在WPF C#应用程序中散列密码 [英] Hashing password in WPF C# application
问题描述
我试图创建一个远程MySQL数据库并将其链接到WPF应用程序。我设法做到了这一点,但我被来自论坛的用户建议散列我的密码,因为它可以很容易地注入SQL。我的问题是有人知道如何创建基于该代码的散列密码:
using System;
使用System.Collections.Generic;
使用System.ComponentModel;
使用System.Data;
使用System.Drawing;
使用System.Linq;
使用System.Text;
使用System.Windows.Forms;
使用MySql.Data.MySqlClient;
namespace ECBSRecruitmentAgencySoftware
{
public partial class LogIn:Form
{
public LogIn()
{
InitializeComponent() ;
$ b $ public bool tryLogin(string username,string password)
{
MySqlConnection con = new MySqlConnection(host = aaaaaaaa.baaadsg; user = saaaaaak; password = 2333333336;数据库= soaaaaaaaa2;);
MySqlCommand cmd = new MySqlCommand(Select * FROM niki WHERE user_name =`+ username +`AND user_password =`+ password +`);
cmd.Connection = con;
con.Open();
MySqlDataReader reader = cmd.ExecuteReader();
if(reader.Read()!= false)
{
if(reader.IsDBNull(0)== true)
{
cmd.Connection.Close ();
reader.Dispose();
cmd.Dispose();
返回false;
}
else
{
cmd.Connection.Close();
reader.Dispose();
cmd.Dispose();
返回true;
}
}
else
{
return false;
private void button1_Click(object sender,EventArgs e)
{
if(tryLogin(user.Text,pass.Text)= = true)
{
MainScreen F2 = new MainScreen();
F2.Show();
this.Hide();
}
else
MessageBox.Show(Wrong details!);
下面是使用MD5散列文件的一个简单示例,该文件可以轻松转换为生成密码哈希:
using(var md5 = new MD5CryptoServiceProvider())
{
var buffer = md5.ComputeHash(File.ReadAllBytes(filename));
var sb = new StringBuilder();
for(var i = 0; i< buffer.Length; i ++)
{
sb.Append(buffer [i] .ToString(x2));
}
return sb.ToString();
}
不要忘记加盐你的哈希...
实际上,最好是阅读这篇关于将密码存储在数据库上的文章,而不是关于CP ...
I've tried to create a remote MySQL database and link it to WPF application. I manage to do that but I was advised by users from the forum to hash my password, cause it can be easyly SQL injected. My question is does anybody know how can I create hashed password based on that code:
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using MySql.Data.MySqlClient;
namespace ECBSRecruitmentAgencySoftware
{
public partial class LogIn : Form
{
public LogIn()
{
InitializeComponent();
}
public bool tryLogin(string username , string password)
{
MySqlConnection con = new MySqlConnection("host=aaaaaaaa.baaadsg;user=saaaaaak;password=2333333336;database=soaaaaaaaa2;");
MySqlCommand cmd = new MySqlCommand("Select * FROM niki WHERE user_name = `" + username + "` AND user_password = `" + password + "`;");
cmd.Connection = con;
con.Open();
MySqlDataReader reader = cmd.ExecuteReader();
if (reader.Read() != false)
{
if (reader.IsDBNull(0) == true)
{
cmd.Connection.Close();
reader.Dispose();
cmd.Dispose();
return false;
}
else
{
cmd.Connection.Close();
reader.Dispose();
cmd.Dispose();
return true;
}
}
else
{
return false;
}
}
private void button1_Click(object sender, EventArgs e)
{
if (tryLogin(user.Text, pass.Text) == true)
{
MainScreen F2 = new MainScreen();
F2.Show();
this.Hide();
}
else
MessageBox.Show("Wrong details!");
}
}
}
.NET supports several cryptographic hashes including MD5 and SHA so it's quite easy to hash your passwords using ComputeHash
methods of these classes...
Here is a simple example of hashing a file using MD5 which can be easily converted to generate a password hash:
using (var md5 = new MD5CryptoServiceProvider())
{
var buffer = md5.ComputeHash(File.ReadAllBytes(filename));
var sb = new StringBuilder();
for (var i = 0; i < buffer.Length; i++)
{
sb.Append(buffer[i].ToString("x2"));
}
return sb.ToString();
}
Don't forget to salt your hash...
Actually, it would probably be best to just read this great article about storing passwords in a database over on CP...
The Art & Science of Storing Passwords
这篇关于在WPF C#应用程序中散列密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!