koobas.hobune.stream
Is this a secure way to collect passwords?
Currently, I am using Gamesparks as the backend for my unity game. To do so, I have two input fields (one for username and one for passwords). When each input field is changed, I call the input field specific "On End Edit" (in the editor), and then call a method from my script which stores the variable using setPassword.
public void setPassword(string password){
this.password = password;
}
Password is a private variable, but I'm curious if this leaves me susceptible to hackers and if there is a more standard way of securely collecting passwords from input fields. These variables will then be applied to the authentication request method. Is it better to make an overarching method like so, or is that still problematic?
//username would still be defined in a function above, but does calling this from the input field secure it?
public void login(string password){
new AuthenticationRequest()
.SetPassword(password)
.SetUserName(userName)
...
Thanks, sorry if I poorly phrased some things :P
You should never store plain text password. Always encrypt them in some how. Google encrypt C# and you should find something to make a longer nonsensical string.
Thanks for this, that was a very thorough video and I learned a lot. I guess I worded this question incorrectly, or rather didn't fully explain what I'm doing. I don't actually store the passwords in a database or anything, rather I take the password as an input and ship it out to Gamesparks to handle and tell me if the username/password combo was correct. I was wondering if the mere collection of the password temporarily was unsafe, but I think (correct me if I'm wrong) that that's fine as long as I don't store it anywhere.
Thanks a bunch!
Hash them using something like the SHA256 provider and when you have to challenge, hash the input from the user and see if the two hashes match.
byte[] data = System.Text.Encoding.ASCII.GetBytes(inputString);
data = new System.Security.Cryptography.SHA256Managed().ComputeHash(data);
String hash = System.Text.Encoding.ASCII.GetString(data);
There is SecureString for this purpose: https://docs.microsoft.com/en-us/dotnet/api/system.security.securestring?view=net-5.0
