问题
I am creating a database for a website I've just developed but I need to encrypt my passwords.
I've never encrypted passwords before and I don't know how to do it, I've searched google and a lot of websites but all they do is confuse me.
Here is my Sproc:
CREATE TABLE USERS(
Username Nvarchar(200) PRIMARY KEY NOT NULL,
Password Nvarchar(200) NOT NULL,
EmailPassword Nvarchar(200) NOT NULL,
UsernamePassword Nvarchar(200) NOT NULL
)
CREATE TABLE Usernames(
Username Nvarchar(200) FOREIGN KEY(Username) REFERENCES USERS(Username),
Usernames Nvarchar(300) NOT NULL,
Description nvarchar(500)
)
CREATE TABLE Emails(
Username Nvarchar(200) FOREIGN KEY(Username) REFERENCES USERS(Username),
Passwords Nvarchar(300) NOT NULL,
Description nvarchar(500)
)
CREATE TABLE Passwords(
Username Nvarchar(200) FOREIGN KEY(Username) REFERENCES USERS(Username),
Usernames Nvarchar(300) NOT NULL,
Description nvarchar(500)
)
I would like to encrypt the columns that contain NOT NULL accept the username column
回答1:
Dont store the password directly, not even encrypted. Use a salted hash.
Check out
- Secure Salted Password Hashing - How to do it Properly
- Strong Password Hashing with SQL Server
来源:https://stackoverflow.com/questions/25136102/sql-server-password-encryption