如何创建SECURE登录/注册系统 [英] How do I create a SECURE login/register system

问题描述

亲爱的CodeProject，



我想知道如何为应用程序创建一个安全可靠的登录/注册系统我想知道如何使用MySQL在C＃中安全。



任何人都可以帮我如何在C＃中创建登录/注册并使用MySQL保护＃div class =h2_lin>解决方案

关于密码storage的方面：切勿以明文或加密形式存储密码。加密可以打破。这就是黑客可以从没有安全设计的网站窃取密码的原因。基本思想是存储密码的哈希码，该密码不能反转到密码。当用户想要登录时，您再次根据输入的密码计算哈希码，并将其与存储的哈希码进行比较。要安全地实现这一点有几点需要注意，请参考这篇文章： Salted Password Hashing - 正确行事 [ ^ ]



编辑：那篇文章只讨论了正确的做法 - 以下文章还解释了为什么其他方法不好：

http://www.darkreading.com/safely-storing-user-passwords-hashing-vs-encrypting/a/d-id/1269374 [ ^ ]

http s：//wblinks.com/notes/storing-passwords-the-wrong-better-and-even-better-way/ [ ^ ]

/ edit



关于从C＃使用MySQL的方面 - 如果您需要帮助，请使用此google搜索，它将向您显示几个CodeProject文章，涵盖此： https://www.google.com / search？q = c％23 + mysql + codeproject& ie = utf-8& oe = utf-8 [ ^ ]

当它到来时为了安全，我们可以通过许多方式保护我们的应用程序。



如果您正在使用桌面应用程序，基本的事情是创建存储过程而不是使用加密C lasses以加密格式保存您的密码。

如果您没有这些课程，我不介意与您分享或回复此项，如果您需要简短的文章。

我发现这篇简短的文章可能对你很有帮助。



将C＃连接到MySQL [ ^ ]

Dear CodeProject,

I'm wondering how I can create a safe and secure Login / Register system for a application either I want to know how to use MySQL safe in C#.

Can anyone help me how to create a Login/Register and secure with MySQL in C#

解决方案

Regarding the aspect of password "storage": Never store the password in either plaintext or in encrypted form. Encryption can be broken. That's what allows hackers to steal passwords from websites that weren't engineered in a safe way. The basic idea is to store a hashcode of the password that can not be reversed to the password. And when the user wants to log on, you calculate the hashcode from his entered password once again and compare that to the stored hashcode. There are several things to keep in mind to implement this safely, please refer to this article: Salted Password Hashing - Doing it Right[^]

edit: That article only talks about the right way of doing it - the following articles also explain why other ways of doing it are bad:
http://www.darkreading.com/safely-storing-user-passwords-hashing-vs-encrypting/a/d-id/1269374[^]
https://wblinks.com/notes/storing-passwords-the-wrong-better-and-even-better-way/[^]
/edit

Regarding the aspect of using MySQL from C# - if you need help with that, please use this google-search which will show you several CodeProject-articles covering this: https://www.google.com/search?q=c%23+mysql+codeproject&ie=utf-8&oe=utf-8[^]

When it comes to security their are many things by which we can secure our application.

If you are working with desktop application the basic thing is to create store procedure than you can use cryptography classes to save your password in encrypted format.
If you do not have those classes i wouldn't mind sharing it with you or reply this if you need brief article for this.

I found this brief article it might be very helpful to you.

Connect C# to MySQL[^]

这篇关于如何创建SECURE登录/注册系统的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！