堆栈内存溢出
  简体   繁体   English

为什么在 SQL 服务器中此 Salt CAST 为 NVARCHAR(32)?

[英]Why is this Salt CAST as NVARCHAR(32) in SQL Server?

 原文  2021-03-15 04:24:29       sql/ sql-server/ hash/ salt

问题描述

I learned about storing password in SQL server database with HASHING and Salt.我了解了使用 HASHING 和 Salt 在 SQL 服务器数据库中存储密码。 This code was online and had no really useful comment section for it so I want to ask here.这段代码是在线的,没有真正有用的评论部分,所以我想在这里问一下。

Why is @salt cast as NVARCHAR(36) here?为什么在这里将@saltNVARCHAR(36)

I tried different lengths like NVARCHAR(50) and in the database, Salt is still saved as a string of length 36.我尝试了不同的长度,例如NVARCHAR(50) ,在数据库中, Salt仍然保存为长度为 36 的字符串。

For example:例如:

B25243D7-A126-48A8-90F2-5898572F54D2

E29E1CEF-DBE1-4373-9510-A911BA0C8672

CREATE TABLE dbo.[User1]
(
    UserID INT IDENTITY(1,1) NOT NULL,
    LoginName NVARCHAR(40) NOT NULL,
    PasswordHash BINARY(64) NOT NULL,
    Salt UNIQUEIDENTIFIER,
    FirstName NVARCHAR(40) NULL,
    LastName NVARCHAR(40) NULL,
    CONSTRAINT [PK1_User_UserID] PRIMARY KEY CLUSTERED (UserID ASC)
)

CREATE PROCEDURE dbo.uspAddUser1
    @pLogin NVARCHAR(50), 
    @pPassword NVARCHAR(50),
    @pFirstName NVARCHAR(40) = NULL, 
    @pLastName NVARCHAR(40) = NULL,
    @responseMessage NVARCHAR(250) OUTPUT
AS
BEGIN
    SET NOCOUNT ON

    DECLARE @salt UNIQUEIDENTIFIER=NEWID()
    BEGIN TRY
        INSERT INTO dbo.[User1] (LoginName, PasswordHash, Salt, FirstName, LastName)
        VALUES(@pLogin, HASHBYTES('SHA2_512', @pPassword+CAST(@salt AS NVARCHAR(36))), @salt, @pFirstName, @pLastName)

       SET @responseMessage = 'Success'
    END TRY
    BEGIN CATCH
        SET @responseMessage = ERROR_MESSAGE() 
    END CATCH
END

DECLARE @responseMessage NVARCHAR(250)

EXEC [dbo].[uspAddUser1]
            @pLogin = 'admin2',
            @pPassword = '123456',
            @pFirstName = 'John',
            @pLastName = 'Smith',
            @responseMessage = @responseMessage OUTPUT

SELECT * FROM [dbo].[User1]

1 个解决方案

解决方案1
 1 已采纳  2021-03-15 04:39:16

It is because of DECLARE @salt UNIQUEIDENTIFIER=NEWID() .这是因为DECLARE @salt UNIQUEIDENTIFIER=NEWID() in sql server NEWID() function returns a UNIQUEIDENTIFIER of character length 36在 sql 服务器NEWID() function 返回一个字符长度为 36 的UNIQUEIDENTIFIER

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 将Nvarchar转换为Int失败的SQL Server 2008 - Cast Nvarchar to Int Failing SQL Server 2008 SQL Server 2008-CAST到nvarchar无法正常工作 - SQL Server 2008 - CAST to nvarchar not working 如何将nvarchar转换为int然后在sql server中添加 - how to cast nvarchar to int then add in sql server SQL 将 nvarchar 转换为 int - SQL convert\cast nvarchar to int SQL-将XML转换为nvarchar(max) - SQL - cast XML as nvarchar(max) 迄今为止的 SQL Server nvarchar - SQL Server nvarchar to date NVARCHAR到DATE(SQL Server) - NVARCHAR to DATE (SQL Server) SQL 服务器 Nvarchar 参数 - SQL server Nvarchar parameters SQL Server:Nvarchar到Varchar - SQL Server : Nvarchar to Varchar SQL Server:为什么不转换为日期使用索引而不转换为nvarchar? - SQL Server : why convert to date use index and convert to nvarchar not?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM