sql - C# Login Form Secure/Correct? -

-

i'm making final project c# (school) year , promised last time got on site make sure sql secure , make application secure. on login screen , tell me if proper , secure way?

i start opening main mdicontainer via program.cs:

private void form1_load(object sender, eventargs e)     {         fl.showdialog();     }

then login form shows:

string user = txtuser.text;         string pw = txtpw.text;         int correct = cldatabase.login(user, pw);          if (correct == 1)         {             this.hide();         }         else         {             messagebox.show("de gegevens die u heeft ingevult kloppen niet", "fout!"); //above means input not correct         }

and in cldatabase.login

public static int login(string gebruikersnaami, string wachtwoordi)     {         int correct = 0;         sqlconnection conn = new sqlconnection(clstam.connstr);         conn.open();         using (sqlcommand strquer = new sqlcommand("select * gebruiker usernm=@userid , userpass=@password", conn))         {             strquer.parameters.addwithvalue("@userid", gebruikersnaami);             strquer.parameters.addwithvalue("@password", wachtwoordi);             sqldatareader dr = strquer.executereader();             if (dr.hasrows)             {                 correct = 1;                 messagebox.show("loginsuccess");             }             else             {                 correct = 2;                 //invalid login             }         }         conn.close();         return correct;     }

dialog loginsucces there debug purposes atm secure? proper way have login form?

edit updated code login form:

private void button1_click(object sender, eventargs e)     {         errorprovider ep = new errorprovider();          if (txtuser.text == string.empty || txtpw.text == string.empty)         {             if (txtuser.text == string.empty)                 txtuser.backcolor = color.red;             if (txtpw.text == string.empty)                 txtpw.backcolor = color.red;              messagebox.show("er moet wel iets ingevuld zijn!", "fout");         }         else         {             string user = txtuser.text;             string pw = txtpw.text;             boolean correct = cldatabase.login(user, pw);              if (correct == true)             {                 this.hide();             }             else             {                 messagebox.show("deze combinatie van username en password niet bekend", "fout!");             }         }     }  cldatabase: public static boolean login(string gebruikersnaami, string wachtwoordi)     {         boolean correct = false;         using (sqlconnection conn = new sqlconnection(clstam.connstr))         {             conn.open();             using (sqlcommand strquer = new sqlcommand("select * gebruiker usernm=@userid , userpass=@password", conn))             {                 strquer.parameters.addwithvalue("@userid", gebruikersnaami);                 strquer.parameters.addwithvalue("@password", wachtwoordi);                 using (sqldatareader dr = strquer.executereader())                 {                     if (dr.hasrows)                     {                         correct = true;                     }                     else                     {                         correct = false;                         //invalid login                     }                 }             }             conn.close();         }         return correct;     }

it secure far sql injection concerned, passing parameters. but, not store password plain text, instead store hashed value.

see: how securely save username/password (local)?


Comments

Post a Comment

Popular posts from this blog

How has firefox/gecko HTML+CSS rendering changed in version 38? -

-
i have a little website header no longer renders correctly, since updating firefox 38.0.5 [the faceplant logo missing top right, , main logo no longer centred]. still renders expected in other browsers. how has engine's rendering changed in update? according mdn , list of changes is: css support ruby-position , ruby-align have been added , available default ( bug 1055676 , bug 1123917 , bug 1039006 ). the :unresolved pseudo-class has been implemented custom elements ( bug 1111633 ). the predefined style ethiopic-numeric uses space, instead of dot, suffix match recent change spec ( bug 1120721 ). css transitions on generated content (with ::before , ::after ) on both inline , block splits them start expected specification ( bug 1110277 ). the implementation of css logical properties made big progress. [...] how css transitions start has been modified match recent change of specifications, aiming @ having interoperable behavio
Read more

javascript - Complex json ng-repeat -

-
i try ng-repeat on object, tried several times still stuck. if have idea, , if it's possible share tips kind of situation. [ { "abonnement": { "id": "1", "nom": "bas prix", "tarif": "2.49", "communication": "2h de communication", "vers": "vers fixes et mobiles", "zone": "zone nationale" } }, { "abonnement": { "id": "2", "nom": "national", "tarif": "9.99", "communication": "t\u00e9l\u00e9phonie et sms illimit\u00e9s", "vers": "vers fixes et mobiles", "zone": "zone nationale" } }, { "abonnement": { "id": "3", "nom": "euro", "tarif&
Read more

jquery - Cloning of rows and columns from the old table into the new with colSpan and rowSpan -

-
i using clone jquery. necessary clone gray area in new table. problem cloned rows , columns can has rowspan , colspan. the gray area intersection data-fix-cols , data-fix-rows. my solution not work: <table id="old-table" data-fix-cols='3' data-fix-rows='4'> <tbody> <tr> <td class="gray">clone me</td> <td colspan="2" rowspan="2" class="gray">clone me</td> <td>ashgabat</td> <td>barcelona</td> <td>berlin</td> </tr> <tr> <td rowspan="3" class="gray">clone me</td> <td>bucharest</td> <td>warsaw</td> <td>washington</td> </tr> <tr> <td class="gray">clone me</td>
Read more