Hi. I am writing an app which stores usernames/passwords and email addresses
in a database table.
The question is how can I encrypt the password provided by the user ?
FormsAuthentication.Encrypt produces an encrypted string, but it is for use
in a ticket.
On the other hand, FormsAuthentication.HashPasswordForStoringInConfig File
produces an encrypted string for use in a config.xml file.
Anyway, even if I wanted to use this one, how do I reverse it (decrypt it)
in order to be able to send it to the user in case he requests it (Forgotten
password) ?
The second question would be how do I get my application's name ?
Thanks a lot, Alex. 3 2438
I think you should hash the password. It's true you can't decrypt it, but
neither can anybody else, therefore you will never be liable for letting
people's passwords get stolen.
Here are the details: http://SteveOrr.net/faq/encrypt.aspx
--
I hope this helps,
Steve C. Orr, MCSD, MVP http://SteveOrr.net
"Alex Nitulescu" <RE***********************@yahoo.com> wrote in message
news:%2****************@TK2MSFTNGP10.phx.gbl... Hi. I am writing an app which stores usernames/passwords and email addresses in a database table.
The question is how can I encrypt the password provided by the user ?
FormsAuthentication.Encrypt produces an encrypted string, but it is for use in a ticket.
On the other hand, FormsAuthentication.HashPasswordForStoringInConfig File produces an encrypted string for use in a config.xml file. Anyway, even if I wanted to use this one, how do I reverse it (decrypt it) in order to be able to send it to the user in case he requests it (Forgotten password) ?
The second question would be how do I get my application's name ?
Thanks a lot, Alex.
Yes, Steve, but in this case how could I provide that "fogotten password"
feature - I plan to be able to send an email to the user, containing the
username & password, as most sites do !
Should I roll up my own encryption/decryption system, then ?
"Steve C. Orr [MVP, MCSD]" <St***@Orr.net> wrote in message
news:ek**************@TK2MSFTNGP12.phx.gbl... I think you should hash the password. It's true you can't decrypt it, but neither can anybody else, therefore you will never be liable for letting people's passwords get stolen. Here are the details: http://SteveOrr.net/faq/encrypt.aspx
-- I hope this helps, Steve C. Orr, MCSD, MVP http://SteveOrr.net
"Alex Nitulescu" <RE***********************@yahoo.com> wrote in message news:%2****************@TK2MSFTNGP10.phx.gbl... Hi. I am writing an app which stores usernames/passwords and email addresses in a database table.
The question is how can I encrypt the password provided by the user ?
FormsAuthentication.Encrypt produces an encrypted string, but it is for use in a ticket.
On the other hand, FormsAuthentication.HashPasswordForStoringInConfig File produces an encrypted string for use in a config.xml file. Anyway, even if I wanted to use this one, how do I reverse it (decrypt it) in order to be able to send it to the user in case he requests it (Forgotten password) ?
The second question would be how do I get my application's name ?
Thanks a lot, Alex.
Okay, sorry, Steve, I rushed to answer you BEFORE noticing and therefore
reading your link. I'll follow the links on the page provided.
Thanks a lot for your time,
Alex.
"Steve C. Orr [MVP, MCSD]" <St***@Orr.net> wrote in message
news:ek**************@TK2MSFTNGP12.phx.gbl... I think you should hash the password. It's true you can't decrypt it, but neither can anybody else, therefore you will never be liable for letting people's passwords get stolen. Here are the details: http://SteveOrr.net/faq/encrypt.aspx
-- I hope this helps, Steve C. Orr, MCSD, MVP http://SteveOrr.net
"Alex Nitulescu" <RE***********************@yahoo.com> wrote in message news:%2****************@TK2MSFTNGP10.phx.gbl... Hi. I am writing an app which stores usernames/passwords and email addresses in a database table.
The question is how can I encrypt the password provided by the user ?
FormsAuthentication.Encrypt produces an encrypted string, but it is for use in a ticket.
On the other hand, FormsAuthentication.HashPasswordForStoringInConfig File produces an encrypted string for use in a config.xml file. Anyway, even if I wanted to use this one, how do I reverse it (decrypt it) in order to be able to send it to the user in case he requests it (Forgotten password) ?
The second question would be how do I get my application's name ?
Thanks a lot, Alex.
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: wqhdebian |
last post by:
As far as I know,when encrypt or decrypt ,a key must first be got,and
the key is first generate by a tool or from SecurityRandom,that means
I can not generate the same key with the same input.Does...
|
by: Neil Ginsberg |
last post by:
I have ODBC linked tables to a SQL 7 database in an A2K database. The linked
tables do not have the password stored in them, so the first time the user
accesses them, they need to enter the SQL...
|
by: Henry |
last post by:
Hi, my asp.net application is accessing a mssql on another server.
This works fine when I use this in my web.config file:
<add key="dbkey"...
|
by: Luis Esteban Valencia |
last post by:
Hello I want to encrypt the sqlconenction string on the xml
configuration files.
The problem is the following
I have an application at my company that accesses a sql server local
database. ...
|
by: Miles Keaton |
last post by:
still doing my switch from MySQL to PgSQL, and can't figure out what
the comparable function would be for this:
In MySQL, to store a big secret (like a credit card number) in the
database that I...
|
by: Declan Barry |
last post by:
Hi all..
Does anyone have a php script that would allow me to encrypt the
contents of a txt file?
I have an excel file which has a list of usernames and generated
passwords. What I would...
|
by: googlegroups |
last post by:
Hi, I'm making a javascript program for rolling dice for a roleplaying
game that's played in a forum. The die roll gets generated, gets stored
as text in a hidden form field, and then gets written...
|
by: Aneesh P |
last post by:
Hi All,
I need to encrypt some fields esp password key values in configuration
file while installting the application using .Net installer project
and decrypt those values from my...
|
by: Gilles Ganault |
last post by:
Hello
I'd like to encrypt a customer's organization name to use this as
their password to launch our application, and decrypt it within our
VB5 application.
We will then use this information...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
| |