如何在H2数据库中创建安全字段? [英] How to create a secured field in H2 database?
问题描述
我期待着如何以加密形式将密码存储在数据库中. 我找到了此手册,但仍不确定如何将其放入我的ddl中. 下面的代码不起作用.
I am looking forward how to store my passwords in database in encrypted form. I found this manual, but still not sure how to put it into my ddl. The code below doesn't work.
create table USER_USER (
USER_USER_ID long NOT NULL AUTO INCREMENT,
USER_USER_LOGIN varchar(50),
USER_USER_PASSWORD varchar (50) cipher lzf,
USER_USER_EMAIL varchar(50)
);
推荐答案
首先,lzf
不是cipher
的有效参数; H2仅支持aes
和xtea
(文档)
First of all, lzf
isn't a valid argument for cipher
; H2 only supports aes
and xtea
(documentation)
也就是说,不要让数据库为您加密密码.数据库通常与Java应用程序不在同一服务器上运行,这意味着密码将通过网络以纯文本格式传输.
That said, don't let the database encrypt passwords for you. The database usually doesn't run on the same server as your Java application which means that the passwords will be transmitted as plain text over the network.
即使您的数据库位于同一服务器上,甚至是嵌入式数据库,密码也需要进行大量特殊处理,因此最好将密码存储为二进制blob并使用
Even if your database is on the same server or even embedded, passwords need so much special handling that you're better off to store them as binary blobs and use a framework like jBCrypt. The main reason for this is that attackers have developed sophisticated automated tools which crack passwords automatically. It's not simple to write an algorithm that will withstand most common attacks anymore.
这篇关于如何在H2数据库中创建安全字段?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!