Password Hashing and User Authentication
- From: "Brian" <Brian@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 6 Jun 2005 06:37:23 -0700
Thanks for your time.
When a hashed password is stored in a db - how should it appear in the table?
In the MySQL table I'm using to store username and passwords, it appears as
system.byte[]. The data type is defined as varchar(16), binary. The field
is not behaving as it should during authentication - as long at I enter a
valid username, the system authenticates me despite a correct or incorrect
password value. Below is the code I'm using to hash the password and save
the password to the MySQL table:
Dim md5Hasher As New MD5CryptoServiceProvider
Dim hashedBytes As Byte()
Dim encoder As New UTF8Encoding
hashedBytes = md5Hasher.ComputeHash(encoder.GetBytes(txtPwd.Text))
With da.InsertCommand
.Connection = sqlconStBarts
.Parameters.Item("usr").Value = txtUsr.Text
.Parameters.Item("pwd").Value = hashedBytes
db.Open()
.ExecuteNonQuery()
db.Close()
End With
Below is the code i'm using for authentication:
Dim md5Hasher As New MD5CryptoServiceProvider
Dim hashedBytes As Byte()
Dim encoder As New UTF8Encoding
hashedBytes =
md5Hasher.ComputeHash(encoder.GetBytes(txtPassword.Text))
With sqldaSecurity.SelectCommand
.Connection = sqlcon
.Parameters.Item("user").Value = txtUser.Text
.Parameters.Item("pwd").Value = hashedBytes
sqlcon.Open()
If sqldaSecurity.SelectCommand.ExecuteScalar() = "true" Then
sqlcon.Close()
Session.Add("ip_address", Request.UserHostAddress)
Session.Add("user_id", txtUser.Text)
Response.Redirect("AdminDefault.aspx")
Else
lblErr.Visible = True
sqlcon.Close()
End If
End With
.
- Prev by Date: Catch duplicate primary key exeption
- Next by Date: asp 2.0 wizard navigation with javascript
- Previous by thread: Catch duplicate primary key exeption
- Next by thread: asp 2.0 wizard navigation with javascript
- Index(es):
Relevant Pages
|
