6 Replies - 359 Views - Last Post: 02 November 2018 - 06:33 AM Rate Topic: -----

#1 aspfun   User is offline

  • D.I.C Head

Reputation: 1
  • View blog
  • Posts: 96
  • Joined: 16-January 13

How to protect password?

Posted 31 October 2018 - 08:30 AM

I used code below to save user's register user name and password.
It is not security because password is readable.
How to encrypt password and save to SQL?

Dim cn As New SqlConnection(connectionString)
Dim cmd As New SqlCommand

cmd.Connection = cn
cn.Open()

cmd.CommandText = "INSERT INTO [Obort].[dbo].[Users] ([ID], [Username], [Password]) VALUES ('', @Username, @Password);"
cmd.Parameters.Add("@Username", SqlDbType.VarChar, 50).Value = txtUsernameD.Text
cmd.Parameters.Add("@Password", SqlDbType.VarChar, 50).Value = txtPasswordD.Text

cmd.ExecuteNonQuery()

cn.Close()

This post has been edited by aspfun: 31 October 2018 - 08:31 AM


Is This A Good Question/Topic? 0
  • +

Replies To: How to protect password?

#2 modi123_1   User is offline

  • Suitor #2
  • member icon



Reputation: 14576
  • View blog
  • Posts: 58,439
  • Joined: 12-June 08

Re: How to protect password?

Posted 31 October 2018 - 08:54 AM

You would hash them.

Article to read:
https://visualstudio...-passwords.aspx
Was This Post Helpful? 0
  • +
  • -

#3 aspfun   User is offline

  • D.I.C Head

Reputation: 1
  • View blog
  • Posts: 96
  • Joined: 16-January 13

Re: How to protect password?

Posted 31 October 2018 - 09:02 AM

I learned from here.

https://stackoverflo...tring-in-vb-net

For the function AESE(ByVal plaintext As String, ByVal key As String) As String, what key should I input?
Was This Post Helpful? 0
  • +
  • -

#4 modi123_1   User is offline

  • Suitor #2
  • member icon



Reputation: 14576
  • View blog
  • Posts: 58,439
  • Joined: 12-June 08

Re: How to protect password?

Posted 31 October 2018 - 09:24 AM

No.. you would want to salt and hash the password.
Was This Post Helpful? 0
  • +
  • -

#5 TechnoBear   User is offline

  • Lady A
  • member icon

Reputation: 276
  • View blog
  • Posts: 1,089
  • Joined: 02-November 11

Re: How to protect password?

Posted 01 November 2018 - 09:46 AM

#region "Password Methods"
        /// <summary>
        /// Generate the hashed password using a password string.
        /// </summary>
        /// <param name="RequestParameters">The parameters needed to get the hashed password.</param>
        /// <returns>The hashed password</returns>
        public string GetHashedPassword(RequestParametersPassword RequestParameters)
        {
            string salt = GetSalt();
            string hash = GetMD5Hash(string.Concat(RequestParameters.Password.Trim(), salt.Trim()));
            return string.Format("{0}:{1}", hash, salt);
        }
        /// <summary>
        /// Get the MD5 hash from input.
        /// </summary>
        /// <param name="InputString">The input to hash</param>
        /// <returns>The hashed input</returns>
        private string GetMD5Hash(string InputString)
        {
            MD5 hash = MD5.Create();
            byte[] data = hash.ComputeHash(Encoding.UTF8.GetBytes(InputString));
            return BitConverter.ToString(data).Replace("-", string.Empty);
        }
        /// <summary>
        /// Get the salt for the hashed password.
        /// </summary>
        /// <returns>The salt for the hashed password.</returns>
        private string GetSalt()
        {
            byte[] SaltBytes = new byte[31];
            RNGCryptoServiceProvider provider = new RNGCryptoServiceProvider();
            provider.GetNonZeroBytes(SaltBytes);
            return Convert.ToBase64String(SaltBytes);
        }
        #endregion

Written in C# because that is what I am in right now, but this is an implementation of an MD5 salted/hashed string. This shows you essentially how one may perform what you are asking for. Obviously it needs to be handled within your requirements, but this should help with visualizing process.
Was This Post Helpful? 0
  • +
  • -

#6 Sheepings   User is offline

  • Senior Programmer
  • member icon

Reputation: 149
  • View blog
  • Posts: 962
  • Joined: 05-December 13

Re: How to protect password?

Posted 02 November 2018 - 05:10 AM

Op is working with .net, not c#. You should convert or rewrite it in vb.net to make your post more useful. Not everyone knows c# well enough to convert, and to know if a converter did it properly.
Was This Post Helpful? 0
  • +
  • -

#7 andrewsw   User is offline

  • head thrashing
  • member icon

Reputation: 6645
  • View blog
  • Posts: 27,200
  • Joined: 12-December 12

Re: How to protect password?

Posted 02 November 2018 - 06:33 AM

This is fair enough in my opinion, especially given the additional note about why C# is provided. It is up-to the OP to determine whether this is useful or not, and to request additional guidance or a recommendation for a converter.

The OP has also been here for quite a while so hopefully is not overcome with the sight of C# code.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1