Asp.net 用户名和用户密码验证功能
我害怕使用用户表单数据来查询数据库以供用户登录,因为公司只有20名员工,我正在考虑这个功能,但我不确定对于任何不太好的黑客用户来说,这是否仍然是一个容易破解的代码Asp.net 用户名和用户密码验证功能,asp.net,sql,vb.net,Asp.net,Sql,Vb.net,我害怕使用用户表单数据来查询数据库以供用户登录,因为公司只有20名员工,我正在考虑这个功能,但我不确定对于任何不太好的黑客用户来说,这是否仍然是一个容易破解的代码 Private Function VerifyCredentials(ByVal User As String, ByVal Password As String) As Boolean Dim verification As Boolean = False Dim _conString As String = W
Private Function VerifyCredentials(ByVal User As String, ByVal Password As String) As Boolean
Dim verification As Boolean = False
Dim _conString As String = WebConfigurationManager.ConnectionStrings
("YounnectionString").ConnectionString
'Initialize connections variables
Dim cnn As New SqlConnection(_conString)
Dim cmd As New SqlCommand
cmd.Connection = cnn
cnn.Open()
'No data from the form are used on the SQL Server
cmd.CommandText = "Select UserName, UserPassword from tblUsers;"
Dim cmdReader As SqlDataReader = cmd.ExecuteReader()
'compare the data from the server with the data from the form, it so not matter what the user send from the form
While cmdReader.Read()
If Trim(User) = Trim(cmdReader("UserName"))
AndAlso Trim(Password) = Trim(cmdReader("UserPassword")) Then
verification = True
End If
End While
' this method may result on performance problems if your tblUsers is too big,
'afther all it is the entrance and most of the companies
'just has several hundred users
cmdReader.Close()
cmd.CommandText = ""
cnn.Close()
Return verification
End Function
您只是在存储纯文本密码。一旦数据库被破坏,您就没有时间通知用户 您需要用salt存储哈希密码。虽然,它仍然可以被破解,这需要时间,但您仍然有时间通知用户更改密码 对于ASP.Net,最简单的方法是使用 或
让数据库为您过滤。 将查询更改为
"Select UserName, UserPassword from tblUsers
WHERE UserName = " & Trim(User) & " AND UserPassword = " & Trim(Password)
Return cmdReader.Read()
请删除您的代码并实现ASP。NET身份解决方案。谢谢你的快速回答谢谢,我会检查一下这段代码是否是这样的,这就是为什么我想被破解的原因,因为它正在将用户表单数据发送到查询。。无论如何谢谢你Nahuel@user295454不要使用此代码。它会带你去。相反,你想使用。谢谢Win的建议,点击这里的数字,这个-1对于clark Kent来说并不意味着。。不知道怎么解决,克拉克和温实际上回答了good@user295454请再次单击向上箭头: