加密/散列数据库中的纯文本密码 [英] Encrypting/Hashing plain text passwords in database
问题描述
我继承了一个网络应用程序,我刚刚发现它在 SQL Server 数据库中以纯文本形式存储了超过 300,000 个用户名/密码.我意识到这是一件非常糟糕的事情™.
I've inherited a web app that I've just discovered stores over 300,000 usernames/passwords in plain text in a SQL Server database. I realize that this is a Very Bad Thing™.
知道我必须更新登录名和密码更新过程以加密/解密,并且对系统其余部分的影响最小,您会推荐什么作为从文件中删除纯文本密码的最佳方法数据库?
Knowing that I'll have to update the login and password update processes to encrypt/decrypt, and with the smallest impact on the rest of the system, what would you recommend as the best way to remove the plain text passwords from the database?
感谢任何帮助.
抱歉,如果我不清楚,我的意思是问您加密/散列密码的程序是什么,而不是特定的加密/散列方法.
我应该:
- 备份数据库
- 更新登录/更新密码代码
- 下班后,查看用户表中的所有记录,对密码进行哈希处理并替换每条记录
- 测试以确保用户仍然可以登录/更新密码
我想我的担忧更多来自于庞大的用户数量,所以我想确保我这样做是正确的.
I guess my concern is more from the sheer number of users so I want to make sure I'm doing this correctly.
推荐答案
我想你将不得不为加密密码向数据库添加一列,然后对所有获取当前密码的记录运行批处理作业,对其进行加密(正如其他人提到的,像 md5 这样的散列是非常标准的但不应该单独使用 - 请参阅其他答案以获得良好的讨论),将其存储在新列中并检查是否一切顺利.
I would imagine you will have to add a column to the database for the encrypted password then run a batch job over all records which gets the current password, encrypts it (as others have mentiond a hash like md5 is pretty standard edit: but should not be used on its own - see other answers for good discussions), stores it in the new column and checks it all happened smoothly.
然后您需要更新前端以在登录时对用户输入的密码进行哈希处理,并验证其与存储的哈希值,而不是检查纯文本与纯文本.
Then you will need to update your front-end to hash the user-entered password at login time and verify that vs the stored hash, rather than checking plaintext-vs-plaintext.
在我看来,在最终将明文密码全部删除之前,将两列都保留一会儿以确保没有任何问题发生是明智的.
It would seem prudent to me to leave both columns in place for a little while to ensure that nothing hinky has gone on, before eventually removing the plaintext passwords all-together.
不要忘记,只要密码被访问,代码就必须更改,例如密码更改/提醒请求.当然,您将无法通过电子邮件发送忘记的密码,但这并不是坏事.您将不得不改用密码重置系统.
Don't forget also that anytime the password is acessed the code will have to change, such as password change / reminder requests. You will of course lose the ability to email out forgotten passwords, but this is no bad thing. You will have to use a password reset system instead.
最后一点,您可能需要考虑避免我在第一次尝试安全登录网站时犯的错误:
One final point, you might want to consider avoiding the error I made on my first attempt at a test-bed secure login website:
在处理用户密码时,请考虑散列发生的位置.在我的例子中,哈希值是由运行在网络服务器上的 PHP 代码计算出来的,但是密码是以明文形式从用户的机器传输到页面的!这在我工作的环境中没问题(ish),因为它无论如何都在 https 系统内(uni 网络).但是,在现实世界中,我想您会希望在密码离开用户系统之前对其进行散列,使用 javascript 等,然后将散列传输到您的网站.
When processing the user password, consider where the hashing takes place. In my case the hash was calculated by the PHP code running on the webserver, but the password was transmitted to the page from the user's machine in plaintext! This was ok(ish) in the environment I was working in, as it was inside an https system anyway (uni network). But, in the real world I imagine you would want to hash the password before it leaves the user system, using javascript etc. and then transmit the hash to your site.
这篇关于加密/散列数据库中的纯文本密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
