C#登录表单安全/正确

本文关键字:正确 安全 表单 登录 | 更新日期: 2023-09-27 17:59:36

我正在为C#(学校)做今年的最后一个项目,我上次在这个网站上得到帮助时承诺,我会确保我的SQL是安全的,我会保证我的应用程序是安全的。有人能看看我的登录屏幕,告诉我这是否是一种正确和安全的方式吗?

我首先通过Program.cs:打开我的主mdiContainer

private void Form1_Load(object sender, EventArgs e)
    {
        fL.ShowDialog();
    }

然后这个登录表单显示:

string User = txtUser.Text;
        string Pw = txtPw.Text;
        int Correct = clDatabase.login(User, Pw);
        if (Correct == 1)
        {
            this.Hide();
        }
        else
        {
            MessageBox.Show("De gegevens die u heeft ingevult kloppen niet", "Fout!"); //Above means your input is not correct
        }

在clDatabase.login 中

public static int login(string GebruikersnaamI, string WachtwoordI)
    {
        int correct = 0;
        SqlConnection Conn = new SqlConnection(clStam.Connstr);
        Conn.Open();
        using (SqlCommand StrQuer = new SqlCommand("SELECT * FROM gebruiker WHERE usernm=@userid AND userpass=@password", Conn))
        {
            StrQuer.Parameters.AddWithValue("@userid", GebruikersnaamI);
            StrQuer.Parameters.AddWithValue("@password", WachtwoordI);
            SqlDataReader dr = StrQuer.ExecuteReader();
            if (dr.HasRows)
            {
                correct = 1;
                MessageBox.Show("loginSuccess");
            }
            else
            {
                correct = 2;
                //invalid login
            }
        }
        Conn.Close();
        return correct;
    }

登录接受对话框仅用于调试目的这安全吗?这是登录表单的正确方式吗?

EDIT更新的代码登录表单:

private void button1_Click(object sender, EventArgs e)
    {
        ErrorProvider EP = new ErrorProvider();
        if (txtUser.Text == string.Empty || txtPw.Text == string.Empty)
        {
            if (txtUser.Text == string.Empty)
                txtUser.BackColor = Color.Red;
            if (txtPw.Text == string.Empty)
                txtPw.BackColor = Color.Red;
            MessageBox.Show("Er moet wel iets ingevuld zijn!", "Fout");
        }
        else
        {
            string User = txtUser.Text;
            string Pw = txtPw.Text;
            Boolean Correct = clDatabase.login(User, Pw);
            if (Correct == true)
            {
                this.Hide();
            }
            else
            {
                MessageBox.Show("Deze combinatie van username en password is niet bekend", "Fout!");
            }
        }
    }
clDatabase:
public static Boolean login(string GebruikersnaamI, string WachtwoordI)
    {
        Boolean correct = false;
        using (SqlConnection Conn = new SqlConnection(clStam.Connstr))
        {
            Conn.Open();
            using (SqlCommand StrQuer = new SqlCommand("SELECT * FROM gebruiker WHERE usernm=@userid AND userpass=@password", Conn))
            {
                StrQuer.Parameters.AddWithValue("@userid", GebruikersnaamI);
                StrQuer.Parameters.AddWithValue("@password", WachtwoordI);
                using (SqlDataReader dr = StrQuer.ExecuteReader())
                {
                    if (dr.HasRows)
                    {
                        correct = true;
                    }
                    else
                    {
                        correct = false;
                        //invalid login
                    }
                }
            }
            Conn.Close();
        }
        return correct;
    }

C#登录表单安全/正确

就SQL注入而言,它是安全的,因为您正在传递参数但是,不要将密码存储为纯文本,而是存储其哈希值。

请参阅:如何安全地保存用户名/密码(本地)?