How to store passwords in database securely?(如何安全地将密码存储在数据库中?)
I have read that one way to store passowrds in a database is by the following way. To have a database table with columns username, hash and salt. The salt would never be shown.
I generate the hash with password + salt. The password is send by the user and is not stored in the database. If the generated hash is the same as that stored in the database, the password is correct.
But I have my doubts. If I send the password, it could be sniffed while it is transmitted by the wire, so I think that it is neccesary to encrypt the communication too. So using a hash and salt is only to protect the data from the administrator? I mean that if I store the password in database, an administrator could easily access all information. If I store the hash, the administrators can't access to the information of users becasue the administrator don't have the half of the information, only the salt and not the password. However, while the user need to send the password, this could be sniff by someone, so the password is exposed.
How is the best way to protect the information of the user?
哈希密码还可以保护您的数据免受外人的侵害.想象一下,如果有人使用 SQL 注入访问您的数据,他只会得到一个哈希值 &不是通行证.您可以使用 HTTPS 通过您的网络进行安全通信使用您现有的散列密码表以获得良好的安全模型.安全加盐密码散列
Hashed passwords also protect your data from outsiders. Imagine, if someone accessed your data using a SQL injection he would only get a hash & not the pass. You can use HTTPS for secure communication over your network & use your existing table of hashed passwords for a good security model. Secure salted password hashing
- 使用 Oracle PL/SQL developer 生成测试数据 2021-01-01
- 如何使用 pip 安装 Python MySQLdb 模块? 2021-01-01
- 在SQL中,如何为每个组选择前2行 2021-01-01
- 如何将 SonarQube 6.7 从 MySQL 迁移到 postgresql 2022-01-01
- 如何将 Byte[] 插入 SQL Server VARBINARY 列 2021-01-01
- 以一个值为轴心,但将一行上的数据按另一行分组? 2022-01-01
- SQL 临时表问题 2022-01-01
- 导入具有可变标题的 Excel 文件 2021-01-01
- 远程 mySQL 连接抛出“无法使用旧的不安全身份验证连接到 MySQL 4.1+"来自 XAMPP 的错误 2022-01-01
- 更改自动增量起始编号? 2021-01-01