OK, I have an application written in C # I have data in SQL Server that data in our There are close user accounts that will give access to the app.
I have read, and I know that you need salt and mustache and possibly a bunch of hash etc. But, what do I do? What else should I send to SQL Server? What exactly do I store in the database? Do I havehish it in SQL? (Probably there is a hash function, like mysql?) Do I have hash and fancy stuff in my code? Do I send and compare hash to the server, or do I get a hash from the server and compare my application? What about salt? Where do I make it? Where do I store it? How do I get it?
In other words, someone gives me a good and obvious trend of the login scenario (and possibly a user add / reset password scenario)
Hope that something is my Clear these things for =)
I fully agree with Joel Kohora, best The alternative is to try someone else and trust the correct implementation if, however, you implement your own security Not set to roll, so my advice is the following:
- to store the hash and salt in the database.
- Generate hash and salt in your code This way you are not tying yourself to a particular database.
- Never send passwords on the wire as a wireless text. I recommend bringing the hash and salt from the database and comparing the ones that you want to be certified, have calculated the username and password given by the party.
Comments
Post a Comment