我应该如何将windows userid存储在数据库中?

时间:2021-05-05 07:11:22

Currently I am storing windows account of a user as nvarchar(10) in sql server, is this the correct way to store userids? What should be the data type? or should I even store userids?

目前我在sql server中将用户的windows帐户存储为nvarchar(10),这是存储用户ID的正确方法吗?应该是什么数据类型?或者我应该存储用户ID?

5 个解决方案

#1


11  

Windows NT user identities are known as SID, a security-identifier. It's string representation is specified in SID String Format Syntax and the marshal representation is specified in SID--Packet Representation. If you want to store a SID in the database, use the same representation as the sys.databases.owner_sid field: varbinary(85). To retrieve a login SID use SUSER_SID (which also returns... varbinary(85)).

Windows NT用户标识称为SID,即安全标识符。它的字符串表示在SID字符串格式语法中指定,并且编组表示在SID - 数据包表示中指定。如果要在数据库中存储SID,请使用与sys.databases.owner_sid字段相同的表示形式:varbinary(85)。要检索登录SID,请使用SUSER_SID(也返回... varbinary(85))。

Specifically do not store identities as login names (domain\user or user@domain) since these change way more frequently than you expect, specially in large corporations. Mine changed about 5 times in 10 years.

特别是不要将身份存储为登录名(域\用户或用户@域),因为这些更改方式比您预期的更频繁,特别是在大型公司中。矿井在10年内改变了约5次。

#2


2  

THis is a very complex question.

这是一个非常复杂的问题。

Technically do NOT store the name. store the ID, which incidentally is a GUID by type anyway.

从技术上讲,不要存储名称。存储ID,无论如何它依次是GUID类型。

That means you are safe when you for example rename the account and that is what WINDOWS Does. Ever seen when you open rights on a file it takes a second to show the names? And shows a number first? That is because windows takes a little to get the names from the domain controller.

这意味着当您重命名帐户时这是安全的,这就是WINDOWS所做的。有没有看到当你打开文件的权限时,需要一秒钟来显示名称?并首先显示一个数字?这是因为Windows需要一点点来从域控制器获取名称。

SIMPLE is to store the account name, but it means you are "dead" on a rename, which should be quite rate, otoh. I think most solutions go for that ;)

SIMPLE是存储帐户名称,但这意味着你在重命名时“死了”,这应该是非常好的,otoh。我认为大多数解决方案都适用于此;)

#3


1  

When getting the Current User id (check HERE), char(30) is used.

获取当前用户ID(在此处检查)时,使用char(30)。

So, at least, you should change the length to 30!

所以,至少,你应该把长度改为30!

#4


1  

It depends on the type of data in userid if it is an id from another table i you database, then save it as per the datatype in the parant table. if it windows userid then save it as nvarchar but make sure the logest userid is accommodated. like nvarchar(50)

如果它是来自您数据库的另一个表的id,则它取决于userid中的数据类型,然后根据parant表中的数据类型保存它。如果是windows userid然后将其保存为nvarchar,但要确保容纳logest userid。像nvarchar(50)

#5


1  

or should I even store userids

或者我应该存储用户ID

While creating new account in Stack overflow. It accepts Google/Facebook or Yahoo userids that means it uses Passport Authentication. But still it keeps the user information in the database for relation between query/replies/comments/flags etc.

在Stack溢出时创建新帐户。它接受Google / Facebook或Yahoo用户ID,这意味着它使用Passport身份验证。但它仍然将用户信息保存在数据库中,以查询/回复/评论/标记等之间的关系。

What should be the data type?

应该是什么数据类型?

Well, It depends upon your requirement. In case of Non English laguage. It must be NVarchar(50)

那么,这取决于你的要求。如果是非英语语言。它必须是NVarchar(50)

#1


11  

Windows NT user identities are known as SID, a security-identifier. It's string representation is specified in SID String Format Syntax and the marshal representation is specified in SID--Packet Representation. If you want to store a SID in the database, use the same representation as the sys.databases.owner_sid field: varbinary(85). To retrieve a login SID use SUSER_SID (which also returns... varbinary(85)).

Windows NT用户标识称为SID,即安全标识符。它的字符串表示在SID字符串格式语法中指定,并且编组表示在SID - 数据包表示中指定。如果要在数据库中存储SID,请使用与sys.databases.owner_sid字段相同的表示形式:varbinary(85)。要检索登录SID,请使用SUSER_SID(也返回... varbinary(85))。

Specifically do not store identities as login names (domain\user or user@domain) since these change way more frequently than you expect, specially in large corporations. Mine changed about 5 times in 10 years.

特别是不要将身份存储为登录名(域\用户或用户@域),因为这些更改方式比您预期的更频繁,特别是在大型公司中。矿井在10年内改变了约5次。

#2


2  

THis is a very complex question.

这是一个非常复杂的问题。

Technically do NOT store the name. store the ID, which incidentally is a GUID by type anyway.

从技术上讲,不要存储名称。存储ID,无论如何它依次是GUID类型。

That means you are safe when you for example rename the account and that is what WINDOWS Does. Ever seen when you open rights on a file it takes a second to show the names? And shows a number first? That is because windows takes a little to get the names from the domain controller.

这意味着当您重命名帐户时这是安全的,这就是WINDOWS所做的。有没有看到当你打开文件的权限时,需要一秒钟来显示名称?并首先显示一个数字?这是因为Windows需要一点点来从域控制器获取名称。

SIMPLE is to store the account name, but it means you are "dead" on a rename, which should be quite rate, otoh. I think most solutions go for that ;)

SIMPLE是存储帐户名称,但这意味着你在重命名时“死了”,这应该是非常好的,otoh。我认为大多数解决方案都适用于此;)

#3


1  

When getting the Current User id (check HERE), char(30) is used.

获取当前用户ID(在此处检查)时,使用char(30)。

So, at least, you should change the length to 30!

所以,至少,你应该把长度改为30!

#4


1  

It depends on the type of data in userid if it is an id from another table i you database, then save it as per the datatype in the parant table. if it windows userid then save it as nvarchar but make sure the logest userid is accommodated. like nvarchar(50)

如果它是来自您数据库的另一个表的id,则它取决于userid中的数据类型,然后根据parant表中的数据类型保存它。如果是windows userid然后将其保存为nvarchar,但要确保容纳logest userid。像nvarchar(50)

#5


1  

or should I even store userids

或者我应该存储用户ID

While creating new account in Stack overflow. It accepts Google/Facebook or Yahoo userids that means it uses Passport Authentication. But still it keeps the user information in the database for relation between query/replies/comments/flags etc.

在Stack溢出时创建新帐户。它接受Google / Facebook或Yahoo用户ID,这意味着它使用Passport身份验证。但它仍然将用户信息保存在数据库中,以查询/回复/评论/标记等之间的关系。

What should be the data type?

应该是什么数据类型?

Well, It depends upon your requirement. In case of Non English laguage. It must be NVarchar(50)

那么,这取决于你的要求。如果是非英语语言。它必须是NVarchar(50)