使用 Nhibernate 存储 Sha256 哈希密码
我有一个简单的 Web 应用程序,有一个登录页面,前端域有一个简单的模型:
string username {get;set;}
string password {get;set;}
但是在发送到数据域对象之前它是用 sha256 加密的,最初的数据域是:
string username {get;set;}
string password {get;set;}
所以我会采取从 ui 获取密码,然后使用 Encoding.GetString() 方法对其进行加密,获取用于持久保存的字符串。然而,当我尝试保留数据时,它似乎给出了一个异常,我认为这归因于字符串中的字符无效。
环顾四周后,有些人建议将其存储为 varbinary(32) 并在数据层中使用 byte[] 密码 {get;set;},但是我无法让 Nhibernate 正确映射它。
那么谁能告诉我使用 Nhibernate 和 SqlServer 或 MySql 存储哈希密码的最佳实践。 (该应用程序支持这两种数据库)
I have a simple web app that has a login page, the front end domain has a simple model with:
string username {get;set;}
string password {get;set;}
However it is encrypted with sha256 before it is sent over to the data domain object, originally the data domain was:
string username {get;set;}
string password {get;set;}
So I would take the password from the ui, encrypt it then using the Encoding.GetString() method, get back a string for persisting. However when I try to persist the data it just seems to give an exception, which I believe to be down to the characters in the string not being valid.
After looking around some people have recommended storing it as a varbinary(32) and using a byte[] password {get;set;} within the data layer, however I couldn't get Nhibernate to map it correctly.
So can anyone tell me the best practise on storing hashed passwords with Nhibernate and SqlServer or MySql. (The app supports both dbs)
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您不应该对 SHA 值使用
Encoding.GetString(),因为它会生成可能无法正确存储的文本,或者更糟糕的是,会出现异常。而是使用类似Convert.ToBase64String的东西。You shouldn't use
Encoding.GetString()on a SHA value since it will produce text that may not store correctly, or worse, give an exception. Rather use something likeConvert.ToBase64String.