这段代码中的问题? [英] problem in this code?
本文介绍了这段代码中的问题?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
SqlConnection con=new SqlConnection(WebConfigurationManager.ConnectionStrings["home"].ConnectionString);
con.Open();
try
{
SqlCommand cmd = new SqlCommand("select UserId,password from UserDetails1", con);
SqlDataReader dr = cmd.ExecuteReader();
while (dr.Read())
{
if ((Login1.UserName == dr["UserId"].ToString()) && (Login1.Password == dr["password"].ToString()))
{
Response.Redirect("home.aspx");
Label1.Text = "Welcome " + Login1.UserName;
}
}
dr.Close();
}
catch (Exception e1)
{
con.Close();
}
推荐答案
是:您在数据库中存储纯文本密码。你不应该。
更好的方法是存储密码的哈希值(加盐);在连接时,您对键入的密码执行相同的哈希函数,并将结果与数据库中的记录进行比较。
更多信息:
在SQL Server中存储密码 [ ^ ]
Yes : you are storing plain text passwords in your database. You should not.
Better way is to store a hash (with salt) of the password; upon connection you execute the same hash function on the typed password, and compare the result to the record in the database.
More on that:
Storing passwords in SQL Server[^]
有很多 - 像皮特一样提到,你只有当事情失败时才关闭连接。
但是......我怀疑你所说的那个是Label1并没有显示你的欢迎信息...
我并不感到惊讶。由于您重定向远离它上面的行中的页面,因此对Label1所做的事情并不重要,因为无论如何它都将被丢弃并替换为新的页面内容。
请不要以明文形式存储密码 - 这是一个主要的安全风险。有关如何在此处执行此操作的信息:密码存储:如何做到这一点。 [ ^ ]
There are a number of them - as Pete as mentioned, you only close the connection when something fails.
But...the one I suspect you are talking about is that Label1 doesn't not show your welcome message...
And I'm not surprised. Since you Redirect away from the page in the line above it, it doesn't really matter what you do to Label1, since it will all be thrown away anyway and replaced with teh new page content.
And please, never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^]
保持finally块关闭sqlconnection(con.close())。
Keep finally block to close sqlconnection (con.close()).
这篇关于这段代码中的问题?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
