Looking to create a database table that saves user information (primarily user and password).
- Is the best way to hash (password) and user?
- Should I encrypt开发者_如何学Python the name of user too?
- If i have a table of passwords and another with users data, how i can associate/link them?
The login is not the problem, the question is how to associate the tables (table of passwords and table of data for each user)
Thanks
You basic User table would look something like this:
User Table
-------
id username password
1 mike @#$90sDfsa
Where the password is a hashed version (with a salt) of my password.
You should of course hash the password before storing it. Ideally with an unique salt.
As a hash function you should not use something like SHA-*, because the cryptographic hash functions are designed to be fast. This makes it easy for someone getting the hash to try a large number of possible passwords very fast.
Use a password hash function like bcrypt which is designed to be arbitrarily slow.
The login is not the problem, the question is associate the tables (table of passwords and table of data for each user)
To associate the tables you can work with relations:
- http://dev.mysql.com/tech-resources/articles/intro-to-normalization.html#04
- How to create relationships in MySQL
I would store the hashed and salted password in the table with the rest of the users data. If you really want to store the passwords in a seperate table store the user id with it to associate passwords with users. In general use a strong hashing algorithim e.g. SHA251 and salt the passwords to prevent rainbow table attacks. I don't think that you should need to hash the username.
As I commented above, I would just hash the password.
Also, why are you storing users and passwords in a separate table? They are related, and should be in the same table. Data such as addresses would belong in a separate table.
You can use surrogate keys to do the relation between the tables, if you absolutely must have two tables, one with hashed/salted passwords, the other with user information.
You could have a setup like this:
CREATE TABLE users (USER_ID INTEGER,
PASSWORD_ID INTEGER,
USER_ATTRIBUTE VARCHAR(30));
CREATE TABLE passwords (PASSWORD_ID INTEGER,
PASSWORD_HASH VARCHAR(255));
PASSWORD_ID is the surrogate key, you use it in the users table to reference the value in the passwords table. You can join the tables together with a SQL query:
SELECT *
FROM users INNER JOIN passwords
ON users.PASSWORD_ID = passwords.PASSWORD_ID;
精彩评论