问题描述
CHAR对VARCHAR存储密码有什么好处吗?
Are there any benefits of CHAR over VARCHAR for storing passwords?
我已经找到了高和低,但是找不到任何东西。
I have hunted high and low but can't find anything on this.
我问,因为我被告知要使用CHAR作为密码,并且对为什么感兴趣。
I ask because I have been told to use CHAR for passwords and am intrigued as to why.
推荐答案
安全没有区别。区别在于存储机制。
There is no difference in security. The difference is in the storage mechanism.
从:
Value CHAR(4) Storage Required VARCHAR(4) Storage Required
'' '' 4 bytes '' 1 byte
'ab' 'ab ' 4 bytes 'ab' 3 bytes
'abcd' 'abcd' 4 bytes 'abcd' 5 bytes
'abcdefgh' 'abcd' 4 bytes 'abcd' 5 bytes
因此,如果要存储的字符串的长度是可变的,那么可以看到 VARCHAR
为什么 CHAR
经常用于密码字段的原因是因为散列算法的输出是一致的,而与输入的长度无关。由于您正在存储用户密码的哈希值,而不是密码本身,因此字段长度将保持一致。
So you can see that VARCHAR
is beneficial if the length of the string that you are storing is variable. The reason why CHAR
is often used for password fields is because the output of hashing algorithms is consistent regardless of the length of input. Since you are storing a hash of the user's password, and not the password itself, the field length will be consistent.
leeor正确建议您使用哈希密码。 是在这方面的最佳做法的良好资源。
leeor is correct in advising you to hash passwords. PHP The Right Way is a good resource for best practices in that regard.
这篇关于CHAR与VARCHAR的密码安全性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!