在数据库中存储密码的首选方法 [英] Preferred Method of Storing Passwords In Database

问题描述

您在数据库（最好是SQL Server 2005）中存储密码的首选方法/数据类型是什么？我在我们的几个应用程序中这样做的方式是首先使用.NET加密库，然后将它们作为二进制（16）存储在数据库中。这是首选方法，还是应该使用不同的数据类型或分配比16更多的空间？

What is your preferred method/datatype for storing passwords in a database (preferably SQL Server 2005). The way I have been doing it in several of our applications is to first use the .NET encryption libraries and then store them in the database as binary(16). Is this the preferred method or should I be using a different datatype or allocating more space than 16?

推荐答案

相当于数据库中的密码，从不使用密码本身，然后总是将哈希值与用户传递的哈希值进行比较。

I store the salted hash equivalent of the password in the database and never the password itself, then always compare the hash to the generated one of what the user passed in.

文字密码数据。这使得恢复不可能，但是当某人忘记或丢失密码时，您可以通过一些检查并创建新密码。

It's too dangerous to ever store the literal password data anywhere. This makes recovery impossible, but when someone forgets or loses a password you can run through some checks and create a new password.

这篇关于在数据库中存储密码的首选方法的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！