[英]Handling hash function Insertio into MySql Database via Visual Studio C# .NET
I am working on a login system for a giant company with a hotel, restaurant and pool.我正在为一家拥有酒店、餐厅和游泳池的大公司开发登录系统。 Each Employee within this company will have access/+monitoring credentials to the system's DB.
该公司内的每个员工都将拥有对系统数据库的访问/+监控凭据。
I understand saving passwords in plain text is a BAD BAD approach so I managed the password hashing part tested it using text boxes and Message Boxes(which I removed later).我知道以纯文本格式保存密码是一种糟糕的方法,所以我管理密码散列部分使用文本框和消息框(我后来删除了)对其进行了测试。 and since almost everyone (or the post, videos and threads/forms I've read) said it is a must to have a
HashFunction
and a Salt
Column in your database beside the HashedPassword
Column;并且因为几乎每个人(或我读过的帖子、视频和主题/表单)都说,在您的数据库中的
HashedPassword
列旁边必须有一个HashFunction
和一个Salt
列; I am having some of a hard-time inserting the hash-function value into the HashFunction
column for I don't know what is the value that holds it!我在将哈希函数值插入
HashFunction
列时遇到了一些困难,因为我不知道保存它的值是什么!
Here is the code I have这是我的代码
private MySqlConnection Connect()
{
string con = "Server = servername; DataBase=DBName; username= usr; password=pwd ; Persist Security Info = False; Charset =utf8";
MySqlConnection connection = new MySqlConnection(con);
connection.Open();
return connection;
}
private String Salt(int size)
{
var rng = new System.Security.Cryptography.RNGCryptoServiceProvider();
var buffsize = new byte[size];
rng.GetBytes(buffsize);
return Convert.ToBase64String(buffsize);
}
private String GenerateSHA256Hash(string In, string salt)
{
byte[] bytes = System.Text.Encoding.UTF8.GetBytes(In + salt);
SHA256Managed sha256hashstring = new SHA256Managed();
byte[] hash = sha256hashstring.ComputeHash(bytes);
return Convert.ToBase64String(hash);
}
private void BtnAddUsr_Click(object sender, EventArgs e)
{
string salt = Salt(10);
string hashedpswd = GenerateSHA256Hash(txtp.Text, salt);
string AddUser = "Insert into users(name,password,hashfunc,salt,position) VALUES ('" + txtu.Text + "','" + txtp.Text + "','" + hashedpswd.ToString() + "',";
}
This is the DB Structure in PHPMyAdmin:这是 PHPMyAdmin 中的数据库结构:
How I can handle this and if by any chance anyone can help me with verifying if the user enters the right password, it would be great?我该如何处理这个问题,如果任何人都可以帮助我验证用户是否输入了正确的密码,那就太好了? Many Thanks.
非常感谢。
Thanks to @Chetan I have managed to figure out where I messed up BIG TIME !!!感谢@Chetan我设法弄清楚我在哪里搞砸了BIG TIME !!!
The code looks pretty much the same except for minor stupid changes in the command string
除了
command string
中的微小愚蠢更改外,代码看起来几乎相同
private String Salt(int size)
{
var rng = new System.Security.Cryptography.RNGCryptoServiceProvider();
var buffsize = new byte[size];
rng.GetBytes(buffsize);
return Convert.ToBase64String(buffsize);
}
private String GenerateSHA256Hash(string In, string salt)
{
byte[] bytes = System.Text.Encoding.UTF8.GetBytes(In + salt);
SHA256Managed sha256hashstring = new SHA256Managed();
byte[] hash = sha256hashstring.ComputeHash(bytes);
return Convert.ToBase64String(hash);
}
private void BtnAddUsr_Click(object sender, EventArgs e)
{
try
{
if (txtp.Text != "" && txtu.Text != "")
{
MySqlConnection con = Connect();
string salt = Salt(10);
string hashedpswd = GenerateSHA256Hash(txtp.Text, salt);
string AddUser = "Insert into users(name,hashedfact,salt,position) VALUES (@username,@hashedpassword,@salt,@poz)";
MySqlCommand mySqlCommand = new MySqlCommand(AddUser, con);
mySqlCommand.Parameters.AddWithValue("@uname", txtu.Text);
mySqlCommand.Parameters.AddWithValue("@hashedfact", hashedpswd);
mySqlCommand.Parameters.AddWithValue("@sugar", salt);
mySqlCommand.Parameters.AddWithValue("@poz", CmbPositions.SelectedItem.ToString());
//'" + txtu.Text + "','" + hashedpswd.ToString() + "', '"+hashvalue.ToString()+"', " +
//"'" + salt.ToString() + "','" + CmbPositions.SelectedItem.ToString() + "'
int res = mySqlCommand.ExecuteNonQuery();
if (res == 1)
{
DialogResult dialog = MessageBox.Show("User Added Successfully,Would you like to sing-in?", "Proceed?", MessageBoxButtons.YesNo, MessageBoxIcon.Information);
if (dialog == DialogResult.Yes)
{
new Thread(() => new Form1().ShowDialog()).Start();
this.SendToBack();
}
else
{
Application.Exit();
}
}
}
}
catch (MySqlException ex)
{
if (txtp.Text == "" || txtu.Text == "")
{
MessageBox.Show(ex.Message.ToString(), "Error Adding User", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
finally
{
Connect().Close();
}
}
And my Database looks better now!我的数据库现在看起来更好了!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.