C# – Password Encoder – MD5 Cryptography Service Provider


When trying to develop say, a simple login form, do you “in all honesty” pass the password string (********) to the back end server and try comparing it to the one saved on the database? If this is true then, your security features is not so strong (even if your using APIs that stripped SQLs in case of injection).

  • Password passed as String – can be hacked – most certainly when your site does not use HTTPS (S – for secure – https basically opens up another secure port for your request – thus allowing transactions with high security).
  • Password on Database as String? – What if your database was hacked? What if a hacker finds out about your Database Connection – by developing a randomizer algorithm that endlessly try to access your database?

There are complicated design concepts that solves this simple security and one of the basic way of doing so is the use of: Encryption.

When I tried developing my first C# application (expense manager), the first module I developed is the Login Screen – This is all the pre-loaded objects will be initialize as well as the user session.

I use an MD5 Cryptography Service Provider for the passwords that goes in and out of the database. Check out the code below:

public static string EncodePassword(string originalPassword) {

Byte[] originalBytes;
Byte[] encodedBytes;
MD5 md5;


// Create MD5 Cryptography Service Provider.
md5 = new MD5CryptoServiceProvider();
originalBytes = ASCIIEncoding.Default.GetBytes(originalPassword);
encodedBytes = md5.ComputeHash(originalBytes);
return BitConverter.ToString(encodedBytes);

}

you have to import: System.Security.Cryptography before you can use it though.

The code above allows me to encrypt the password using the MD5 Hash algorithm and vice versa (convert it to its original string form).

Get this, you can use this Service and create your own Crytopgraphy algorithm so that you can malformed the encrypted strings on your own. 🙂 This will allow you to really put some strong defense on your system as well as in your design.

Would you put your data at risk?

Introduction to Microsoft Visual Studio – C#.NET Development


Welcome to Microsoft C#.net development. Your first project: Simple Calculator.

I’ve tried creating a calculator Application so that I can learn the technology more in terms of hands on experience. Simple at it seems (above), its just do basic arithmetic computation and some form design for the calculator. There is actually a catch in this project, though who cares about the catch. As long as its working right?

Newbie Review: 

Visual Studio 2010 is just plain sweet and slick – The IDE is very fast, considering that a lot of components are embedded in it. It has all the helper wizards that every C# developer want. From Database Connection Wizards, ERD, Class Diagrams, Team Collaboration tools to code intellisense, all of which is available in the IDE.

Top Down development or bottom up – You can start your project with the Class Diagram or you can code them right away.

Platform Specific Development – What I really like about the product is the end goal to support platform specific development (mobile, desktop and web). You can actually develop applications using only C# that can be installed on any “windows-based” platforms.

Creation of Unit Test Case – Developers can leverage on this feature to create Unit Test for their modules and components.

Database / Schema Viewer – All in one IDE with Database Viewer Support.

Though I think Java Enthusiast out there will disagree. Its actually not a bad investment to move or learn. Most of the C# Language syntax and features are similar to Java Language (believe me, I’m a Java Enthusiast myself).  Developers can quickly create a solution since its overall very fun and easy to learn.