473,562 Members | 2,597 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

protecting password

I am using ms access database and asp 3.0 as my front end. In my
database there is a table called account and a field called password.
How do I protect the password stored in the database.

Jun 14 '06 #1
21 2922
solomon_13000 wrote on 14 jun 2006 in
microsoft.publi c.inetserver.as p.general:
I am using ms access database and asp 3.0 as my front end. In my
database there is a table called account and a field called password.
How do I protect the password stored in the database.


By not showing it on your website?

Protect against whom, btw?

I suspect every record in your table has a field called "password".

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
Jun 14 '06 #2
Protect from hackers who could probably intercept the password as it
travels from a secure to unsecure to secure network.

solomon_13000 wrote:
I am using ms access database and asp 3.0 as my front end. In my
database there is a table called account and a field called password.
How do I protect the password stored in the database.


Jun 14 '06 #3
"solomon_13 000" wrote ...
Protect from hackers who could probably intercept the password as it
travels from a secure to unsecure to secure network.


client-side hash of the password before sending it....
SSL whilst in transit
store a hashed password instead of plain text...

Just a few thoughts..

Regards

Rob
Jun 14 '06 #4
On Wed, 14 Jun 2006 08:11:55 -0500, solomon_13000
<so***********@ yahoo.com> wrote:
How do I protect the password stored in the database.


The best way would be to store a hash of the password, rather than the
password itself. Microsoft has a redistributable API[1] that you can use
to generate the hash. Below I have included a function that demonstrates
the use of this API in VBScript.

' Function: Hash
' Generate a hash of a string value using the SHA1 algorithm.
'
' Arguments:
' value - The text to process
'
' Returns:
' A string containing the hexadecimal representation of the
' hash value.
Function Hash(value)
Dim data: Set data = CreateObject("C APICOM.HashedDa ta")
data.Algorithm = 0 ' CAPICOM_HASH_AL GORITHM_SHA1
data.Hash value
Hash = data.Value
End Function

When the visitor creates his account, you would use a function such as
this to generate a hash of the password he provided, and store that in the
database. Later, when the user logs in to your site, you would again
generate a hash of the password he provides and compare it to the one you
stored previously.

Keep in mind that, regardless of the length of the password, the hash will
be 40 characters long. Your database schema will need to reflect this.

[1] Platform SDK Redistributable : CAPICOM
http://www.microsoft.com/downloads/d...DisplayLang=en

--
Justin Piper
Bizco Technologies
http://www.bizco.com/
Jun 14 '06 #5
Why are you passing a visible password from a secure to an unsecured
network?

Bob Lehmann

"solomon_13 000" <so***********@ yahoo.com> wrote in message
news:11******** **************@ c74g2000cwc.goo glegroups.com.. .
Protect from hackers who could probably intercept the password as it
travels from a secure to unsecure to secure network.

solomon_13000 wrote:
I am using ms access database and asp 3.0 as my front end. In my
database there is a table called account and a field called password.
How do I protect the password stored in the database.

Jun 15 '06 #6
Because its an internet based application.

solomon_13000 wrote:
I am using ms access database and asp 3.0 as my front end. In my
database there is a table called account and a field called password.
How do I protect the password stored in the database.


Jun 15 '06 #7
solomon_13000 wrote on 15 jun 2006 in
microsoft.publi c.inetserver.as p.general:
solomon_13000 wrote:
I am using ms access database and asp 3.0 as my front end. In my
database there is a table called account and a field called password.
How do I protect the password stored in the database.

[please do not toppost on usenet]
Because its an internet based application.


You seem to be answering yourself an unasked question?

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
Jun 15 '06 #8
I was asked:

Why are you passing a visible password from a secure to an unsecured
network?

