Secure login
Hey all,
Looking to create a really secure login window with Net 8, but, see I'm still new,
I've heard creating and attaching database strings to the application isn't that smartest way to go, I've heard attaching an api to a database is the way to go.
1. How do I do this? Could someone link a tutorial
2. What Database should I be using for this?
3. What are some ways I could make the application/window very secure
6 Replies
1) there are lots of ways, you should start by looking at ASP.NET Core web APIs
2) doesn't matter, sqlite is a good option for low setup or postgresql for a proper database
3) don't put any secrets in the client application, use secure connections like HTTPS, don't roll your own cryptography
3a) assume that nothing in your client application is safe from prying eyes
3b) assume that people will try to use your API in unintended ways
Thank you, this definitely gives me a better idea of what I need to do, I took your info from last time and upgraded my application to NET 8, is that what I should of done?
.NET 8 is the latest version so yes
Hi,
Just some extra advice.
If you have a database, then you should never transfer data 1 on 1.
Just an example. If I put a single quote in the request and this is transferred to the database as is with an sql query command, you can do more,
==> Using Entityframe work works nice
Password protection ==> never put the password in the database always use a hash.
I do not know what you exactly need. But there are rainbow tables to reverse the hash. Sollution is sanding it. But for some snadings there are also rainbow table.
Bitcoin has a sollution for this. They do a double hash. ==> crerating a hash with sanding and over this hash another hash with other sanding.
I hope this hlps
ps. There is more involved in manipulatating a data base, but a reaction to a single quote is a start. So it's just an example of to show you not to use direct sql commands with the received data
Interesting , I was just looking at EntityFrameWork, trying work out what it was for. Can you elaborate on it more?
it's an ORM, which is broadly a library that simplifies integrating databases with your C# code
in a lot of use cases you don't have to write any actual SQL at all, you make queries using LINQ
you write some C# classes that represent "entities" that you want to store in your database and it figures out how to set up your database so it can store them