MD 5によるデータベース内のパスワードの暗号化

7037 ワード

.NETは、データ暗号化を行うクラスを提供しています.次に、MD 5を使用してデータ暗号化を行う方法を例として説明します.
まず、UserAccountテーブルを作成します.フィールドは2つです.UserNameとPasswordです.タイプはvarchar(25)とbinary(16)、次のASPです.NETコードは、ユーザーを作成する際の具体的な実装です.

<%@ Import Namespace="System.Security.Cryptography" %>
<%@ Import Namespace="System.Text" %>
<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Data.SqlClient" %>
<script runat="server" language="VB">
    Sub CreateAccount(sender as Object, e as EventArgs)
      '1.     
      Const strConnString as String 
      strConnString= "Data Source=.;Initial Catalog=test;User Id=sa;Password=;"
      Dim objConn as New SqlConnection(strConnString)
      
      '2.   Command  
      Dim strSQL as String = _
          "INSERT INTO UserAccount(Username,Password) " & _
          "VALUES(@Username, @Password)"
      Dim objCmd as New SqlCommand(strSQL, objConn)
      
      '3.     
      Dim paramUsername as SqlParameter
      paramUsername = New SqlParameter("@Username", SqlDbType.VarChar, 25)
      paramUsername.Value = txtUsername.Text
      objCmd.Parameters.Add(paramUsername)
      
  
      '      

       Dim md5Hasher as New MD5CryptoServiceProvider()
    
      Dim hashedBytes as Byte()   
      Dim encoder as New UTF8Encoding()

      hashedBytes = md5Hasher.ComputeHash(encoder.GetBytes(txtPwd.Text))      

      Dim paramPwd as SqlParameter
      paramPwd = New SqlParameter("@Password", SqlDbType.Binary, 16)
      paramPwd.Value = hashedBytes
      objCmd.Parameters.Add(paramPwd)
      
      
      '     
      objConn.Open()
      objCmd.ExecuteNonQuery()
      objConn.Close()
      
      'Redirect     
    End Sub
</script>

<form runat="server">
  <h1>    ：</h1>
     : <asp:TextBox runat="server" id="txtUsername"/>
  <br/>
    : <asp:TextBox runat="server" id="txtPwd" TextMode="Password"/>  
  <p><asp:Button runat="server" Text="    " OnClick="CreateAccount"/></p>
</form>

以下、ユーザを検証するASP.NETコード:

<%@ Import Namespace="System.Security.Cryptography" %>
<%@ Import Namespace="System.Text" %>
<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Data.SqlClient" %>
<script runat="server" language="VB">
    Sub Login(sender as Object, e as EventArgs)
      '1.     
      Const strConnString as String 
      strConnString= "Data Source=.;Initial Catalog=test;User Id=sa;Password=;"
      Dim objConn as New SqlConnection(strConnString)
      
      '2.   Command  
      Dim strSQL as String = "SELECT COUNT(*) FROM UserAccount " & _
                        "WHERE Username=@Username AND Password=@Password"
      Dim objCmd as New SqlCommand(strSQL, objConn)
      
      '3.     
      Dim paramUsername as SqlParameter
      paramUsername = New SqlParameter("@Username", SqlDbType.VarChar, 25)
      paramUsername.Value = txtUsername.Text
      objCmd.Parameters.Add(paramUsername)
      
  
      '    
      Dim md5Hasher as New MD5CryptoServiceProvider()
    
      Dim hashedDataBytes as Byte()   
      Dim encoder as New UTF8Encoding()

      hashedDataBytes = md5Hasher.ComputeHash(encoder.GetBytes(txtPwd.Text))      

      Dim paramPwd as SqlParameter
      paramPwd = New SqlParameter("@Password", SqlDbType.Binary, 16)
      paramPwd.Value = hashedDataBytes
      objCmd.Parameters.Add(paramPwd)
      
      
      '    
      objConn.Open()
      Dim iResults as Integer = objCmd.ExecuteScalar()
      objConn.Close()
      
      If iResults = 1 then
        '  
      Else
        '   
      End If
    End Sub
</script>

<form runat="server">
  <h1>  ：</h1>
     :<asp:TextBox runat="server" id="txtUsername"/><br/> 
      :<asp:TextBox runat="server" id="txtPwd" TextMode="Password"/>  
  <p><asp:Button runat="server" Text="  " OnClick="Login"/>
</form>

次はMD 5 CryptoServiceProviderが直接生成した例です.

<%@ Import Namespace="System.Security.Cryptography" %>
<%@ Import Namespace="System.Text" %>
<script language="VB" runat="server">
  Sub DisplayEncryptedText(sender as Object, e as EventArgs)
    If Page.IsValid then
      Dim md5Hasher as New MD5CryptoServiceProvider()
    
      Dim hashedDataBytes as Byte()   
      Dim encoder as New UTF8Encoding()

      hashedDataBytes = md5Hasher.ComputeHash(encoder.GetBytes(txtPassword.Text))    
    
      ltlResults.Text = "<b>Encrypted Results</b><br /> The results are encrypted into " & _
              "an array of 16 bytes.  These 16 bytes contain the values:<p><ul>"
    
      Dim b as Byte
      For Each b in hashedDataBytes
	    ltlResults.Text &= "<li>" & b & "</li>"
      Next b
      
      ltlResults.Text &= "</ul>"    
    End If
  End Sub  
</script>

<form runat="server">
  Enter a string:
  <asp:TextBox id="txtPassword" runat="server" />
  <asp:RequiredFieldValidator runat="server" ControlToValidate="txtPassword"
           Display="Dynamic" ErrorMessage="<i>You must provide a value here...</i>" />
  <asp:RegularExpressionValidator runat="server" ControlToValidate="txtPassword"
           Display="Dynamic" ErrorMessage="<i>The string must be 20 characters or less...</i>"
           ValidationExpression="^.{1,20}___FCKpd___2quot; />
  <br />
  <asp:Button runat="server" Text="View the String as Encrypted Text"
	OnClick="DisplayEncryptedText" />
  <p>
  <asp:Literal runat="server" id="ltlResults" />
</form>

.NET Core 3.0およびASP.NET Core 3.0の展望

iTextSharpでHTMLをPDF,ASPに変換する.NET C#コード