如果数据库中的密码是散列,如何创建密码恢复?
问题描述:
protected void btnPass_Click(object sender, EventArgs e)
{
//Create Connection String And SQL Statement
string strConnection = ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString;
string strSelect = "SELECT UserName,Password FROM Users WHERE Email = @Email";
SqlConnection connection = new SqlConnection(strConnection);
SqlCommand command = new SqlCommand();
command.Connection = connection;
command.CommandType = CommandType.Text;
command.CommandText = strSelect;
SqlParameter email = new SqlParameter("@Email", SqlDbType.VarChar, 50);
email.Value = txtEmail.Text.Trim().ToString();
command.Parameters.Add(email);
//Create Dataset to store results and DataAdapter to fill Dataset
DataSet dsPwd = new DataSet();
SqlDataAdapter dAdapter = new SqlDataAdapter(command);
connection.Open();
dAdapter.Fill(dsPwd);
connection.Close();
if(dsPwd.Tables[0].Rows.Count > 0)
{
MailMessage loginInfo = new MailMessage();
loginInfo.To.Add(txtEmail.Text.ToString());
loginInfo.From = new MailAddress("[email protected]");
loginInfo.Subject = "Forgot Password Information";
loginInfo.Body = "Username: " + dsPwd.Tables[0].Rows[0]["UserName"] + "
Password: " + dsPwd.Tables[0].Rows[0]["Password"] + "
";
loginInfo.IsBodyHtml = true;
SmtpClient smtp = new SmtpClient();
smtp.Host = "smtp.gmail.com";
smtp.Port = 587;
smtp.EnableSsl = true;
smtp.Credentials = new System.Net.NetworkCredential("[email protected]", "YourGmailPassword");
smtp.Send(loginInfo);
lblMessage.Text = "Password is sent to you email id,you can now Login";
}
else
{
lblMessage.Text = "Email Address Not Registered";
}
}:
答
散列点的一部分是它通常很难反转。 让别人看到一个被遗忘的密码是一个坏主意,相反你应该考虑创建一个页面,用户可以在其中重新设置密码。或者,您可以将密码设置为已知值,然后向他们发送新密码,并在登录后更改密码。
您的帖子无法阅读。但是对于存储散列的问题,您不提供密码恢复。您提供安全的方法将密码更改为新密码。 – Logman
请勿使用行号在其中发布代码 – MickyD