Hi
I'm writing a page withing our site that requires logins. Where should the
logins and passwords be kept? SqlServer/Access? Flat files? What are the
options and trade offs?
Thanks.
Dee 10 1285
"dee" <de*@home.net > wrote in
news:uf******** ******@TK2MSFTN GP09.phx.gbl: I'm writing a page withing our site that requires logins. Where should the logins and passwords be kept? SqlServer/Access? Flat files? What are the options and trade offs?
Anywhere you like, but you want want to hash the passwords for security.
SQL Server or Access is probably the best for easy retrieval.
--
Lucas Tam (RE********@rog ers.com)
Please delete "REMOVE" from the e-mail address when replying. http://members.ebay.com/aboutme/coolspot18/
Thanks for response.
Is hashing recommended even when database is used?
"Lucas Tam" <RE********@rog ers.com> wrote in message
news:Xn******** *************** ****@127.0.0.1. .. "dee" <de*@home.net > wrote in news:uf******** ******@TK2MSFTN GP09.phx.gbl:
I'm writing a page withing our site that requires logins. Where should the logins and passwords be kept? SqlServer/Access? Flat files? What are the options and trade offs?
Anywhere you like, but you want want to hash the passwords for security.
SQL Server or Access is probably the best for easy retrieval.
-- Lucas Tam (RE********@rog ers.com) Please delete "REMOVE" from the e-mail address when replying. http://members.ebay.com/aboutme/coolspot18/
Yes, otherwise the administrator of the database, or someone who gains
access to the database can see everyone's password in plain text.
"dee" <de*@home.net > wrote in message
news:u9******** ******@TK2MSFTN GP12.phx.gbl... Thanks for response. Is hashing recommended even when database is used?
"Lucas Tam" <RE********@rog ers.com> wrote in message news:Xn******** *************** ****@127.0.0.1. .. "dee" <de*@home.net > wrote in news:uf******** ******@TK2MSFTN GP09.phx.gbl:
I'm writing a page withing our site that requires logins. Where should the logins and passwords be kept? SqlServer/Access? Flat files? What are the options and trade offs?
Anywhere you like, but you want want to hash the passwords for security.
SQL Server or Access is probably the best for easy retrieval.
-- Lucas Tam (RE********@rog ers.com) Please delete "REMOVE" from the e-mail address when replying. http://members.ebay.com/aboutme/coolspot18/
Hi Dee,
I really suggest you look into asp.net 2 (I am on a quest to let every living
soul upgrad to v2 so I maybe biased) :
New Security Features in ASP.NET 2.0 http://msdn.microsoft.com/library/en...asp?frame=true
22/08/2005 15:47:47
Securing ASP.NET Applications - With Less Code http://msdn.microsoft.com/library/en...asp?frame=true
22/08/2005 15:46:52
New Membership Features in ASP.NET Whidbey http://msdn.microsoft.com/library/en...asp?frame=true
22/08/2005 15:46:15
If you use v2 then:
- The choice between sql server and access is transparent (access provider
will be available after the official release but I would use sql server (express)
anyway)
- You don't write a single line of code (and as a consequence give the user
more functions like recovery, secret questions,...)
- Your solution is very safe (The passes are salted out of the box. Which
developer did this in the past? My guess is <1%)
- You will feel like an action hero and thus look cooler than your colleagues
(that's why I do it)
Cheers,
Tom Pester Hi I'm writing a page withing our site that requires logins. Where should the logins and passwords be kept? SqlServer/Access? Flat files? What are the options and trade offs? Thanks. Dee
When you say 'hash' the variable, what does that mean? I do it all manually
through triggers but is there an easier way?
TIA - Jeffrey.
"Marina" <so*****@nospam .com> wrote in message
news:%2******** ********@tk2msf tngp13.phx.gbl. .. Yes, otherwise the administrator of the database, or someone who gains access to the database can see everyone's password in plain text.
"dee" <de*@home.net > wrote in message news:u9******** ******@TK2MSFTN GP12.phx.gbl... Thanks for response. Is hashing recommended even when database is used?
