1
嗨,我想我可能做了這個錯誤的方式任何人都可以幫助解釋你如何散列/鹽密碼。你是從客戶端還是web服務端執行?Authenticaion,哈希,鹽,https進程?
我已經具有密碼數據成員,在我服務,我做的是保存之前,這個創建密碼的哈希/鹽datacontract:
So here is the process in which I was thinking.
Rest Service has https for secure connection
User creates account (along with password)
//to stop packet sniffing when user creates account https is used during POST so no one can see the password?
web service then creates a hash of the password to store it
//so if anyone did get access to the service/database they couldnt make much use of the data in terms of breaching accounts
Then some means to authenticate that user there after
這是正確的嗎?