|
Well you are doing it wrong. If you encrypt passwords then they can be decrypted, which makes them insecure. You should only ever use hashed values to store passwords. I just hope your system is not used by my bank.
|
|
|
|
|
What Richard is saying is that there is an established, secure system for passwords that works.
- Pick a hashing function. (salted SHA256/512 is a fair pick right now)
- When a user sets a password, derive the hash and store that in the database.
- When a user authenticates, hash the password that they enter using the same function, and compare it to the database entry.
This prevents a litany of sins. Mainly, the plaintext of the password is only known by the user, sysadmins cannot grab it out of the database and crack it. Hackers cannot get credentials by compromising a database. Just make sure that you properly protect the password in transit from the user to your application.
Oh, and make sure to salt. Unsalted hashes may as well be plain text.
|
|
|
|
|
|
You also need to post how you are encrypting it. Essentially they are opposites more or less.
There are only 10 types of people in the world, those who understand binary and those who don't.
|
|
|
|
|
No, he needs to forget about encryption and concentrate on doing the right thing the right way.
|
|
|
|
|
Richard MacCutchan wrote: No, he needs to forget about encryption and concentrate on doing the right thing the right way. It's good to point out a better way to do things. But people do not always have the option to change how things are done and we should still be willing to help.
For example, what if OP is also encrypting other information. OP will also have problem decrypting it and will need help. So, point out the better way for passwords but still help the person out.
There are only 10 types of people in the world, those who understand binary and those who don't.
|
|
|
|
|
I appreciate that you are only trying to help, as you always do. But the problem, as I see it, is as follows. Three of us respond by telling the OP that he is doing it wrong and needs to understand how to deal with passwords properly. You then post a response to his original question saying, "hey, I can help you with decryption". The net result being that OP's brain says, "to hell with those guys, here is someone who is going to help me decrypt my passwords". So yet another system has the potential to go live with compromised security.
|
|
|
|
|
We'll both help in our own ways then.
There are only 10 types of people in the world, those who understand binary and those who don't.
|
|
|
|
|
Hi ,i have a questions ,and i don't know how to handle it.
I have a double array named array1=new double[100], and each element is function result, like array1[0]=fun(0),array2[1]=fun(1)...
each element is positive or negative, and generally speaking, a[0] to a[n] is positive, and a[n+1] to end is negative, so how can i get n ? i need efficient algorithm, like divide-and-conquer method for example...
and case 2: if near the end i get wrong result, for example, a[90] is +,how can i get the first negative index n ?
|
|
|
|
|
In case one, a simple Binary search algorithm - Wikipedia, the free encyclopedia[^] should do it, assumign there is no "bad" data.
When you data goes bad, that's different, and it becomes necessary to actually search the whole array - if there is one bad value, then it's likely there are more.
But the alternative to both is to to it all while you fill the array - since that is already a time consuming process (compared to a search of the results) adding a little extra checking to find the first negative as you fill the values is trivial, and allows you to cope with the second case as well.
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|
|
I'm dynamically constructing query expressions and getting an unexpected error from EF when the query gets executed. So I turned on .NET source stepping, VS downloaded all the debug symbols and steps into anything but the EF query execution. I googled for this phenomenon but didn't find anything "stepping into EF"-specific. Do you have any suggestions?
If the brain were so simple we could understand it, we would be so simple we couldn't. — Lyall Watson
|
|
|
|
|
|
I enabled logging but the error occurs before EF gets to emit any SQL for that query.
If the brain were so simple we could understand it, we would be so simple we couldn't. — Lyall Watson
|
|
|
|
|
Hi,
You can try enabling CLR Exception form Debug->Exceptions and enable check box for throw on Common Language Runtime Exception
Regards,
Raj Champaneriya
|
|
|
|
|
It's enabled but it doesn't help: The break occurs only on my code, not in the EF source.
If the brain were so simple we could understand it, we would be so simple we couldn't. — Lyall Watson
|
|
|
|
|
What's the exact error you're getting?
|
|
|
|
|
It's a null-ref. But the reason for that isn't that my query expression is completely flawed but that EF can't deal with a Tuple<> as a container-object for a join-result. If I use a custom class instead of a Tuple it works. I want to find out why it doesn't work with a Tuple, just for "academic insight" - so I would need to see the EF code where this exception originates from.
If the brain were so simple we could understand it, we would be so simple we couldn't. — Lyall Watson
|
|
|
|
|
...a Tuple as a container object for a join?
Interesting. Code snippet please.
