Store a Salted Password Hash in a Database

Problem

You want to store password information in a database, but you want to make sure the passwords aren’t clearly visible.

Solution

Instead of storing a plain text password, store a salted hash of the password in the database as a binary field. This password hash is still suitable for authentication, but much more difficult for an attacker to reverse engineer.

Discussion

Many applications authenticate users by comparing a supplied username and password with information stored in a back-end database. Often, the password information is stored in the database as plain text, which raises a serious security risk. If a malicious user can gain access to the database server, even for only a few minutes, the attacker ...

Get Microsoft® Visual Basic® .NET Programmer's Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.