security - Best way to store password in database -

-

I am working on a project that has authentication (user name / pass)

this Also connects to a database, so I thought I would store the username and password there, but it seems that the table sitting on DB should not have a password as a text field, there is no such good idea. >

Using C # and by 2008 Express Server Ekt Does anyone get the idea (possibly the best way of many examples) to store this type of data?

(I am open to the idea that this information is not stored in DB if a good reason can be provided)

You are right that accumulating a password in a plain-text field is an awesome idea, however, as long as it stays , in most cases you (and I honestly can not think of any counter-example) in a passport in the representation database The proper job is to represent I mean that you want to have a password (which should be different for each user) and use a secure 1-way algorithm to heath the password and that After you want to throw away the original password, when you want to check a password, you compare the value of the value (by using the same hashing algorithm and salt) and the database in the database.

So, when it's a good thing to think about and it's a good question, it's actually at least one duplicate of these questions:

    • To make a bit more clear, the danger of having a password stored and storing it is that if an encroachment is holding your database, then they can still use the password that has the "decrypt" password ( Less Less than those visible in the rainbow table) are known as. To get around this, developers add a password, which is done properly, attacks the rainbow that are unable to do only. Note that a common misconception is to add a uniform unique and long string only for all passwords; While it is not awesome , it is best to add unique salts for each password.


    Comments

    Post a Comment

    Popular posts from this blog

    c++ - Linux and clipboard -

    -
    After selecting the copies of the buffer in Linux, after the text, we can click and paste the button between the mouse. I think there is a special buffer for this, I want to use it. Programming Language: C ++ Your Library: Qt Thanks. There is just one more correct answer than Paul Dixon, which answers your needs: / P > QClipboard * clipboard = QApplication :: clipboard (); CastString Selected Text = Clipboard-> Text (QClipboard :: Selection);
    Read more

    What is expire header and how to achive them in ASP.NET and PHP? -

    -
    I have examined the performance statistics of my website today. I have received a warning (or error may occur) that is given below Add Terminal Headers Here are 15 static components without a 15-futures end date * (no end) Http://www.example.com/video/css/global.css * (no time limit) http://www.example.com/video/js/global.js * (no expiration ) Http: //www.example.com/video/images/main-bg.png what it means and how to achieve it both in PHP and ASP.Net. I am on a shared hosting server, so please tell me some ways to use the code, because I can not make any modifications at the end of the server. If I expire the header, then there is no chance that if I make changes to the CSS, then the user will not be able to remove them immediately because CSS and other files have a fixed time limit (1 month, week ) Are cached for. Is Is there any harm to using PHP? $ time = time () + 3 * 24 * 60 * 60; // 3 day headings ('End:'. GMDAT ('D, D MYH: i: s \ g \ m \ t',
    Read more

    sql server - How can I determine which of my SQL 2005 statistics are unused? -

    -
    After a few years, one of my biggest databases has deposited 73 figures out of its largest tables. With Indexes, I can run many types of reports and queries, how often / heavily specific indexes are used. What is an equivalent for data? We are running SQL 2005. To make statistics automatically managed and honest, I would like to "update statistics", "create statistics" and There is no information about any management except "drop statistics" orders. In theory, UPDATE should handle the addition and removal of statistical data. In addition, I've never heard about the amount of storage or storage taking in large amounts, so I'm not sure whether there is any reason for the alarm or not. If you are seeing a potential problem, then I would suggest running an update before, if it does not clean it, it is leaving and then it appears to be safe operation (because it is the only query optimizer Is for). I will not leave "left" in the
    Read more