当我尝试使用输入字符串的格式不正确,如果保存密码是因为整数无关紧要或正确(非哈希),则它给出了 indexoutofrangeException:index超出了数组 exception的范围。尽管从现在开始,我将散列每个密码,但是对于其中一些密码,我也想使用它们。
我不知道该怎么做。这是我收到错误的代码,
var comparingPassword = PasswordHashManager.ValidatePassword(model.Password, correctPassword);
有任何方法可以检查密码是否存在哈希,并且是否使用密码,然后使用比较通话,否则请使用简单的查询来检查登录凭据。
When i try login with correct username and password that is saved using hashing algorithm but there are some passwords saved as strings(not hashed). When i login using correct username and hashed password it works as expected but when i try to login using correct username and password(saved as string i.e not hashed) it gives an error stating Input string was not in a correct format and if password is saved as integer doesn't matter wrong or right(non hashed) it gives IndexOutOfRangeException: Index was outside the bounds of the array exception. although from now on i am hashing every password but for some of which is already created, i want to use them as well.
i don't know how to do that. this is the code where i get the error
var comparingPassword = PasswordHashManager.ValidatePassword(model.Password, correctPassword);
is there any way to check if password is hashed or not and if password is hashed then use comparingPassword otherwise use simple query to check login credentials.
发布评论
评论(1)
任何不错的密码哈希库都具有
verifyPassword(用户端口通话,HashStoredIndb)之类的函数,它们要求用户输入的密码以及先前存储的密码 hash 。如果密码有时是宣传,则在您的代码中存在一个巨大的安全问题,并且您应该解决此问题,而不是规避问题。不确定您将密码保存为整数的含义,但请记住,函数 gethashcode()绝不是密码哈希函数,而是使用密码哈希库的
createHash(),它们不兼容。PS有一些算法更适合密码哈希,例如Argon2,bcrypt或Scrypt,因此请考虑切换到另一个库。
Any decent password hash library has a function like
VerifyPassword(userEnteredPassword, hashStoredInDb)and they require the user entered password together with the previously stored hash of the password. There is a huge security problem in your code, if the passwords are sometimes stored plaintext, and you should fix this instead of circumventing the problem.Not sure what you mean with password saved as integer, but keep in mind that the function GetHashCode() is in no way a password hash function, instead use the
CreateHash()of the password hash library, they are not compatible.P.S. There are algorithms which are better suited for password hashing, like Argon2, BCrypt or SCrypt, so think about switching to another library.