C Sharp.net中的数据库连接 [英] Database connection in c sharp.net

问题描述

如何使用oledb连接在访问数据库中存储用户名和密码值?

How to store username and password values in access database using oledb connection?

推荐答案

答案不取决于OleDbConnection-只是让您与数据库建立连接.建立连接后，实际上需要发出命令.在这种情况下，取决于您要添加新用户还是更新现有用户的详细信息，它要么通过INSERT要么通过UPDATE.要实际发出SQL命令，您将使用OleDbCommand实例，然后调用ExecuteNonQuery.

现在，当您存储密码时，我的建议是不要自己存储密码，因为这是一个巨大的安全漏洞.如果您是我，我会做的是使用一种单向哈希算法对密码进行哈希处理，并将密码的哈希版本以及随机生成的salt值保存到数据库中.现在，当您需要计算用户密码时，您将根据用户名检索用户，然后使用用户记录中完全相同的盐转换用户输入的密码，以比较密码.

您可能会找到此 [

The answer to this doesn''t rely on an OleDbConnection - that merely gets you the connection to the database. Once you''ve got the connection, you actually need to issue a command; in this case it''s either going to be via an INSERT or UPDATE depending on whether you are adding a new user or updating the details of an existing one. To actually issue the SQL command, you would use an OleDbCommand instance, and call ExecuteNonQuery.

Now, when you store the password, my advice would be not to store the password itself as this is a huge security hole. What I would do, if I were you, would be to hash the password using a one way hash algorithm and save the hashed version of the password along with the randomly generated salt value to the database. Now, when you need to calculate the users password, you would retrieve the user based off their name and, from this, you would convert the password they typed in using exactly the same salt in the user record to compare the passwords.

You might find this[^] useful.

Now, a couple of final thoughts:

1. When you issue your command to save the data, please use parameters rather than string concatenation. This will help in your steps to avoid Sql Injection Attacks.
2. Are you really sure it has to be Access? Access is a file based database, so it''s not very secure (basically, if someone can get to your hard drive, they can copy the database). Why not look into using Sql Server Express instead?

这篇关于C Sharp.net中的数据库连接的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！