doulao2029 2017-07-27 06:41
浏览 85
已采纳

在PHP Bcrypt中散列整个MySQL数据库的优点和缺点是什么?

I have seen on the internet that it is a good practice of hashing user names and passwords using BCrypt for better security. If your database was compromised, there would be still a chance for your data (User Names and Passwords) keep secret. So my problems are,

  1. Can we hash All Database Tables (not only tbl_users) for better security.? (such as comments, payments, balance, etc...)

  2. If we can, does it slows down the PHP Application?

  3. Other Advantages and Disadvantages

  4. Any other methods which can use for keeping data secret, if my database was hacked, stolen of compromised?

Thank you in advance..!

  • 写回答

1条回答 默认 最新

  • dqwh26750 2017-07-27 06:49
    关注
    1. Hashing is one way only. That means if you want to retrieve the first and last name of your user, you won't be able to. Another example is if you hash balances, you won't be able to see who owns the most money, or who owes what.
    2. Hashing, or encrypting is slow. That's one reason why it is secure, because you need a big computing power to be able to break it.
    3. Other advantages? None.
    4. Something that banks use, along other things. Is to have your database table names and column names be meaningless... Name them just a,b,c,d that way it is harder to know what is what. But again, that is just a slim layer of security by obscurity. If the database is hacked and its content pumped out, the hacker will have all the time he needs to figure out what he needs...

    Try reading more on how to manage your database securely on https://dba.stackexchange.com/

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 解决一个加好友限制问题 或者有好的方案
  • ¥15 关于#java#的问题,请各位专家解答!
  • ¥15 急matlab编程仿真二阶震荡系统
  • ¥20 TEC-9的数据通路实验
  • ¥15 ue5 .3之前好好的现在只要是激活关卡就会崩溃
  • ¥50 MATLAB实现圆柱体容器内球形颗粒堆积
  • ¥15 python如何将动态的多个子列表,拼接后进行集合的交集
  • ¥20 vitis-ai量化基于pytorch框架下的yolov5模型
  • ¥15 如何实现H5在QQ平台上的二次分享卡片效果?
  • ¥30 求解达问题(有红包)