Click here to Skip to main content
15,907,001 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
Dear CodeProject,

I'm wondering how I can create a safe and secure Login / Register system for a application either I want to know how to use MySQL safe in C#.

Can anyone help me how to create a Login/Register and secure with MySQL in C#
Posted

Regarding the aspect of password "storage": Never store the password in either plaintext or in encrypted form. Encryption can be broken. That's what allows hackers to steal passwords from websites that weren't engineered in a safe way. The basic idea is to store a hashcode of the password that can not be reversed to the password. And when the user wants to log on, you calculate the hashcode from his entered password once again and compare that to the stored hashcode. There are several things to keep in mind to implement this safely, please refer to this article: Salted Password Hashing - Doing it Right[^]

edit: That article only talks about the right way of doing it - the following articles also explain why other ways of doing it are bad:
http://www.darkreading.com/safely-storing-user-passwords-hashing-vs-encrypting/a/d-id/1269374[^]
https://wblinks.com/notes/storing-passwords-the-wrong-better-and-even-better-way/[^]
/edit

Regarding the aspect of using MySQL from C# - if you need help with that, please use this google-search which will show you several CodeProject-articles covering this: https://www.google.com/search?q=c%23+mysql+codeproject&ie=utf-8&oe=utf-8[^]
 
Share this answer
 
v2
When it comes to security their are many things by which we can secure our application.

If you are working with desktop application the basic thing is to create store procedure than you can use cryptography classes to save your password in encrypted format.
If you do not have those classes i wouldn't mind sharing it with you or reply this if you need brief article for this.
 
Share this answer
 
Comments
Sascha Lefèvre 19-Apr-15 12:03pm    
Sorry but this is bad advice. Whether or not you use a stored procedure doesn't have anything to do with it. That's just misleading but the main mistake is to suggest saving the password in encrypted form. That's how passwords can be hacked. Please see solution 3.
Rana Waqas 19-Apr-15 12:35pm    
my bad.. but what i was trying to say that we have a private key with us which is combined with user's password to form a public key that is to be stored in our database. Now at the time of logining in that public key is decrypted and matches with the private key that we have it in our class and the user logs in.
If this process is hackable please let me know how? and just for the sake of reminder hope we are talking about windows form application not asp.net?

In addition i am a keen learner rather than teller that is why i am here at codeproject. Its a great place to be with people who are related to you who listen and answer you.
So, your any guidance related to topic will be very useful for me.
Sascha Lefèvre 19-Apr-15 13:01pm    
Yes, it's hackable. Even if the hackers don't succeed in somehow directly obtaining your private key, they can run brute force attacks on the encrypted passwords. As soon as one or more passwords are weak (like "mypassword" or "abc123") they will figure out the key in reasonable time and be able to decrypt all passwords. Whether it's ASP.NET or Windows Forms is not relevant.

You should read the article that I've linked in solution 3 :-)
Rana Waqas 19-Apr-15 18:23pm    
don't satisfied with your answer because what you are talking is exceptional cases. let suppose a user enters a password mypassword which is weak but you don't even know what key i am using on my side and obviously that key will be too much strong containing numbers and special character. These are billions of combinations that brute force attack can generate but still the person will die before he cracks it. In statistics there is a chapter called probability in which they teach us about making combination taking 3 or 4 as a digit. suppose if your password is of 10 digit than according to statistics we can generate more than 10 billion combination from it. suppose my key is ko 100 digit than you can't even image of breaking it.
I found this brief article it might be very helpful to you.

Connect C# to MySQL[^]
 
Share this answer
 
v2
Comments
Thanks7872 19-Apr-15 12:11pm    
Don't post multiple solution no same question.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900