Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>You will need to take the username and password (the password from a masked text box, preferably with a second box for confirmation) salt it, and create a hash from the password, and then insert the plaintext username and salted hash of the password in to the database. You can then verify the users password in future by comparing the database stored version with a salted (same salt!) hash of what the user enters. </p> <p>Note that each user should have their own salt which you randomly generate for that user when they create their account. (This is more secure that a global salt value which a hacker could discover).</p> <p>Take a look at <a href="http://msdn.microsoft.com/en-us/magazine/cc164107.aspx" rel="nofollow noreferrer">this article</a>. It pretty much covers all the bases, but <strong>don't use SHA-1</strong> as recommended in the article. You want a slow hash function that is computationally expensive such as BCrypt, or PBKDF2 (which is included in .NET). See <a href="https://crypto.stackexchange.com/questions/24/what-makes-a-hash-function-good-for-password-hashing">"What makes a good hash function for passwords"</a>. (Thanks @CodeInChaos for pointing this out).</p> <p>You can use <a href="http://msdn.microsoft.com/en-us/library/system.security.cryptography.rfc2898derivebytes.aspx" rel="nofollow noreferrer">Rfc2898DeriveBytes</a> in System.Security.Cryptography to create the salted hash of the password, PBKDF2 style. </p> <pre><code>byte[] salt = Guid.NewGuid().ToByteArray[]; Rfc2898DeriveBytes saltedHash = new Rfc2898DeriveBytes("P@$$w0rd", salt, 1000); </code></pre> <p>A good rule of thumb is that the number of iterations should cause the hashing operation to take about a second.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload