How should I go about creating a registration page in Windows forms? I can easily create a registration page, but I'm not sure if it's the best way. I'd have a service account that is hard coded, and it creates entries in a user table. I don't like to hard code passwords, but I don't know of another way. I guess in every case I'd end up having to hard code a password, right? I do have SSL enabled, and I've Wiresharked it and was unable to read any of the traffic.
Here's a simplified example of some code I wrote a while ago:
Public Class Registration
Dim connStr As String = "server=domain.com; port=3306; user id=userid;password=password;database=db;SslMode=Required;"
Dim msc As New MySqlConnection
Private Sub registerBTN_Click(sender As System.Object, e As System.EventArgs) Handles registerBTN.Click
Dim dr As MySqlDataReader
dr = checkUsername.ExecuteReader()
Dim match As Boolean = False
While dr.Read()
If dr("Username").ToString = usernameTXT.Text Then
match = True
Exit While
End If
End While
dr.Close()
If match = False Then
Dim User_GUID As Guid = New Guid
User_GUID = Guid.NewGuid()
Dim Encrypted_Password As String = Encryption(passwordTXT.Text, User_GUID.ToString)
Dim mscCMD As MySqlCommand = New MySqlCommand("INSERT INTO Users (Username, UserID, Password, Profile, Email) " & _
"VALUES (@uname, @id, @pwd, @url, @mail)", msc)
With mscCMD.Parameters
.AddWithValue("uname", usernameTXT.Text)
.AddWithValue("id", User_GUID.ToString)
.AddWithValue("pwd", Encrypted_Password)
.AddWithValue("url", urlOptTXT.Text)
.AddWithValue("mail", emailTXT.Text)
End With
mscCMD.ExecuteNonQuery()
MsgBox("Registration successful!", MsgBoxStyle.Information)
My.Settings.First_Run = False
Me.DialogResult = Windows.Forms.DialogResult.OK
Me.Close()
End Sub
Private Sub Registration_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
Try
msc.ConnectionString = connStr
msc.Open()
Catch ex As MySql.Data.MySqlClient.MySqlException
Me.Close()
End Try
End Sub
I want to know if this is a good approach. Does this have any vulnerabilities? Is there a better way to create a user registration method?
Also, here's my encryption/decryption.
Public Function Encryption(ByVal Plaintext_Password As String, ByRef User_GUID As String) As String
Dim guidANDPassword As String = User_GUID.ToString + Plaintext_Password
Dim shaobj As New Security.Cryptography.SHA1CryptoServiceProvider
Dim guidPwdBytes() As Byte = System.Text.Encoding.ASCII.GetBytes(guidANDPassword)
guidPwdBytes = shaobj.ComputeHash(guidPwdBytes)
Dim Encrypted_Password As String = String.Empty
For Each b As Byte In guidPwdBytes
Encrypted_Password += b.ToString("x2")
Next
User_GUID = User_GUID.ToString()
Return Encrypted_Password
End Function
Public Function Decryption(ByVal Plaintext_Password As String, ByVal User_GUID As String) As String
Dim guidANDPassword As String = User_GUID.ToString + Plaintext_Password
Dim shaobj As New Security.Cryptography.SHA1CryptoServiceProvider
Dim guidPwdBytes() As Byte = System.Text.Encoding.ASCII.GetBytes(guidANDPassword)
guidPwdBytes = shaobj.ComputeHash(guidPwdBytes)
Dim Encrypted_Password_Of_Specified As String = String.Empty
For Each b As Byte In guidPwdBytes
Encrypted_Password_Of_Specified += b.ToString("x2")
Next
Return Encrypted_Password_Of_Specified
End Function
Dim Encrypted_Password As String = Encryption(SQL Statement)line. That refers to a class I made to do encryption. – user287848 Nov 29 '15 at 9:12