Update a user’s stored password (usually the hashed value) in a BigQuery table with one safe, atomic UPDATE statement.
Use an UPDATE statement that targets the specific row and writes a new hashed password into the password column. Always hash on the client or in-query to avoid storing plain text.
BigQuery Standard SQL offers SHA256, SHA512, MD5 and FARM_FINGERPRINT. SHA256 is the most common choice for password hashes when combined with a per-user salt.
UPDATE `project.dataset.table`
SET column
=expression
WHERE condition
;
Yes. Wrap the UPDATE in a transaction (via multi-statement script) or restrict by WHERE IN
to batch multiple user IDs.
Immediately SELECT the row after the UPDATE inside the same script or query window. BigQuery’s snapshot isolation guarantees you see the new hash.
Store a unique salt per user (e.g., a UUID). Concatenate the salt with the clear-text password, hash, then store both salt
and password_hash
columns.
password_hash STRING
, salt STRING
, last_changed TIMESTAMP
Prepare the UPDATE statement as a parameterised query in your language SDK (Python, Java, Go). Pass the new salt and hash as parameters to avoid SQL injection.
Never change Google Cloud user credentials here—BigQuery manages auth via IAM. Only update passwords your application stores in tables such as Customers
.
One precise UPDATE with hashing, salting, and a WHERE clause is all you need to change a stored password safely in BigQuery.
No. BigQuery manages authentication with Google Cloud IAM. Use UPDATE only for application-level passwords held in your tables.
Technically yes, but MD5 is considered weak. Use SHA256 or stronger along with a unique salt.
Yes. Multi-statement scripts run in a single transaction, ensuring atomic updates across multiple tables if needed.