If you are just going to verify/validate the entered user name and password, use the Rfc2898Derived Bytes class (also known as Password Based Key Derivation Function 2 or PBKDF2). Or do you recommend another way of storing the data?This is more secure than using encryption like Triple DES or AES because there is no practical way to go from the result of RFC2898Derived Bytes back to the password. See Is it ok to use SHA1 hash of password as a salt when deriving encryption key and IV from password string? Net or String encrypt / decrypt with password c# Metro Style for Win RT/Metro. For example, to encrypt a piece of data, use // Data to protect. If you are just validating an entered password, use RFC2898Derived Bytes instead (question updated with link and short explanation).It's just a matter of security, so other people using the same computer can't see everyone's personal data. Strings are immutable, being they cannot be notified in memory so someone looking at the application's memory or a memory dump may see the password. I want to save quite some data like this in a text file.What is the best/most secure way to save this data? byte plaintext; // Generate additional entropy (will be used as the Initialization vector) byte entropy = new byte; using(RNGCrypto Service Provider rng = new RNGCrypto Service Provider()) byte ciphertext = Protected Data. Use Secure String or a byte instead and remember to dispose or zero them as soon as the password is no longer needed. I used md5 for hashing at first, but I was kind of sceptical about it. I see that it's just a bunch of random characters when I open my file, but is it safe enough to do this? But for these kind of webpages we need to use form validation on our webpages, if anyone use Java Script so it’s well and good because Java Script is a very good technique to use and solve Form Validation problems.But we will directly go to our work just create a simple Sign-in page to make you understand the concept of Sign-in webpage in this article.This means your application does not have to worry about generating and protecting the encryption keys, a major concern when using cryptography. Make sure to keep the keys safe (or use DPAPI as mentioned above). Use DPAPI to encrypt the password the first time the user enters is, store it in a secure location (User's registry, User's application data directory, are some choices).
So inside xampp/htdocs folder, i have a folder named “my_folder_inside_htdocs”.
There is also an easy method to put CAPTCHA on a webpage.
But now in this article we will just learn how to design a Sign-In webpage. Listing 1: Figure 1: Output of the Sign-in Webpage In Figure 1 you can see the output of the Listing 1.
You can download the whole source code for the registration/login system from the link below: Registration The Read file in the download contains detailed instructions. In order to identify a user as authorized, we are going to check the database for his combination of username/password, and if a correct combination was entered, we set a session variable.
Here is the code to look up the username and password.