안녕하세요, 저는이 잘못된 길을 돌릴 수 있습니다. 누군가 해시/암호 해독 방법을 설명하는 데 도움이 될 수 있습니다. 당신은 클라이언트 또는 webservice에서합니까?인증, 해시, 소금, https 프로세스?
내가 한 내 서비스에 나는 그것을 저장하기 전에이 암호의 해시/소금을 생성 할, 암호 DataMember를이있는 datacontract :
So here is the process in which I was thinking.
Rest Service has https for secure connection
User creates account (along with password)
//to stop packet sniffing when user creates account https is used during POST so no one can see the password?
web service then creates a hash of the password to store it
//so if anyone did get access to the service/database they couldnt make much use of the data in terms of breaching accounts
Then some means to authenticate that user there after
이 맞습니까?