问题描述
我正在尝试创建一个具有登录/注销功能的网站,并且我计划适当地对密码进行哈希处理和添加盐分.但是,我面临的问题是如何将密码存储在数据库中.我知道我需要将散列+加盐的密码存储在数据库中(而不是纯文本格式或纯加密格式),但是我不知道如何从技术上解决将二进制数据插入数据库的问题.
I'm trying to make a website with a log on / log off feature and I plan on properly hashing and salting the password. The problem I'm facing, however, is how I'd go about storing the password in the database. I know that I need to store the hashed + salted password in the database (not in plain text or plain encrypted), but I don't know how to technically get around inserting the binary data into the database.
在我的早期尝试中,我可以在数据库中获取数据的唯一方法是将二进制数据转换为base64字符串并插入到varchar
密码字段中,但是有些事情告诉我这是不正确的的方法.
In my early attempts, the only way I could get the data in the database would be to have the binary data converted to a base64 string and inserted into the varchar
password field, but something is telling me that's not the correct way to do it.
数据库中的密码字段当前为varchar
,但据我了解,哈希密码是二进制的.因此,即使我将密码字段更改为二进制对象,我仍然不知道如何实际插入它!
The password field in the database is currently a varchar
but as I understand it, a hashed password is binary. So even if I changed the password field to a binary object, I still don't know how to actually insert it!
如果我没有任何意义,请澄清,我会尽快与您联系.
If I'm not making any sense please ask for clarification and I'll get back to you.
推荐答案
否,哈希密码不必存储在varbinary字段中,您可以对其进行编码并将其存储在varchar字段中. Base64是编码任何类型字符的不错选择.
No, a hashed password doesnt have to be stored in a varbinary field, you can encode it and store it in a varchar field. Base64 is a good alternative for encoding any kind of characters.
这篇关于如何使用C#将散列存储在SQL Server数据库中?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!