Tycoon Talk
Become a Big fish!
The number 1 forum for online business!
Post topics, ask questions, share your knowledge.
Tycoon Talk is part of Freelancer.com - find skilled workers online at a fraction of the cost.

ASP.NET Forum


You are currently viewing our ASP.NET Forum as a guest. Please register to participate.
Login


Tycoon Talk > Web Development and Programming Support > ASP.NET Forum > Masking password

Reply
Masking password
Old 09-16-2005, 08:02 AM Masking password
tcb
Experienced Talker

Posts: 34
Trades: 0
Talkupation: tcb is on a distinguished road
Hello,

I have a login page and I am storing the name of the users and their passwords in a database (I am using dsn to access and put data into the database). But I would like that these passwords were like ****** inside the databse. Does anyone know how I can do that?

Thanks in advance.
tcb.
tcb is offline
Reply With Quote
View Public Profile
 
 
Register now for full access!
Old 09-16-2005, 10:21 AM
ExpressoDan's Avatar
Ultra Talker

Posts: 317
Name: This Space for Rent
Location: Georgia
Trades: 0
Talkupation: ExpressoDan is just really niceExpressoDan is just really niceExpressoDan is just really niceExpressoDan is just really nice
I dont think there is an easy solution to that without using some sort of encryption.

Not sure what your level of experience is with asp, but this site offers a very good of an encryption method that will store the values in your database as unreadable. then you can use it to decrypt the text when it come back. Hopefully this helps and you can figure it out.

http://www.planet-source-code.com/vb...txtCodeId=6646
ExpressoDan is offline
Reply With Quote
View Public Profile Visit ExpressoDan's homepage!
 
Old 09-16-2005, 11:27 AM
Minaki's Avatar
Defies a Status

Posts: 1,626
Location: Guildford, UK
Trades: 0
Talkupation: Minaki has a spectacular aura aboutMinaki has a spectacular aura about
Here is an ASP.NET soloution:
http://www.sitepoint.com/article/sec...words-database

The principal would be the same for ASP, you may need to find an MD5 function from somewhere though cos ASP doesn't come with anything like that.

Or even better... switch to .NET
__________________
Minaki Serinde MCP
"Wow, Linux is nearly on-par with Windows ME!"

Please login or register to view this content. Registration is FREE
|
Please login or register to view this content. Registration is FREE
Minaki is offline
Reply With Quote
View Public Profile Visit Minaki's homepage!
 
Old 09-17-2005, 03:51 PM
spudge's Avatar
Skilled Talker

Posts: 77
Location: Kirkland, WA
Trades: 0
Talkupation: spudge is on a distinguished road
Anytime I'm working in ASP and need to encrypt something, I use XICE Encryption. You can get full source code in ASP for free at http://www.xice.net/sdkreg.asp

The method I use is to encrypt the password by itself, and store that in the database. Then to check to see if the user enters the correct password on a login form, I'll decrypt whatever is in the database with whatever they enter, and if it comes back as the same thing they entered (their password) then you know it's correct, otherwise you know it's wrong.

If the user forgets their password though, you'll have to have some sort of reset mechanism that resets their password to something random and emails it to them.

Anyway this method seems to provide the best security.
__________________

Please login or register to view this content. Registration is FREE
Last edited by spudge; 09-17-2005 at 03:56 PM..
spudge is offline
Reply With Quote
View Public Profile Visit spudge's homepage!
 
Old 09-18-2005, 03:46 PM
Minaki's Avatar
Defies a Status

Posts: 1,626
Location: Guildford, UK
Trades: 0
Talkupation: Minaki has a spectacular aura aboutMinaki has a spectacular aura about
Reversable encryption has it's weaknesses in this application... if the same person who's snooping around in your DB has access to your sourcecode, then they can find the key and decrypt he passwords. Hashed passwords can't be decryped.
__________________
Minaki Serinde MCP
"Wow, Linux is nearly on-par with Windows ME!"

Please login or register to view this content. Registration is FREE
|
Please login or register to view this content. Registration is FREE
Minaki is offline
Reply With Quote
View Public Profile Visit Minaki's homepage!
 
Old 09-23-2005, 05:55 AM Thanks
tcb
Experienced Talker

Posts: 34
Trades: 0
Talkupation: tcb is on a distinguished road
Thanks to everyone who posted. It really helped me.
I decided to use the RC4 algorithm and it it's very good, since you can encrypt and decrypt the data.

tcb
tcb is offline
Reply With Quote
View Public Profile
 
Reply     « Reply to Masking password
 
Previous Thread | Next Thread Tycoon Talk > Web Development and Programming Support > ASP.NET Forum > Masking password

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off




   
RSS Feed  Feeds: RSS   JS   XML
RSS Feed  Feeds for this forum: RSS   JS   XML



Page generated in 0.42040 seconds with 12 queries