Click here to Skip to main content
15,906,624 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
Hi I am working with a voice chat software and want to set the email id of the user as his username and while signing up want to make sure that he/she is an authenticated user (by comparing the user name and password stored in the MYSQL database while he registered himself). But am not able to do so.. How to compare the password and username??? plz help me
Posted
Updated 24-Apr-12 5:36am
v2
Comments
[no name] 24-Apr-12 11:35am    
What have your tried? What errors did you get? Where is the relevant section of code?

1 solution

First of all, don't store passwords anywhere. This would not be an acceptable or safe practice and is not needed for authentication. No one has a right to know original password except the person who created it, not matter how much access to the system one has. One of the most popular way is using cryptographic hash function. You can calculate hash function before submitting a username/password pair and transmit only the result of the hash function; one the server side, only hashed values are stored; so you always compare hash with hash. Please see:
http://en.wikipedia.org/wiki/Cryptographic_hash_function[^].

The nature of hash function algorithm makes inverting of it infeasible, so it is infeasible to find out an original password. Please see:
http://en.wikipedia.org/wiki/Computational_complexity_theory#Intractability[^].

It is important not to use MD5 or SHA-1. These algorithms are proven broken and should not be used for any security purposes. Please see:
http://en.wikipedia.org/wiki/MD5[^],
http://en.wikipedia.org/wiki/SHA-1[^].

I would recommend to use one of the algorithms of SHA-2 family. Please see:
http://en.wikipedia.org/wiki/SHA-2[^].

The cryptographic hash function algorithms are well implemented in .NET. Please see:
http://msdn.microsoft.com/en-us/library/system.security.cryptography.hashalgorithm.aspx[^].

See also my past answer:
Is base64Encode function is best for encode a password string?[^].

—SA
 
Share this answer
 
v2

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900