问题
I am looking forward how to store my passwords in database in encrypted form. I found this manual, but still not sure how to put it into my ddl. The code below doesn't work.
create table USER_USER (
USER_USER_ID long NOT NULL AUTO INCREMENT,
USER_USER_LOGIN varchar(50),
USER_USER_PASSWORD varchar (50) cipher lzf,
USER_USER_EMAIL varchar(50)
);
回答1:
First of all, lzf isn't a valid argument for cipher; H2 only supports aes and xtea (documentation)
That said, don't let the database encrypt passwords for you. The database usually doesn't run on the same server as your Java application which means that the passwords will be transmitted as plain text over the network.
Even if your database is on the same server or even embedded, passwords need so much special handling that you're better off to store them as binary blobs and use a framework like jBCrypt. The main reason for this is that attackers have developed sophisticated automated tools which crack passwords automatically. It's not simple to write an algorithm that will withstand most common attacks anymore.
来源:https://stackoverflow.com/questions/14770242/how-to-create-a-secured-field-in-h2-database