hash sql
Most secure way to Authenticate a user on login using a database in C#?
Hello everyone,
I need to find out what the most secure way is to authenticate a user on log on in C#, it will be connecting to a (Any) database to authenticate.
I can design the database to my wishes and it can be any sql type of database, it will be connected over a network.
I’m thinking about com-pairing hashes but I don’t know if this is secure enough.
The application needs to be secure enough to run in a medium/big cooperation without risks.
P.S.
Ofcourse everything has its flaws and the weakest link in security is most of the time the person using the computer.
But I just need to know what the professionals use for a secure authentication.
Greets,
Automicss
If you are thinking about hashes then you are already ahead of the curve since most people would just store the password in the database. You probably want to look at going one step beyond a normal hash to a salted hash which helps to prevent cracking a password using a rainbow table.
You will also need to think about how to combat brute force dictionary attacks where the hacker uses an automated process to rapidly try many common passwords against a single account, or common passwords against a large group of different accounts.
There is a really good discussion on Stack Overflow about the best practices for website authentication:
http://stackoverflow.com/questions/549/the-definitive-guide-to-website-authentication-beta/477578
Sql Injection
