[英]Why is this Salt CAST as NVARCHAR(32) in SQL Server?
I learned about storing password in SQL server database with HASHING and Salt.我了解了使用 HASHING 和 Salt 在 SQL 服务器数据库中存储密码。 This code was online and had no really useful comment section for it so I want to ask here.
这段代码是在线的,没有真正有用的评论部分,所以我想在这里问一下。
Why is @salt
cast as NVARCHAR(36)
here?为什么在这里将
@salt
为NVARCHAR(36)
?
I tried different lengths like NVARCHAR(50)
and in the database, Salt
is still saved as a string of length 36.我尝试了不同的长度,例如
NVARCHAR(50)
,在数据库中, Salt
仍然保存为长度为 36 的字符串。
For example:例如:
B25243D7-A126-48A8-90F2-5898572F54D2
E29E1CEF-DBE1-4373-9510-A911BA0C8672
CREATE TABLE dbo.[User1]
(
UserID INT IDENTITY(1,1) NOT NULL,
LoginName NVARCHAR(40) NOT NULL,
PasswordHash BINARY(64) NOT NULL,
Salt UNIQUEIDENTIFIER,
FirstName NVARCHAR(40) NULL,
LastName NVARCHAR(40) NULL,
CONSTRAINT [PK1_User_UserID] PRIMARY KEY CLUSTERED (UserID ASC)
)
CREATE PROCEDURE dbo.uspAddUser1
@pLogin NVARCHAR(50),
@pPassword NVARCHAR(50),
@pFirstName NVARCHAR(40) = NULL,
@pLastName NVARCHAR(40) = NULL,
@responseMessage NVARCHAR(250) OUTPUT
AS
BEGIN
SET NOCOUNT ON
DECLARE @salt UNIQUEIDENTIFIER=NEWID()
BEGIN TRY
INSERT INTO dbo.[User1] (LoginName, PasswordHash, Salt, FirstName, LastName)
VALUES(@pLogin, HASHBYTES('SHA2_512', @pPassword+CAST(@salt AS NVARCHAR(36))), @salt, @pFirstName, @pLastName)
SET @responseMessage = 'Success'
END TRY
BEGIN CATCH
SET @responseMessage = ERROR_MESSAGE()
END CATCH
END
DECLARE @responseMessage NVARCHAR(250)
EXEC [dbo].[uspAddUser1]
@pLogin = 'admin2',
@pPassword = '123456',
@pFirstName = 'John',
@pLastName = 'Smith',
@responseMessage = @responseMessage OUTPUT
SELECT * FROM [dbo].[User1]
It is because of DECLARE @salt UNIQUEIDENTIFIER=NEWID()
.这是因为
DECLARE @salt UNIQUEIDENTIFIER=NEWID()
。 in sql server NEWID()
function returns a UNIQUEIDENTIFIER
of character length 36在 sql 服务器
NEWID()
function 返回一个字符长度为 36 的UNIQUEIDENTIFIER
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.