0

I have a Windows Forms application, basically a form over data application.

Written in Visual Basic.Net and using local SQL Server Express to store data. It has 4 users listed in the combobox on the welcome screen.

I have two options of managing their passwords.

  1. Either to store them at My.Settings or
  2. To create a users table in SQL Server and work with it.

What will be your advice on this?

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
Henry Gathigira
  • 265
  • 4
  • 11
  • Hash the passwords and store them in the database. This has a complete set if tools for that: [Is it safe to store usernames and passwords in the database?](http://stackoverflow.com/a/31150288/1070452) – Ňɏssa Pøngjǣrdenlarp May 15 '16 at 15:17
  • @Plutonix. The passwords are already hashed by textbox controls. Will they 'arrive' at the database still hashed? – Henry Gathigira May 15 '16 at 15:21
  • 1
    I suspect one of us is confused by the term "hash". The Win TextBox has no hashing capability. – Ňɏssa Pøngjǣrdenlarp May 15 '16 at 15:25
  • I thot its hiding the character with a symbol like #. lol.. Direct translated? – Henry Gathigira May 15 '16 at 15:27
  • 3
    That is not hashing. Hashing would result in something like `bbKN8wYYgoZmNaG3IsQ2DPS2ZPIOnenl6i5NwUmrGmo=` - it is a sort of one way encryption. Study the link. As I said, that link has all the code you need to implement salting and hashing PWs. I'll never understand why VB people seem allergic to links/other answers – Ňɏssa Pøngjǣrdenlarp May 15 '16 at 15:30

0 Answers0