不幸的是,我在数据库中有明文密码。我希望尽可能少地传递这些明文值,比如比较和更新。为此,我正在尝试创建一个不包含明文密码的Users表视图,而是提供该密码的散列值。
这是我当前的SQL Server视图,它不起作用:
SELECT CAST(CAST(32768 * RAND() AS INT) AS NVARCHAR) AS PasswordSalt
HashBytes('SHA1', PasswordSalt + u.Password) AS PasswordHash
FROM dbo.Users AS u
我很高兴听到这种方法的替代方案,但除此之外,问题似乎是将虚拟列 PasswordSalt 与......进行连接。例如,以下简单视图有效:
SELECT u.Login AS Column1, u.Login + 'b' AS Column2
但这个没有:
SELECT u.Login AS Column1, Column1 + 'b' AS Column2
我从Management Studio收到的错误是
列名称“Column1”无效。
提前感谢任何关于我做错事的想法!
答案 0 :(得分:1)
问题出现是因为语句的FROM子句指示要选择的数据来自Users表,但SELECT部分引用名为PasswordSalt的列。 SQL Server无法在Users表中找到具有此名称的列,因此出现错误。
替代方法可能是在子查询中生成Salt。例如
SELECT x.PasswordSalt,
HashBytes('SHA1', x.PasswordSalt + x.Password) AS PasswordHash
FROM ( SELECT CAST(CAST(32768 * RAND() AS INT) AS NVARCHAR) AS PasswordSalt,
Password
FROM dbo.Users) x
答案 1 :(得分:1)
怎么样?
SELECT CAST(CAST(32768 * RAND() AS INT) AS NVARCHAR) AS PasswordSalt
HashBytes('SHA1', CAST(CAST(32768 * RAND() AS INT) AS NVARCHAR) + u.Password) AS PasswordHash
FROM dbo.Users AS u