More secure passwords
Storing a plain-text password in a DB leaves your system open to abuse from anybody with access to the tables (sys admin for example). Here is the technique I recently used. Instead of storing the password itself I store a hash of the password, and a random "salt" that was used to create the hash to make it less predictable. [UmlTaggedValue("Eco.Length", "255")] private string PasswordHash { get { ... } set { ... } } [UmlTaggedValue("Eco.AllowNULL", "True")] [UmlTaggedValue("Eco.Length", "40")] private string PasswordSalt { get { ... } set { ... } } As you can see I do not store the password, just a hash + salt, both of which are private. Here are the methods used to set the values of these properties. public void SetPassword(string newPassword) { if (newPassword == null) throw new ArgumentNullException("password"); if (newPassword.Length < 6) throw new