简体繁体 English

统一（C＃）和php密码处理

[英]unity (c#) and php password handling

原文 2015-04-09 12:04:36 6 1 c#/ php/ unity3d

I have a website where users can create an account, the password is hashed with SHA256 and all the info stored in a database. 我有一个网站，用户可以在其中创建一个帐户，密码用SHA256散列，并且所有信息都存储在数据库中。

I have a game made with unity3d , where the player have to login. 我有一个用unity3d制作的游戏，玩家必须登录。

I used the WWW class to reach and get information from a login page of my website (of course no direct acces to the database). 我使用WWW类从我的网站的登录页面访问并获取信息（当然，没有直接访问数据库的权限）。 But I have to pass the username and password as POST values... 但是我必须将用户名和密码作为POST值传递...

Now I have two question : 现在我有两个问题：

I've read that I should use the php password library instead of SHA256, is that really critical? 我读过我应该使用php密码库而不是SHA256，这真的很关键吗？
How can I login in the game without compromising security? 如何在不损害安全性的情况下登录游戏？

1 个解决方案

Check out this link here : 在这里查看此链接：

If you're a web developer, you've probably had to make a user account system. 如果您是Web开发人员，则可能必须制作一个用户帐户系统。 The most important aspect of a user account system is how user passwords are protected. 用户帐户系统最重要的方面是如何保护用户密码。 User account databases are hacked frequently, so you absolutely must do something to protect your users' passwords if your website is ever breached. 用户帐户数据库经常遭到黑客入侵，因此，如果您的网站遭到破坏，则绝对必须采取一些措施来保护用户的密码。 The best way to protect passwords is to employ salted password hashing. 保护密码的最佳方法是采用盐化密码哈希。 This page will explain why it's done the way it is. 此页面将说明为什么这样做。

It will give you the basics of how to securely send, store, and use a password in php and even provides tested source code for you to use. 它将为您提供有关如何安全地发送，存储和使用php中的密码的基础知识，甚至提供经过测试的源代码供您使用。 Please do not try and come up with your own homebrew solution, use what this resource and make sure you understand it if you want to make your login secure. 请不要尝试提出自己的自制解决方案，请使用此资源来确保您的登录安全，并确保您理解它。