-1

使用微软 Visual Studio 2010,

基本上我有 3 个文本框,做 3 层编程。

文本框是当前密码、新密码和确认密码。

我可以知道我应该使用哪个验证器来验证:

1) 用户已输入当前密码,以便他们可以按按钮提交。

2) 用户可以选择是否输入新密码,如果输入新密码,密码应大于6个字符(不能使用特殊字符,如!!@#$%^&*())输入新密码,确认密码字段需要输入和在他们可以按下按钮提交之前与新密码进行比较

4

1 回答 1

0

TLDR: Use ASP.NET Membership controls to manage your passwords. Then add a JavaScript function to validate your data.

Passwords are sensitive data. Hackers will always try to steal them, so programmers have found ways to prevent this.

http://www.codinghorror.com/blog/2007/09/rainbow-hash-cracking.html

http://www.securityfocus.com/blogs/262

If you haven't read these, there are two major points:

1 - Don't store the actual password that the user enters: store the hash. A hash is a cryptographic function that turns an input string into a different output. This is a one-way transformation: there is no algorithm to take a hash and turn it back into it's input, but the same input will always produce the same output. (The articles describe clever methods that hackers use to try to find the original input, and ways to prevent hackers from doing these clever things). Also, don't use MD5 as your hash mechanism.

2 - Cryptography and security are very complicated, so often it's better to use someone else's code.

ASP.NET comes with various membership controls that will do the password management and hashing stuff for you. You can learn more about them here:

http://msdn.microsoft.com/en-us/library/ms178329(v=vs.100).aspx

Basically, .NET will build your Login/Forgot Password/Change Password/Create User pages for you. You won't need to worry about hashes or Rainbow Tables or anything like them, because Microsoft wrote all of that code for you.

Regarding your question about Client-Size validation, you will need to do some JavaScript. You can call a JavaScript function when the user clicks "Submit" by adding OnClientClick="return validate();" to your button. Then you need to create a validate() function (the function can be renamed, as long as you change the OnClientClick value as well). This function should help:

function validate()
{
    if( $("#<%= PasswordControl1.ClientID %>").val() != $("#<%= PasswordControl2.ClientID %>").val())
    {
        alert("Your passwords don't match. Please enter them again.");
        return false;
    }
    if( $("#<%= PasswordControl1.ClientID %>").val().length < 6 )
    {
        alert("Your password is too short. Please use a longer password.");
        return false;
    }
    // use similar function to test for illegal characters in the password, but most sites will let you enter whatever characters you want (# . ! etc...)


    document.forms[0].submit();
}
于 2013-01-07T17:54:46.740 回答