 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / Languages / C# / August 2007best way to save passwords in SQL server?
I want to know what's the best way to save passwords in SQL server using C#? Jassim, Honestly, don't. Saving passwords is a bad, bad idea. You are better off creating a challenge/response mechanism. However, if you have to save passwords, then encrypt the column, and make sure that you secure the encryption key well. Here is some information on how to encrypt a column of data: http://msdn2.microsoft.com/en-us/library/ms179331.aspx  Signature- Nicholas Paldino [.NET/C# MVP] - mvp@spam.guard.caspershouse.com >I want to know what's the best way to save passwords in SQL server using >C#? > I want to know what's the best way to save passwords in SQL server using C#? Use System.Security.Cryptography and convert password into hashes use SHA1/MD5 >> I want to know what's the best way to save passwords in SQL server using C#? > > Use System.Security.Cryptography and convert password into hashes use > SHA1/MD5 Note that hashing algorithms are by nature one-way, meaning there isn't a way to "unhash" something into a password again if you need to retrieve it. Storing hashes is generally better, but it will mean that should you ever actually need/want to see the password, you will be unable to do so (easily, see below). It used to be that hashes were viewed as offering more security in the event of a system compromise but that's not necessarily true anymore with the advent of Rainbow Tables and cheap disk space. Chris. Well, if you use a salt value then any attack using rainbow tables is easily avoided. Signature- Nicholas Paldino [.NET/C# MVP] - mvp@spam.guard.caspershouse.com >>> I want to know what's the best way to save passwords in SQL server using >>> C#? [quoted text clipped - 13 lines] > > Chris. > Well, if you use a salt value then any attack using rainbow tables is > easily avoided. Assuming they didn't already know the algorithm used. Salts do help, but they don't invalidate rainbow tables -- just those using a different algorithm to generate hash entries. Any way you slice it a total system compromise is bad. Chris. thsn how can read it? can you show an example on how to create the passowrd and read it back using a login textbox? >>> I want to know what's the best way to save passwords in SQL server using >>> C#? [quoted text clipped - 13 lines] > > Chris. > thsn how can read it? > > can you show an example on how to create the passowrd and read it back > using a login textbox? Nicholas already provided a response on this earlier when he told you that it was a bad idea to save passwords, but if you absolutely must, use an encrypted column of data. There's a link in that post that explains it fairly well. Chris. >>>> I want to know what's the best way to save passwords in SQL server >>>> using C#? [quoted text clipped - 13 lines] >> >> Chris. > thsn how can read it? > > can you show an example on how to create the passowrd and read it back > using a login textbox? You would generate a hash of the password they entered in the textbox and compare it to your stored hash, if they are equal then its the same password. Taking care to go through the same salting routine if used. JB Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.