更新时间:2022-10-26 23:34:00
ComputeHash
方法对您的密码进行散列相当容易... 下面是使用MD5散列文件的一个简单示例,该文件可以轻松转换为生成密码哈希:
using(var md5 = new MD5CryptoServiceProvider())
{
var buffer = md5.ComputeHash(File.ReadAllBytes(filename));
var sb = new StringBuilder();
for(var i = 0; i< buffer.Length; i ++)
{
sb.Append(buffer [i] .ToString(x2));
}
return sb.ToString();
}
不要忘记加盐你的哈希...
实际上,***是阅读这篇关于将密码存储在数据库上的文章,而不是关于CP ...
I've tried to create a remote MySQL database and link it to WPF application. I manage to do that but I was advised by users from the forum to hash my password, cause it can be easyly SQL injected. My question is does anybody know how can I create hashed password based on that code:
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using MySql.Data.MySqlClient;
namespace ECBSRecruitmentAgencySoftware
{
public partial class LogIn : Form
{
public LogIn()
{
InitializeComponent();
}
public bool tryLogin(string username , string password)
{
MySqlConnection con = new MySqlConnection("host=aaaaaaaa.baaadsg;user=saaaaaak;password=2333333336;database=soaaaaaaaa2;");
MySqlCommand cmd = new MySqlCommand("Select * FROM niki WHERE user_name = `" + username + "` AND user_password = `" + password + "`;");
cmd.Connection = con;
con.Open();
MySqlDataReader reader = cmd.ExecuteReader();
if (reader.Read() != false)
{
if (reader.IsDBNull(0) == true)
{
cmd.Connection.Close();
reader.Dispose();
cmd.Dispose();
return false;
}
else
{
cmd.Connection.Close();
reader.Dispose();
cmd.Dispose();
return true;
}
}
else
{
return false;
}
}
private void button1_Click(object sender, EventArgs e)
{
if (tryLogin(user.Text, pass.Text) == true)
{
MainScreen F2 = new MainScreen();
F2.Show();
this.Hide();
}
else
MessageBox.Show("Wrong details!");
}
}
}
.NET supports several cryptographic hashes including MD5 and SHA so it's quite easy to hash your passwords using ComputeHash
methods of these classes...
Here is a simple example of hashing a file using MD5 which can be easily converted to generate a password hash:
using (var md5 = new MD5CryptoServiceProvider())
{
var buffer = md5.ComputeHash(File.ReadAllBytes(filename));
var sb = new StringBuilder();
for (var i = 0; i < buffer.Length; i++)
{
sb.Append(buffer[i].ToString("x2"));
}
return sb.ToString();
}
Don't forget to salt your hash...
Actually, it would probably be best to just read this great article about storing passwords in a database over on CP...