The best security
practices concerning to web applications is storing sensitive data like
passwords into the database while authenticating.
There are two
terms: Encoding and Encryption. Here it is explained about Encoding but not
Encryption.
Encoding is used
to transform a set of Unicode characters into a sequence of bytes. Where as
Decoding is the process of transforming a sequence of encoded bytes into a set
of Unicode characters.
The Unicode
Standard assigns a code point (a number) to each character in every supported
script. A Unicode Transformation Format (UTF) is a way to encode that code
point.
The Unicode Standard version 3.2 uses the following UTFs:
The Unicode Standard version 3.2 uses the following UTFs:
- UTF-8, which represents each code
point as a sequence of one to four bytes.
- UTF-16, which represents each code
point as a sequence of one to two 16-bit integers.
- UTF-32, which represents each code
point as a 32-bit integer.
This encoding and
decoding can be used to stroe the passords of users in the database table.
After encoding a string, it can be get back by decoding it.
A Hash function
can also used to secure the data. A hash function is an algorithm that takes a
variable-length string as the input and produces a fixed-length binary value
(hash) as the output.
But once it is stored in the database ,the original value cannot be retrieved. So it is a one-way function.This can be explained in another aricle.
But once it is stored in the database ,the original value cannot be retrieved. So it is a one-way function.This can be explained in another aricle.
To secure
sensitive data like passwords add some salt(additional string) to the string to
be encoded. And while comparing the strings use the same salt by adding to the
string and decode it. if both are same ,the result is true otherwise false.
The class used is
: System.Text.Encoding
The given simple
code encodes and decodes a string. In this example encoding type used is
UTF8.You can use any UTF type like 8, 16, 32.
private string EncodeData(string sData)
{
try
{
byte[] toencodeData = new byte[sData.Length];
toencodeData = System.Text.Encoding.UTF8.GetBytes(sData);
//encodes all the characters into a specified sequence of bytes
string encodedData = Convert.ToBase64String(toencodeData);
return encodedData;
}
catch (Exception ex)
{
throw new Exception("Error in EncodeData" + ex.Message);
}
}
public string DecodeData(string sData)
{
System.Text.UTF8Encoding utf8encoder = new System.Text.UTF8Encoding();
System.Text.Decoder utf8Decoder = utf8encoder.GetDecoder();
byte[] tobedecode_byte = Convert.FromBase64String(sData);
//converts the specified System.String,which encode binary data as base 64 digits,to an equivalent 8-bit unsigned integer array
int char_Count = utf8Decoder.GetCharCount(tobedecode_byte, 0, tobedecode_byte.Length);
//calaculates the number of characters produced by decodeing a sequence of bytes from the specified byte array
char[] decoded_char = new char[char_Count];
utf8Decoder.GetChars(tobedecode_byte, 0, tobedecode_byte.Length, decoded_char, 0);
//Decodes a sequence of bytes from the specified byte array and any butes in the internal buffer into the specified character array
string resultstring = new String(decoded_char);
return resultstring;
}
{
try
{
byte[] toencodeData = new byte[sData.Length];
toencodeData = System.Text.Encoding.UTF8.GetBytes(sData);
//encodes all the characters into a specified sequence of bytes
string encodedData = Convert.ToBase64String(toencodeData);
return encodedData;
}
catch (Exception ex)
{
throw new Exception("Error in EncodeData" + ex.Message);
}
}
public string DecodeData(string sData)
{
System.Text.UTF8Encoding utf8encoder = new System.Text.UTF8Encoding();
System.Text.Decoder utf8Decoder = utf8encoder.GetDecoder();
byte[] tobedecode_byte = Convert.FromBase64String(sData);
//converts the specified System.String,which encode binary data as base 64 digits,to an equivalent 8-bit unsigned integer array
int char_Count = utf8Decoder.GetCharCount(tobedecode_byte, 0, tobedecode_byte.Length);
//calaculates the number of characters produced by decodeing a sequence of bytes from the specified byte array
char[] decoded_char = new char[char_Count];
utf8Decoder.GetChars(tobedecode_byte, 0, tobedecode_byte.Length, decoded_char, 0);
//Decodes a sequence of bytes from the specified byte array and any butes in the internal buffer into the specified character array
string resultstring = new String(decoded_char);
return resultstring;
}
No comments:
Post a Comment