My answer: Because its an internet based application

secure: hosting company server (I dont own the company)
unsecured: internet (free space)
end user: anyone including me

So if I have a login page, I supply my password and username, press the
submit button, the information will travel from the end user to the
hosting company server via an unsecured network, validated and the
results will be returned (true/false). Now anyone could possibly
intercept the password and username and do alot of damange if its not
secured.

solomon_13000 wrote:
I am using ms access database and asp 3.0 as my front end. In my
database there is a table called account and a field called password.
How do I protect the password stored in the database.


Jun 15 '06 #9
solomon_13000 wrote on 15 jun 2006 in
microsoft.publi c.inetserver.as p.general:

solomon_13000 wrote:
I am using ms access database and asp 3.0 as my front end. In my
database there is a table called account and a field called password.
How do I protect the password stored in the database.
I was asked:

Why are you passing a visible password from a secure to an unsecured
network?

My answer: Because its an internet based application

secure: hosting company server (I dont own the company)
a network?
unsecured: internet (free space)
end user: anyone including me

So if I have a login page, I supply my password and username, press the
submit button, the information will travel from the end user to the
hosting company server via an unsecured network, validated and the
results will be returned (true/false). Now anyone could possibly
intercept the password and username and do alot of damange if its not
secured.


Secure HyperText Transfer Protocol.
<http://en.wikipedia.or g/wiki/Secure_hypertex t_transfer_prot ocol>

Or use one-time passwords.

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
Jun 15 '06 #10

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
1320
by: M.C. Radhakrishnan | last post by:
Hi, I need to provide a facility to do routine database administration (backups, etc.) without allowing the logged in user to modify the data in any of the SQL server tables. Is there any way to accomplish this (such as maybe password protecting the tables or otherwise)? I am fairly new to SQL server - so would appreciate any pointers to...
6
1757
by: Nate A | last post by:
I am at the beginning stages of writing a massive database-connected business management application using the .NET framework and am becoming worried about the security of the application upon completion. I have recently become aware of the ease at which a .NET assembly can be disassembled into its easily readable, underlying CLI code. I can...
3
1590
by: netsurfer | last post by:
hi..I'm working on a project that requires files to be password protected on a UNIX based site. The people that own the web site want to be able to change the password every so often. Unfortunately, I have restricted access only to FTP so I really can't log in to any kind of Administrative Console or Admin Panel and see if there are folders...
3
1697
by: Robizzle | last post by:
I write a simple php script where I can post news to my website. There is an html page (makenews.html) that has forms for username (in this example it is 'admin'), password (in this example it is 'admin'), subject line and message body. Once I fill out the information and click submit, the html page sends the info to makenews.php. This...
8
1753
by: Iain Napier | last post by:
I'm in the middle of developing a website with a downloads section. It's a wad of educational software for an LEA which for obvious reasons needs password protecting. Users have to authenticate before being allowed to search and getting a link to the download. Don't want the users to get at the files without logging in first, so I created...
1
1315
by: darrel | last post by:
I need to be able to password protect individual pages. For instance: /protected.aspx?id=123 /protected.aspx?id=555 Both would need to be only accessible to two different people (with their own usr/pwd). What is the most appropriate way to handle this?
2
2475
by: Jeff Williams | last post by:
I am developing an application which will allow users (students) to run applications on PC's with elevated rights. This is necessary for some applications which require Administrator rights on the PC. I now need to store the local administrator username and password somewhere where my application can read this from. I am looking for...
3
1802
by: Porkie999 | last post by:
-----------------------------------------------------------------------QUESTION hi i am really stuck with this and its only a small problem. i want to be able to type ......... dsfsjfjsjjfs in User Box fjdjskfjds in password box www.thescripts.com in website box then i want to have a button which says "save" which then saves the 3 above...
8
1883
djsjm
by: djsjm | last post by:
Hello again. So I googled myself into finding this code: <?php // Define your username and password $username = "someuser"; $password = "somepassword"; if ($_POST != $username || $_POST != $password) { ?>
0
7658
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
0
7579
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language...
0
8101
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
1
7630
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
0
7940
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
0
5198
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert...
0
3609
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
2075
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
1
1192
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.