"Lucas Tam" <RE********@rog ers.com> wrote in message news:Xn******** *************** ****@127.0.0.1. .. "dee" <de*@home.net > wrote in news:uf******** ******@TK2MSFTN GP09.phx.gbl:
I'm writing a page withing our site that requires logins. Where should the logins and passwords be kept? SqlServer/Access? Flat files? What are the options and trade offs?
Anywhere you like, but you want want to hash the passwords for security.
SQL Server or Access is probably the best for easy retrieval.
-- Lucas Tam (RE********@rog ers.com) Please delete "REMOVE" from the e-mail address when replying. http://members.ebay.com/aboutme/coolspot18/
http://en.wikipedia.org/wiki/Hash_function
Cheers,
Tom Pester When you say 'hash' the variable, what does that mean? I do it all manually through triggers but is there an easier way?
TIA - Jeffrey.
"Marina" <so*****@nospam .com> wrote in message news:%2******** ********@tk2msf tngp13.phx.gbl. ..
Yes, otherwise the administrator of the database, or someone who gains access to the database can see everyone's password in plain text.
"dee" <de*@home.net > wrote in message news:u9******** ******@TK2MSFTN GP12.phx.gbl...
Thanks for response. Is hashing recommended even when database is used? "Lucas Tam" <RE********@rog ers.com> wrote in message news:Xn******** *************** ****@127.0.0.1. ..
"dee" <de*@home.net > wrote in news:uf******** ******@TK2MSFTN GP09.phx.gbl: > I'm writing a page withing our site that requires logins. Where > should the logins and passwords be kept? SqlServer/Access? Flat > files? What are the options and trade offs? > Anywhere you like, but you want want to hash the passwords for security.
SQL Server or Access is probably the best for easy retrieval.
-- Lucas Tam (RE********@rog ers.com) Please delete "REMOVE" from the e-mail address when replying. http://members.ebay.com/aboutme/coolspot18/
It means encrypt it.
"UJ" <fr**@nowhere.c om> wrote in message
news:uF******** ******@TK2MSFTN GP15.phx.gbl... When you say 'hash' the variable, what does that mean? I do it all manually through triggers but is there an easier way?
TIA - Jeffrey.
"Marina" <so*****@nospam .com> wrote in message news:%2******** ********@tk2msf tngp13.phx.gbl. .. Yes, otherwise the administrator of the database, or someone who gains access to the database can see everyone's password in plain text.
"dee" <de*@home.net > wrote in message news:u9******** ******@TK2MSFTN GP12.phx.gbl... Thanks for response. Is hashing recommended even when database is used?
"Lucas Tam" <RE********@rog ers.com> wrote in message news:Xn******** *************** ****@127.0.0.1. .. "dee" <de*@home.net > wrote in news:uf******** ******@TK2MSFTN GP09.phx.gbl:
> I'm writing a page withing our site that requires logins. Where should > the logins and passwords be kept? SqlServer/Access? Flat files? What > are the options and trade offs?
Anywhere you like, but you want want to hash the passwords for security.
SQL Server or Access is probably the best for easy retrieval.
-- Lucas Tam (RE********@rog ers.com) Please delete "REMOVE" from the e-mail address when replying. http://members.ebay.com/aboutme/coolspot18/
Thanks Tom
"tom pester" <To************ ********@pandor a.be> wrote in message
news:a1******** *************** ****@news.micro soft.com... Hi Dee,
I really suggest you look into asp.net 2 (I am on a quest to let every living soul upgrad to v2 so I maybe biased) :
New Security Features in ASP.NET 2.0 http://msdn.microsoft.com/library/en...asp?frame=true 22/08/2005 15:47:47 Securing ASP.NET Applications - With Less Code http://msdn.microsoft.com/library/en...asp?frame=true 22/08/2005 15:46:52 New Membership Features in ASP.NET Whidbey http://msdn.microsoft.com/library/en...asp?frame=true 22/08/2005 15:46:15 If you use v2 then:
- The choice between sql server and access is transparent (access provider will be available after the official release but I would use sql server (express) anyway) - You don't write a single line of code (and as a consequence give the user more functions like recovery, secret questions,...) - Your solution is very safe (The passes are salted out of the box. Which developer did this in the past? My guess is <1%) - You will feel like an action hero and thus look cooler than your colleagues (that's why I do it)
Cheers, Tom Pester
Hi I'm writing a page withing our site that requires logins. Where should the logins and passwords be kept? SqlServer/Access? Flat files? What are the options and trade offs? Thanks. Dee
Thanks Marina
"Marina" <so*****@nospam .com> wrote in message
news:%2******** ********@tk2msf tngp13.phx.gbl. .. Yes, otherwise the administrator of the database, or someone who gains access to the database can see everyone's password in plain text.
