].

Everything else depends on your platform, languages, the libraries you use and other detail you did not share with us. See also the article referenced by shorkie in Solution 1.

—SA

这篇关于以安全的方式存储密码值int sql server的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！