在登录表单中注册时以加密形式保存密码 [英] saving password in encrypted form during registering in login form
本文介绍了在登录表单中注册时以加密形式保存密码的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我已经有一个登录表单,其代码我在下面显示,我只想知道如何在sqlserver 2008中以ENCRYPTED格式保存密码。
I already have a Log-in form whose code I have shown below and I only want to know that how to save the password in ENCRYPTED form in sqlserver 2008.
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Data.SqlClient;
namespace WindowsFormsApplication24
{
public partial class Form1 : Form
{
public Form1()
{
InitializeComponent();
}
string msg;
SqlConnection con = new SqlConnection("Data Source=ITC-002;Initial Catalog=Tempabc;User ID=sa;Password=********");
SqlCommand cmd;
DataSet ds = new DataSet();
private void btn_login_Click(object sender, EventArgs e)
{
try
{
if (txtbx_name.Text == "" || txtbox_password.Text == "")
{
MessageBox.Show(" Enter UserName and Password .");
return;
}
cmd = new SqlCommand("SELECT * FROM LoginDetails where Name='" + txtbx_name.Text + "' and Password='" + txtbox_password.Text + "'", con);
SqlDataAdapter da = new SqlDataAdapter(cmd);
da.Fill(ds);
int i = ds.Tables[0].Rows.Count;
if (i == 1)
{
msg = "Welcome " + txtbx_name.Text;
this.Hide();
Form2 f2 = new Form2(msg);
f2.Show();
ds.Clear();
}
else
{
MessageBox.Show("Not Registered User or Invalid Name/Password");
txtbox_password.Text = "";
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
}
private void btn_register_Click(object sender, EventArgs e)
{
try
{
if (txtbx_name.Text == "" || txtbox_password.Text == "")
{
MessageBox.Show(" Enter UserName and Password .");
return;
}
/** checking whether name exists **/
cmd = new SqlCommand("SELECT * FROM LoginDETAILS where Name='" + txtbx_name.Text + "'", con);
SqlDataAdapter da = new SqlDataAdapter(cmd);
da.Fill(ds); //filling dataset
int i = ds.Tables[0].Rows.Count; //checking rows count in dataset
if (i > 0)
{
MessageBox.Show("UserName " + txtbx_name.Text + " Already Exists..");
txtbox_password.Text = "";
ds.Clear(); //clearing dataset
}
else
{
/** inserting name and password in table logindetails **/
cmd = new SqlCommand("INSERT INTO LOGINDETAILS VALUES('" + txtbx_name.Text + "','" + txtbox_password.Text + "')", con);
con.Open();
cmd.ExecuteNonQuery();
con.Close();
msg = "Registered Successfully \n Welcome " + txtbx_name.Text;
this.Hide(); //hiding form1
Form2 f2 = new Form2(msg);
f2.Show(); //showing form2
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
con.Close();
}
}
}
}
推荐答案
首先,您不应该以任何一种形式存储密码。您应始终创建密码的哈希并存储它。生成的结果无法恢复为正常形式。因此,在登录时,您应该比较哈希到哈希,而不是密码到密码。
见以下链接以便更好地理解。
密码存储:怎么做。 [ ^ ]
初学者指导一种安全的密码存储方式 [ ^ ]
First of all,you should not store password at all in either form. You should always create hash of the password and store it. The generated result can't be reverted back to its normal form. So at the time of login,you should compare hash to hash, not password to password.
See below links for better understanding.
Password Storage: How to do it.[^]
Beginners guide to a secure way of storing passwords[^]
这篇关于在登录表单中注册时以加密形式保存密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
