Should I create the password column as a regular varchar and then insert like this:
sha1($pass_string)
Or should I do something extra upon the creation of the table to make sure that password field is secure?
Thanks!
解决方案
It's a normal varchar field (40 characters) but if you want to set it more secure you should use salt.
Update :
WARNING : Hash password without salt is REALLY WEAK ! You should never use it !!
Password salting is the good way for doing it :
password salting
as adviced by pst :
using SHA-1 and salt is the more naive but quite well secure approach.
using bcrypt :
it's the more secure approach :) because it use speed in order to make it more secure, bfish is a hash function built around the encryption method blowfish. (Seems than twofish exists too and should be the "modern" version of blowfish).
It's a version using a chain of SHA-1 so it's a intermediate solution, but allowing to set speed to your needs. In fact speed make weaker your security.
如果觉得《mysql密码字段_如何在mysql中创建带有密码字段的表?》对你有帮助,请点赞、收藏,并留下你的观点哦!