I can see a bunch of possible reasons why it won't work, not the least of which is EF has no mapping information for the Tuple and, second, I don't think the SQL provider has any clue how to convert a Tuple<t1, t2=""> into a SQL query that makes sense.
|
|
|
|
|
It's a formally valid query expression. The Tuple is just a replacement for the "anonymous type" which normally is the return value from the "resultSelector"-lambda.
Code follows.
If the brain were so simple we could understand it, we would be so simple we couldn't. — Lyall Watson
|
|
|
|
|
My statement that it worked with a custom type instead of the Tuple wasn't correct. It did work but now I recall it wasn't the same code then; I previously joined on IEnumerables, not on IQueryables so the join wasn't actually performed by EF resp. SQL. However, a different solution doing mostly the same did work and from that I worked out what the problem was: The New-Expression for the join-resultSelector requires the Members-Property[^] to be initialized for the Query-Provider, presumably to access the correct properties of the join-result-object.
The code that didn't work until now is a simplified version of the other which I want to use as a didactic middle step in an article I want to write on dynamic joins. You'll see the code then when I publish it
However, I'd still be interested to figure out why VS doesn't step into the EF source. Any idea?
If the brain were so simple we could understand it, we would be so simple we couldn't. — Lyall Watson
|
|
|
|
|
I've done .NET Framework source debug but never EF.
EF isn't part of the Reference Source for .NET so I'm guessing you would have to download the current source from here (6.1.3)[^] compile it and dump the symbol files into a local folder. You'd probably then have to setup a symbol path to that folder in Visual Studio under Tools -> Options -> Debugging -> Symbols.
I've never done it so I really am just guessing at this!
|
|
|
|
|
I'll try that. Thanks, Dave!
If the brain were so simple we could understand it, we would be so simple we couldn't. — Lyall Watson
|
|
|
|
|
I'm using the NuGet packages rx-main and rx-xaml in my code.
I was basically just reading up on the subject
MSDN Blogs[^], but some of the examples[^] just confused me more than they clarified.
What I (think?) learned were that if you subscribed on the same thread as the never ending function while observing on a different thread, your subscription code would execute. But if I commented out the SubscribeOn code from the example:
.ObserveOn(Scheduler.Default)
It had the exact same effect as if it was there. The subscription seem to run on the same thread as the ObserveOn. So what was the point of SubscribeOn exactly? The problem is that I cant really see any use for it as of now.
IF I wanted to execute something on a different thread I could do this, an example from [WP7Dev] Using the WebClient with Reactive Extensions for Effective Asynchronous Downloads[^]:
public IObservable<string> StartDownload(string uri)
{
WebClient wc = new WebClient();
var o = Observable.FromEventPattern<DownloadStringCompletedEventArgs>(wc, "DownloadStringCompleted")
.ObserveOn(Scheduler.Default)
.Select(newString => ProcessString(newString.EventArgs.Result));
wc.DownloadStringAsync(new Uri(uri));
return o;
}
public string ProcessString(string s)
{
Thread.Sleep(3000);
return s + "<!-- Processing End -->";
}
public void DisplayMyString()
{
var asyncDownload = StartDownload("http://bing.com");
var asyncDownload2 = StartDownload("http://google.com");
var zipped = asyncDownload.Zip(asyncDownload2, (left, right) => left + " - " + right);
zipped.ObserveOnDispatcher().SubscribeOnDispatcher()
.Subscribe(s => label.Text = s);
}
I put SubscribeOnDispatcher in as a test, but it is not needed. Am I missing something here, or is the SubscribeOnDispatcher totally useless?
|
|
|
|
|
Errm, I'm not sure what other behaviour you are expecting. If you are subscribing on Scheduler.CurrentThread, you will use whatever the current thread context is when you subscribe. If you want it to run on a different thread, use SubscribeOn(Scheduler.NewThread) and then marshall it back with ObserveOn(Scheduler.Default) .
This space for rent
|
|
|
|
|
If I try to use Scheduler.NewThread I get a warning that it's obsolete and that I should use Scheduler.Default instead. But I must say the names are really confusing.
That aside, I don't quite see a need for SubscribeOn method at all, I could just as well do something along the lines of:
var o = Observable.FromEventPattern<DownloadStringCompletedEventArgs>(wc, "DownloadStringCompleted")
.ObserveOn(Scheduler.Default)
.Select(newString => BackgroundWorkerThread(newString.EventArgs.Result))
.ObserveOnDispatcher();
If I tried to interact with some UI control elements I need to have the values on the same thread as I observe on?
|
|
|
|