MySQL密码功能 [英] MySQL password function

问题描述

使用MySQL的密码功能对应用程序使用的密码进行哈希处理是好还是坏的做法?我可以看到优点和缺点.我很好奇是否有普遍共识.

Is it considered good or bad practice to use MySQL's password function to hash passwords used by an application? I can see pros and cons. I'm curious if there is a general consensus on whether it is good or bad.

推荐答案

MySQL的

The docs for MySQL's PASSWORD() function states:

PASSWORD()函数由MySQL Server中的身份验证系统使用；您不应该在自己的应用程序中使用它.

The PASSWORD() function is used by the authentication system in MySQL Server; you should not use it in your own applications.

阅读"您可能存储了错误的密码"以获取有关以下方面的更好建议散列并存储密码.

Read "You're Probably Storing Passwords Incorrectly" for better advice on hashing and storing passwords.

MD5和SHA-1被认为太弱而无法使用密码.当前的建议是使用SHA-256.

MD5 and SHA-1 are considered to be too weak to use for passwords. The current recommendation is to use SHA-256.

我为MySQL提供了一个补丁，以支持 SHA2() 函数，并且该补丁已被接受，但由于他们的路线图已更改，因此尚不清楚何时将其制作为已发布的产品.

I contributed a patch to MySQL to support a SHA2() function, and the patch was accepted, but since their roadmap has changed it's not clear when it will make it into a released product.

同时，您可以在编程语言中使用哈希和加盐，并且只需将结果哈希摘要存储在数据库中.如果您使用PHP，则 hash() 函数中可以使用SHA-256.

In the meantime, you can use hashing and salting in your programming language, and simply store the result hash digest in the database. If you use PHP, SHA-256 is available in the hash() function.

更新:MySQL 5.5.8于2010年12月发布，该版本包含对

update: MySQL 5.5.8 was released in December 2010, and that release contains support for the SHA2() function.

这篇关于MySQL密码功能的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！