发表新帖
发表新帖

How to save the Password in C# .NET?

后端 未结
关注
5 988
南笙
南笙 2021-01-13 12:50

I am making a C#.NET application wherein I have designed an Administrator account. Now to Login in that account the Administrator has to enter the password.

My Ques

相关标签:
5条回答
  • 夕颜
    2021-01-13 13:18

    Assuming this is to persist the user's credentials on the server: store a hash of the password in the database. Ideally, you should compute and store something like SALT + sha1(SALT + password) where SALT is some random string computed for each password stored.

    0 讨论(0)
  • 名媛妹妹
    2021-01-13 13:20

    In addition to what everyone has been saying about not storing a plaintext password, you shouldn't work with a plaintext password in a string (for example, when getting the value from a text box).

    This is because strings can remain in memory for an unknown, uncontrolled length of time.

    They should be stored using SecureString.

    In the way of explanation:

    An instance of the System.String class is both immutable and, when no longer needed, cannot be programmatically scheduled for garbage collection; that is, the instance is read-only after it is created and it is not possible to predict when the instance will be deleted from computer memory. Consequently, if a String object contains sensitive information such as a password, credit card number, or personal data, there is a risk the information could be revealed after it is used because your application cannot delete the data from computer memory.

    0 讨论(0)
  • 旧巷少年郎
    2021-01-13 13:21

    Do you have a database in your system already ? Then just put it there. You will probably have a users table, that can be extended to accomodate the password (?) If not, you could store it in a file.

    What really matters, is that you should not store the password in plain text. It is bad security practice. You should one-way hash it using a good hashing algorithm (such as SHA512), preferably using a salt.

    0 讨论(0)
  • 暗喜
    2021-01-13 13:23

    You can store it salted and hashed in a user settings file.

    You can access the default settings file using something like:

    private bool CheckPassword(string salt, string password) 
{
   var hash = Encoding.ASCII.GetBytes(salt + password);
   var sha1 = new SHA1CryptoServiceProvider();
   var sha1hash = sha1.ComputeHash(hash);
   var hashedPassword = ASCIIEncoding.GetString(sha1hash);

   return (Properties.Settings.Default.adminPass == hashedPassword);
}
    0 讨论(0)
  • 刺人心
    2021-01-13 13:35

    For security reasons I would recommend you to store only the hash of the password and never the clear text password. You could store it in any persistent media you find it convenient: file registry, database, ...

    0 讨论(0)
 看不清?
提交回复
热议问题