[ AMD guy @ 04.07.2009. 09:39 ] @
Napravio sam jednostavnu formu koja vrsi validaciju username-a i passworda na formi i proverava da li taj username postoji u bazi, problem mi je u tome sto taj password stoji upisan u tabeli kao obican text sto je veliki sigurnosni problem. Moje pitanje je kako da sakrije(hashujem) tu password kolonu u tabeli. Code: private void btnlogin_Click(object sender, EventArgs e) { using (SqlConnection conn = new SqlConnection(Properties.Settings.Default.Rent_a_carConnectionString)) { conn.Open(); string cmdstr = String.Format("Select username,password from Users where username ='{0}' and password = '{1}'", txtUser.Text, txtPass.Text); using (SqlCommand cmd = new SqlCommand(cmdstr, conn)) { SqlDataReader dr = cmd.ExecuteReader(); while (dr.Read()) { if (dr["username"].ToString() == txtUser.Text && dr["password"].ToString() == txtPass.Text) { try { using (Start start = new Start()) { start.ShowDialog(); } } catch (Exception ex) { throw new Exception(ex.Message.ToString()); } } } } conn.Close(); } } |