我正在使用C#应用程序。我的XML文件中有两个敏感数据,即用户名和密码。加密XML属性值和元素?
I want to:
登录,保存文件和加载xml时,加密和解密用户名和密码。任何人都可以帮助我吗?
XML文件
<Users>
<user username="kelil2000">
<password>123</password>
<author>Home Owner</author>
<name>Kelil</name>
<mobile>0911</mobile>
</user>
<user username="usminuru">
<password>1234</password>
<author>Home Owner</author>
<name>Ismail K.</name>
<mobile>0910178976</mobile>
</user>
</Users>
登录:
if (txtUserName.Text == "" || txtPassword.Text == "")
{
MessageBox.Show("Username or Passowrd field is empty, try again!");
ClearTextBoxes();
return;
}
int i = 0; // we use this variable to count if ther’s a user with this name
XmlDocument myXml=new XmlDocument();
myXml.Load(Application.StartupPath + "/AppUsers/Users.xml");
XmlNodeList userList = myXml.SelectNodes("Users/user");
foreach(XmlNode user in userList)
{
string userName = user.Attributes["username"].Value;
string userPassword = user["password"].InnerText;
string userAuthor = user["author"].InnerText;
if (userName == txtUserName.Text)
{
++i;
if (userPassword == txtPassword.Text)
{
Form panel;
this.Opacity = 0;
switch(userAuthor)
{
case "Home Owner":
panel = new MainWindow();
panel.Show();
break;
case "Member" :
panel = new Report();
panel.Show();
break;
}
}
else
{
MessageBox.Show("Wrong Password!");
ClearTextBoxes();
}
}
}
if (i == 0)
MessageBox.Show("No specified user with this name!");
ClearTextBoxes();
}
保存XML:
private void AddUser()
{
if (txtUserName.Text == "" || txtPassword.Text == "" || cmbAuthor.Text == "" || txtName.Text == "" || txtMobile.Text == "")
{
MessageBox.Show("Filed is empty");
return;
}
try
{
string _file = (Application.StartupPath + "/AppUsers/Users.xml");
XDocument doc;
if (!File.Exists(_file))
{
doc = new XDocument();
doc.Add(new XElement("Users"));
}
else
{
doc = XDocument.Load(_file);
}
doc.Root.Add(
new XElement("user",
new XAttribute("username", txtUserName.Text),
new XElement("password", txtPassword.Text),
new XElement("author", cmbAuthor.Text),
new XElement("name", txtName.Text),
new XElement("mobile", txtMobile.Text)
)
);
doc.Save(_file);
}
catch (Exception ex)
{
MessageBox.Show("Something Wrong!" + ex.ToString());
}
}
加载XML文件
private void loadXmlData()
{
listView1.Items.Clear();
XDocument doc = XDocument.Load(Application.StartupPath + "/AppUsers/Users.xml");
doc.Descendants("user").ToList()
.ForEach(x => listView1.Items.Add(
new ListViewItem(
new string[] {
x.Attribute("username").Value,
x.Element("password").Value,
x.Element("author").Value,
x.Element("name").Value,
x.Element("mobile").Value}))
);
}
您绝对*不想*保存用户密码,加密或其他方式,在服务器上的任何位置。如果有的话,你想存储用户密码的[secure salted hashes](https://crackstation.net/hashing-security.htm)。如果你是“所有这些东西”的新手,我**强烈建议你不要触摸它,直到你知道你在做什么。密码学很难。即使对于有经验的人来说,滚动您自己的安全系统始终是一个非常糟糕的主意。不要这样做。寻找现成的图书馆。 – Tomalak
千万不要存储密码!当然不是纯文本,也不是加密的。加密可以解密!始终存储散列(和盐渍)密码。主要的区别是散列算法*不可*通过设计可逆。请参阅http://stackoverflow.com/a/401684/1336590(不仅与php相关)。 – Corak