I'm creating a C#.Internet application in which I've designed webmaster account. How to Login for the reason that account the Administrator needs to go into the password.

My Real question is : How do you save that password?

Possible options :

  1. Global variable (Clearly incorrect because it will likely be totally reset to the default value each time I run the applying)

  2. Database Relation (Achievable however it serves to become a scalar relation only....)

I'd rather not store it inside a scalar relation because It is stupid to utilize a relation for just one entry and something column!

Can there be every other optimum method to keep password?

For security reasons I would suggest you to definitely store just the hash from the password rather than the obvious text password. You can store it in almost any persistent media you discover it convenient: file registry, database, ...

You are able to store it salted and hashed inside a user configurations file.

You have access to the default configurations file using something similar to:

private bool CheckPassword(string salt, string password) {

  var hash = Encoding.ASCII.GetBytes(salt + password);
  var sha1 = new SHA1CryptoServiceProvider();
  var sha1hash = sha1.ComputeHash(hash);
  var hashedPassword = ASCIIEncoding.GetString(sha1hash);

  return (Properties.Settings.Default.adminPass == hashedPassword );           

Have you got a database in your body already ? Then just place it there. You'll most likely possess a customers table, that may be extended to accomodate the password (?) Otherwise, you can store it inside a file.

What really matters, is you shouldn't keep password in plain text. It's bad security practice. You need to one-way hash it utilizing a good hashing formula (for example SHA512), ideally utilizing a salt.

Presuming this really is to persist anyone's qualifications around the server: store a hash from the password within the database. Ideally, you need to compute and store something similar to SALT + sha1(SALT + password) where SALT is a few random string calculated for every password saved.

Additionally as to the everybody continues to be saying about not storing a plaintext password, you should not work having a plaintext password inside a string (for instance, when obtaining the value from the text box).

The reason being strings usually stays in memory to have an unknown, out of control period of time.

They must be saved using SecureString.

When it comes to explanation:

A clear case of the machine.Chain class is both immutable and, when no more needed, can't be programmatically scheduled for garbage collection that's, the instance is read-only after it's produced which is difficult to calculate once the instance is going to be erased from computer memory. Consequently, if your String object consists of sensitive information like a password, charge card number, or private data, there's a danger the data might be revealed after it's used since your application cannot remove the information from computer memory.