如何最好地更新 300,000 条记录并更改每条记录的密码

发布于 2024-11-05 14:10:55 字数 571 浏览 3 评论 0原文

我有一个网站“帐户”表,其中包含所有用户的帐户详细信息。

id-username-password-etc

我们还有一个论坛(phpBB),我正在尝试将其与该网站集成。集成是通过在 phpBB 用户表中创建一个条目来完成的,该条目具有与主帐户相同的用户名和密码。

我们的系统使用 md5 散列密码,但最新版本的 phpBB3 有不同的格式 (Phpass),因此我需要编写一个脚本,将 phpBB 密码替换为大约 300,000 个用户的“帐户”密码。

解决这个问题的最佳方法是什么?

我有一个根据用户名将两个表连接在一起的查询,我可以在 PHP 中编写一些内容来遍历每条记录并更新它(可能会导致性能问题?)

或者在 MySQL 中进行转换?

还有另一种方法可以做到这一点吗?

澄清一下,当在两个表中创建这些帐户时...我们对两个表使用相同的用户名和密码,因此 our_db.accounts 中的每条记录都具有 phpbb.users 中相同加密密码的 md5 哈希值。我正在尝试对这个大型数据集执行的操作是将 phpBB 表中的密码替换为我们的帐户表中的密码

I have a site 'accounts' table which contains account details for all our users.

id-username-password-etc

We also have a forum (phpBB) that I'm trying to integrate with the site. The integration is done by creating an entry in the phpBB users table with the same username and password as the main account.

Our system uses md5 hashed passwords but the latest version of phpBB3 has a different format (Phpass) so I need to write a script that will replace the phpBB password with the 'account' password for roughly 300,000 users.

What would be the best way of approaching this?

I've got a query that joins the two tables together based on the username, I could write something in PHP to go through each record and update it (might cause performance issues?)

or do the conversion in MySQL?

Is there another way of doing this?

Just to clarify, when these accounts were created in both tables ... we used the same usernames and passwords for both, so each record in our_db.accounts has the md5 hash of the same encrypted password in phpbb.users. What I'm trying to do for this large dataset is replace the password in the phpBB table with the one from our accounts table

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

背叛残局 2024-11-12 14:10:55

通常,最快、最简单的方法是创建一个临时表 XXX,其字段与您要更新的表相同并执行以下操作:

insert into XXX(...target columns...) select ...the join you have created and mention....

然后,如果一切正确,则将 XXX 重命名为正确的表。

我相信 MySQL 也支持使用连接进行更新,这也可以工作。

ussually the quickest and easiest way is to create a temp table XXX with the same fields as the table you want to update and do:

insert into XXX(...target columns...) select ...the join you have created and mention....

Then rename XXX to the correct table if all is correct.

I believe MySQL also support update with joins which would also work.

长途伴 2024-11-12 14:10:55

您无法将 MD5 哈希密码转换为任何其他格式,因为哈希值不可逆。

必须使用一个应用程序使用另一个应用程序的登录服务进行集成,当用户成功登录到您的应用程序时,您将 phpbb 密码添加到其数据库中(此时您有一秒钟的明文密码)。

编辑:如果密码哈希技术匹配:

UPDATE phpBBdb.accounts SET password = (SELECT password FROM yourApp.accounts ya WHERE (ya.username = phpBBdb.accounts.username))

可能有点取决于数据库类型/版本。

但是:这意味着两个系统不使用盐或使用相同的盐。如果没有盐考虑以后加盐。这将保护使用 Rainbow-table 解码 md5-hashed-password,这是您对用户的责任。

You cannot convert your MD5-hashes password to any other format because hash values are not reversible.

Integration must take place with one app using the login services of the other you add phpbb password to their database as users successfully logged into your app (in that momemt you have the clear text password for a second).

Edit: In case passwords hash techniques match:

UPDATE phpBBdb.accounts SET password = (SELECT password FROM yourApp.accounts ya WHERE (ya.username = phpBBdb.accounts.username))

Might depend a little on database types/version.

But: This means both systems use no salt or the same salt. If no salt think about adding a salt in the future. This will protect decoding md5-hashed-password with rainbow-tables and is your responsibility against your users.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文