Best/Easiest Way to save username and password data into a DB

Pho3nix · Jun 9, 2016

Hi,

As title states, looking for a easy but efficient way to make this work. Thoughts?
C# API for the moment that I'll be building on top of

Messugga · Jun 9, 2016

That depends. What database? In what way do you want to store the password? Plain text? Encrypted? Hash?
Best and easiest are often mutually exclusive. In my personal opinion, when it comes to security, best should have a significantly heavier weight than easiest.

rrh · Jun 9, 2016

Store the username and a [possibly encrypted] salted hash of the password. .NET has a stack of applicable classes.

Pho3nix · Jun 9, 2016

Messugga said:
That depends. What database? In what way do you want to store the password? Plain text? Encrypted? Hash?
Best and easiest are often mutually exclusive. In my personal opinion, when it comes to security, best should have a significantly heavier weight than easiest.

Should be SQL if I still have credits on Azure, else AWS

rrh said:
Store the username and a [possibly encrypted] salted hash of the password. .NET has a stack of applicable classes.

Saw a few here and there. Figured I'd ask if anyone has used anything they like for actual reasons though.

freddster · Jun 9, 2016

Why don't you use the DB login and password? Then its the DBMS's problem.

[)roi(] · Jun 9, 2016

https://crackstation.net/hashing-security.htm

Example:

skimread · Jun 9, 2016

If you use C# don't reinvent the wheel, use Identity Framework

zippy · Jun 14, 2016

The "best" is dont save password in a db or anywhere, even if its "encrypted"

You can set up os authentication. There are many better secure alternatives.

DA-LION-619 · Jun 18, 2016

skimread said:
If you use C# don't reinvent the wheel, use Identity Framework

+1

AfricanTech · Jun 18, 2016

zippy said:
The "best" is dont save password in a db or anywhere, even if its "encrypted"

You can set up os authentication. There are many better secure alternatives.

Any decent corporate will insist on this

Hamster · Jun 18, 2016

AfricanTech said:
Any decent corporate will insist on this

Have I got news for you...

Kosmik · Jun 18, 2016

Hamster said:
Have I got news for you...

Lol,true.

If it's domain, use AD authentication libraries.

AfricanTech · Jun 18, 2016

Hamster said:
Have I got news for you...

I did say decent...

Hamster · Jun 18, 2016

AfricanTech said:
I did say decent...

You haven't seen my CV

AfricanTech · Jun 18, 2016

Hamster said:
You haven't seen my CV

:crylaugh:

Best/Easiest Way to save username and password data into a DB

Pho3nix

The Legend

Messugga

Honorary Master

rrh

Expert Member

Pho3nix

The Legend

freddster

Expert Member

[)roi(]

Executive Member

skimread

Honorary Master

zippy

Honorary Master

DA-LION-619

Honorary Master

AfricanTech

Honorary Master

Hamster

Resident Rodent

Kosmik

Honorary Master

AfricanTech

Honorary Master

Hamster

Resident Rodent

AfricanTech

Honorary Master