Recently I started working on an application in C#, got the login area working with hidden pass-codes and such. But I wish to use SQL so it can make it more secure, but most websites I visit to find how SQL works, I keep getting information that doesn't provide enough information.
I'll need to get the Username, and password from the clients section in the database.
And the database is local, and isn't running on an SQL server( I don't have a proper version I can use ).
Can someone please provide the information?
Password security 101
#1 Don't store passwords, store hashes of the password instead.
Following on with what jA_cOp says: Don't store a user's password. Instead, store the one-way encrypted hash of the password. For extra security, salt the password with a unique string for each user. (Salting is just adding extra stuff to it).
This way, if someone gains access to your databases, they won't be able to immediately log in as anyone. Secondly, if you're salting it with a unique salt value for each user, two users with the same password won't have the same password hash, so the intruder can't find out the password for both accounts at once. And, while it doesn't always make a difference, by salting it you're increasing the length of the original text and this usually makes it take a longer time to crack. Once you've stored the salted hashed password in the database, every time you retrieve the record you'll get that data. To check if a login is valid, salt and hash the input password and compare the result with the record in the database - if they're a match, it's a valid login.
[QUOTE=mechanarchy;28871994]Following on with what jA_cOp says: Don't store a user's password. Instead, store the one-way encrypted hash of the password. For extra security, salt the password with a unique string for each user. (Salting is just adding extra stuff to it).
This way, if someone gains access to your databases, they won't be able to immediately log in as anyone. Secondly, if you're salting it with a unique salt value for each user, two users with the same password won't have the same password hash, so the intruder can't find out the password for both accounts at once. And, while it doesn't always make a difference, by salting it you're increasing the length of the original text and this usually makes it take a longer time to crack. Once you've stored the salted hashed password in the database, every time you retrieve the record you'll get that data. To check if a login is valid, salt and hash the input password and compare the result with the record in the database - if they're a match, it's a valid login.[/QUOTE]
I can understand that, but still can't figure out how this works. I've tried multiple tutorials, but no matter what I do it keeps telling me the information I entered is invalid.
Sorry, you need to Log In to post a reply to this thread.
