Jump to content
Xtreme .Net Talk

Recommended Posts

Posted

I have seen a method of encrypting a password into a byte array and then converting this to a string and storing it in a database. When the passwords are compared, the password that is typed in is sent through this same process and then compared at the database level to the encrypted password. This method also uses the "salt" method. Now I have taken a different route and encrypted my passwords, but instead of converting them back to an encrypted text string, I leave them as byte arrays and store them in the database this way. When the user enters a password, I send it though this same method and compare it to the byte array.

 

What is the purpose of converting the encrypted password from a byte array into a string? Are there any advantages / disadvantages to this method? Are there any advantages/ disadvantages to leaving it as a byte array?

 

Thanks, Chester

____________________________________________

http://www.pophamcafe.com

I am starting a developers section, more tutorials than anything.

Posted
Well, I think the reason why people use string is, if you're not using parameters, it's generally impossible to put an array of bytes in an adhoc string. Think of the case where one is accessing the database using a command line client. Other than that, I think you should be fine, a string is a byte array, it's just interpreted differently so one must consider how the column is being accessed. Is it more likely to be used in a where clause or returned in a result set.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...