将密码存储到sql中的最佳方法 [英] Best way to store password into sql
问题描述
在我当前的C#Windows应用程序密码中,密码已经以纯文本格式存储,这显然不好.所以我只想知道什么是加密密码并将其存储到SQL Server的最佳方法.我已经读过,使用hash + salt更好.但我觉得sql 2005中的"EncryptByPassPhrase","DecryptByPassPhrase"新功能更好用,因为您正在处理SQL Server本身的所有内容,并且我想它使用三重DES.有人可以建议使用它很好吗?
in my current C# windows application password has been stored in plain text which is obviously not good. so i just want to know what is the best way to encrypt the password and stored into SQL Server. I have read that using hash+salt is better. but i feel "EncryptByPassPhrase","DecryptByPassPhrase" new feature in sql 2005 is better to use because you are handling everything from SQL Server itself and i suppose it uses triple DES. can somebody suggest is it good to use it ?
推荐答案
您是否需要访问原始密码,还是只是尝试将输入的密码与数据库中的密码进行比较?
Do you need to have access to the original password, or are you just going to try and compare an entered password against one in the database?
如果您需要访问原始密码,那么您将不得不使用加密算法而不是哈希算法.
If you need access to the original password, then you are going to have to use an encryption algorithm instead of a hash algorithm.
如果您要做的只是将密码存储在数据库中,以便以后可以根据已知的输入值检查密码,则可以使用带有盐的哈希值进行操作.
If all you're doing is storing a password in the database so that you can check it later against a known input value, then a hash with a salt will work.
请记住,当客户端发送要验证的凭据时,您不希望以明文形式发送密码!
Remember that when the client is sending the credentials across to be validated, that you don't want to be sending the password in clear text!
这篇关于将密码存储到sql中的最佳方法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
