如何使用图像作为密码登录 [英] How to log-in with image as password

问题描述

Hi, I'm trying to setup a Login with fingerPrints. The idea is to select username from a combobox and provide fingerprint.  The pair is then compared against database stored values and if a match is hit Access is granted.

The datatype of the print is 'image' in the database however to store it i have to convert it to an array of type byte.
ComboBox1 DropDownStyle is DropDownList

My idea is to convert whatever is in the picture box to the same datatype and then compare.
 I have not been successful. I keep receiving the message ;
{"The data types image and varbinary(max) are incompatible in the equal to operator."}
raised at >> dr = clgq.ExecuteReader(); <<

what do i need to to get this right. I already included the System.Drawing.Imaging, System.IO, Libraries.Help Please

我是什么尝试过：

What I have tried:

private void button2_Click(object sender, EventArgs e)
            {
            string lgq = "select name, picture from photo where name= '" + comboBox1.Text + "' and picture= @pc";
            

            MemoryStream ms = new MemoryStream();//Declare a memory stream
            pictureBox1.Image.Save(ms, ImageFormat.Jpeg);//Create a value of PictureBox1 as a memory stream with jpg encoding
            byte[] pic = ms.ToArray(); //convert this memory stream to an array of bytes

            SqlCommand clgq = new SqlCommand(lgq, con);
            clgq.Parameters.AddWithValue("@pc", pic);

            SqlDataReader dr;
            dr = clgq.ExecuteReader();
            int T = 0;
            while(dr.Read())
                {
                T++;
                }
            if (T == 1)
                MessageBox.Show("Login Successful", " ", MessageBoxButtons.OK, MessageBoxIcon.Information);
            else
                MessageBox.Show("Login Not Successful", " ", MessageBoxButtons.OK, MessageBoxIcon.Stop);

            }

推荐答案

确定...将图像转换为字节（以便存储它们）和回到图像（当你检索它们时）非常简单 - 你已经完成了一面。从字节转换为图像你不需要做 - SQL SELECT将返回一个字节数组，你只能投射。

但是......这种方法不起作用。 />
首先，你正在做的是危险的：永远不要连接字符串来构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度，这可能会破坏您的整个数据库。请改用参数化查询。



其次，你不能要求SQL比较两个字节数组 - 它不会这样做，所以你需要检索字节数据来自SQL并自己比较，而不是期望SQL为你做。



第三 - 这是最重要的 - 它几乎肯定永远不会匹配。考虑一下扫描指纹的分辨率，现在想一想：镜头上是否有一粒灰尘？如果有，这两个图像将不相同。与最初扫描时相比，手指是否无限旋转？如果是这样的话......与原始手指相比，手指是否垂直或水平移动了一小部分毫米？如果是这样的话......

总会有所不同。为了比较指纹，你不要比较图像，你需要寻找重要的形状，折叠，螺纹，断裂等使它们独一无二的。这不像这张照片和那张照片完全相同吗？

OK...converting an image to bytes (so you can store them) and back to an image (when you retrieve them) is pretty easy - you've done one side. Converting from bytes to image you don't need to do - the SQL SELECT will return an array of bytes, which you cna just cast.
But...this approach won't work.
Firstly, what you are doing is dangerous: Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.

Secondly, you can't ask SQL to compare two byte arrays - it doesn't do that, so you need to retrieve the byte data from SQL and compare it yourself, rather than expect SQL to do it for you.

Thirdly - and this is the biggie - it will almost certainly never match. Think about the resolution of whatever you are scanning the fingerprint with, and now think about these: is there a single grain of dust on the lens? If there is, the two images will not be the same. Is the finger rotated even infinitesimally compared to when it was originally scanned? If so... Is the finger moved even a tiny fraction of a millimetre vertically or horizontally compared to the original? If so...
It will always be different. To compare fingerprints, you don;t compare images, you need to look for the significant shapes, fold, whorls, breaks, and such like that make them unique. It's not as trivial as "is this picture identical to that one?"

这篇关于如何使用图像作为密码登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！