"dee" <de*@home.net > wrote in message news:u9******** ******@TK2MSFTN GP12.phx.gbl... Thanks for response. Is hashing recommended even when database is used?
"Lucas Tam" <RE********@rog ers.com> wrote in message news:Xn******** *************** ****@127.0.0.1. .. "dee" <de*@home.net > wrote in news:uf******** ******@TK2MSFTN GP09.phx.gbl:
I'm writing a page withing our site that requires logins. Where should the logins and passwords be kept? SqlServer/Access? Flat files? What are the options and trade offs?
Anywhere you like, but you want want to hash the passwords for security.
SQL Server or Access is probably the best for easy retrieval.
-- Lucas Tam (RE********@rog ers.com) Please delete "REMOVE" from the e-mail address when replying. http://members.ebay.com/aboutme/coolspot18/
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Joshua Beall |
last post by:
Hi All,
What is the best way to use a cookie to remember a logged in user? Would
you store the username and password in two separate cookies? Should the
password be plain text? Hashed? Not there at all?
Any feedback would be helpful. Thanks!
-Josh
|
by: DC Gringo |
last post by:
Using latest SP Win2k and .NET versions, I have a .NET application running
on server1 with a SQL Server database running on server2. I have the
Windows user account passwords sync'd for server1\aspnet (installed by .NET
Framework and server2\aspnet (created by me--this machine has no .NET
Framework on it). The aspnet user on the database...
|
by: Philippe C. Martin |
last post by:
Hi,
I am attempting to write a linux logon manager with python.
Can python access login APIs (which module ?) or do I need to write a
wrapper ?
Regards,
Philippe
|
by: Matthew Louden |
last post by:
I wrote ASP.NET application that access SQL Server database. When I run the
application, it yields "Login failed for user '<COMPUTER_NAME>\ASPNET'"
error message.
I then did the following, but still didn't work. Any ideas??
1. In IIS console, right click the virtual directory
2. click directory security tab
3. click edit button on...
|
by: Siobhan |
last post by:
Hi
What is the recommended way to store a user's database credentials across
the pages of a web application so that each time the database is accessed the
system doesn't have to ask them for their username and password again
We have previously stored these in a session variable (encrypted) and
retrieved from their - but are worried about the...
| |
by: Michael |
last post by:
Please Help me. I've got a .Net 2003 program that attaches to a SQL Server
machine and I'm getting the above error when a user tries to log in. The SQL
server is setup to use Windows Auth. and I have added the new user to the
database and have given the user access to the database for the app. But
everytime I try and login using this users ID,...
|
by: J |
last post by:
Hello. I apologize if this isn't the appropriate group for this question
but I was wondering if it's possible to allow regular windows domain users
to change their passwords through an .asp page? I'm trying to figure out
the best way to handle domain users to log into an .asp application tied
with SQL Server 2000 on the back end since I keep...
|
by: JodiPhillips |
last post by:
G'day,
I have a silly and simple problem that I need some guidance with.
Due to the way our network is set up, I am unable to use the group permissions for Access and have had to implement log in procedures via a log in table within the database. This works fine. I have now expanded this table to include further data about the authorised...
|
by: TheDude5B |
last post by:
Hi,
I have a problem with existing customers from an old site, coming to
my new asp.net 2.0 site with the user roles and membership, and trying
to login with their old details.
As you know, the new built in membership encrypts passwords (I know
you can use the system without encrypting the passwords, but this what
i have unfortunetaly...
|
by: topher23 |
last post by:
I've seen a lot of questions about how to make secure database passwords. I'm going to go over a method of encrypting a password using the MD5 encryption algorithm for maximum security.
First, you will need to download the attached class module (clsMD5.txt) and import it into your database. This class module is the core of what we're about to...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
| |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| |
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating...
| |