473,778 Members | 6,976 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Storing passwords in database

I am using SQL Server as the database for my ASP.NET app.

I have a users table with a password field. What is the best way to encrypt
it before it goes into the table, then decrypt it to read the value? Any
sample code or links would be helpful.

Thanks!
Nov 18 '05 #1
4 1880
You shouldn't encrypt or decrypt it at all. What you should do is create
a hash of the password value and then store it in the database. The next
time the user tries to logon you should hash the password they entered
and compare it to the stored hash, if they are the same then the user
entered the proper password. This helps prevent anyone with access to
your database (for legitimate or other wise) purposes from figuring out
people's passwords (as the hash can not be reversed). You may also
consider salting the password when hashing it.

Here's one site with some info:

http://www.ondotnet.com/pub/a/dotnet...chap01/?page=2

others can be located using a search on google for:

dotnet password hash salt

Hope this helps.

Have A Better One!

John M Deal, MCP
Necessity Software
VB Programmer wrote:
I am using SQL Server as the database for my ASP.NET app.

I have a users table with a password field. What is the best way to encrypt
it before it goes into the table, then decrypt it to read the value? Any
sample code or links would be helpful.

Thanks!

Nov 18 '05 #2
Try using .Net Crypto API . it provides the best tested algorithams for
encryption.
Try using trusted_connect ion=true; in the web.config file instead of using
sql connection string with username and password

HTH
"VB Programmer" <Do************ *****@jEmail.co m> wrote in message
news:uu******** ******@TK2MSFTN GP12.phx.gbl...
I am using SQL Server as the database for my ASP.NET app.

I have a users table with a password field. What is the best way to
encrypt it before it goes into the table, then decrypt it to read the
value? Any sample code or links would be helpful.

Thanks!

Nov 18 '05 #3
I agree with John that hashing is preferable. Most programmers would
consider it to be the best practice.
Here's an example for you:
http://www.aspnetpro.com/NewsletterA...200304so_l.asp

--
I hope this helps,
Steve C. Orr, MCSD, MVP
http://Steve.Orr.net
"VB Programmer" <Do************ *****@jEmail.co m> wrote in message
news:uu******** ******@TK2MSFTN GP12.phx.gbl...
I am using SQL Server as the database for my ASP.NET app.

I have a users table with a password field. What is the best way to
encrypt it before it goes into the table, then decrypt it to read the
value? Any sample code or links would be helpful.

Thanks!

Nov 18 '05 #4
I just finished programming the same thing that you want to do and I used,

http://msdn.microsoft.com/library/de...SecNetHT03.asp

That's all you will need, follow it step-by-step, by far the most secure
password handling out there using the SHA-1 type.
"VB Programmer" <Do************ *****@jEmail.co m> wrote in message
news:uu******** ******@TK2MSFTN GP12.phx.gbl...
I am using SQL Server as the database for my ASP.NET app.

I have a users table with a password field. What is the best way to encrypt it before it goes into the table, then decrypt it to read the value? Any
sample code or links would be helpful.

Thanks!

Nov 18 '05 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
2
1693
Advice wanted for storing passwords in a database
by: Fred Emmott | last post by:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi - just wondering how I should store passwords in a database - I was thinking MD5 hashes would be a good idea - but I've heard it's better to "salt" them - how would I do this? I've tried google, but most of the results seem to be written by people with no idea of security implementations, thinking that "encryption" = "magic security dust".
PHP
14
4074
Inserting Random Passwords into Database
by: Miranda | last post by:
Hi, I have a ASP/vbscript program that generates random passwords. The problem is I need to insert those passwords into an Access database of 327 clients. I have the random password program generating the 327 passwords, but have had no luck inserting them. =============================================== Here is the code that generates the passwords: =============================================== <% Option Explicit %>
ASP / Active Server Pages
6
2452
storing passwords in database
by: Bartosz Wegrzyn | last post by:
hi, I would like to store windows passwords and usernames in database. Please tell me where to start? What database can I use? Can I use free microsoft database? Thanks Bart
Microsoft SQL Server
1
2237
Storing passwords
by: Oleg Lebedev | last post by:
My application needs to store user names and passwords in the database via JDBC connection. What is the right way to do this? What should be the database type of the password column? How do I encrypt the password before sending it to the database? What other database settings need to be enabled for this to work? Thanks. Oleg
PostgreSQL Database
1
1376
Hash Passwords
by: Shapper | last post by:
Hello, I created a login system and I my passwords are being hashed. I need to check if everything is working so I need to generate some hashed passwords to replace the actual passwords I have in this moment in my database. How can I do this? I have the following data in my database: USER PASSWORD
ASP.NET
0
1157
Storing and passing secure passwords to MS Exchange
by: scoomey | last post by:
Hi folks- I've got an interesting problem. For our homebrewed PHP intranet application, I will soon be required to give users access to their email/calendar information from Microsoft Exchange. I've found a nice set of classes that seems to pretty seemlessly integrate PHP with Exchange via WebDAV. (Wish this could be done over SOAP, but that's another issue entirely.) Here's the issue: Currently, I authenticate all users via LDAP to...
PHP
5
1785
storing database connection strings
by: djc | last post by:
is it still customary to use web.config and global.asax to store connection strings? For example storing the string in web.config and using application start procedure in global.asax to declare a global app variable? I'm an off and on hobby programmer and this was the last method recommended to me. As I start new projects I try to find out and follow the recommended practices of the day.
ASP.NET
2
2103
Checking for passwords
by: Simon.Whiteside | last post by:
If someone has created a database for me and transferred it over is there any way that I can check I have full access to all areas? I am a beginner with Access and so the development has been done by a temporary employee who has now handed the database over to me. Not that I think he is an untrustworthy character but I would sleep easier at night if I could check he has given me 100% of the database and three months down the line I am...
Microsoft Access / VBA
3
1880
Storing Passwords
by: Eric Wertman | last post by:
I've a number of scripts set up that require a username/password combination to log in elsewhere. It's gotten to the point where I need to keep them in a more secure location, instead of just in the scripts themselves. I did a bit of searching, and haven't come up with a great way to store passwords using 2-way encryption (I have to send them as plain text). Has anyone seen anything that fits this need? I whipped up something using...
Python
0
9629
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
General
0
9470
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
Windows Server
0
10127
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
0
9923
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
General
0
8957
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
Career Advice
0
6723
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
0
5500
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
2
3627
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP
3
2865
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us