469,658 Members | 1,835 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,658 developers. It's quick & easy.

How can I encrypt the password stored in a database table ?

Hi. I am writing an app which stores usernames/passwords and email addresses
in a database table.

The question is how can I encrypt the password provided by the user ?

FormsAuthentication.Encrypt produces an encrypted string, but it is for use
in a ticket.

On the other hand, FormsAuthentication.HashPasswordForStoringInConfig File
produces an encrypted string for use in a config.xml file.
Anyway, even if I wanted to use this one, how do I reverse it (decrypt it)
in order to be able to send it to the user in case he requests it (Forgotten
password) ?

The second question would be how do I get my application's name ?

Thanks a lot, Alex.
Nov 19 '05 #1
3 2305
I think you should hash the password. It's true you can't decrypt it, but
neither can anybody else, therefore you will never be liable for letting
people's passwords get stolen.
Here are the details:
http://SteveOrr.net/faq/encrypt.aspx

--
I hope this helps,
Steve C. Orr, MCSD, MVP
http://SteveOrr.net
"Alex Nitulescu" <RE***********************@yahoo.com> wrote in message
news:%2****************@TK2MSFTNGP10.phx.gbl...
Hi. I am writing an app which stores usernames/passwords and email
addresses in a database table.

The question is how can I encrypt the password provided by the user ?

FormsAuthentication.Encrypt produces an encrypted string, but it is for
use in a ticket.

On the other hand, FormsAuthentication.HashPasswordForStoringInConfig File
produces an encrypted string for use in a config.xml file.
Anyway, even if I wanted to use this one, how do I reverse it (decrypt it)
in order to be able to send it to the user in case he requests it
(Forgotten password) ?

The second question would be how do I get my application's name ?

Thanks a lot, Alex.

Nov 19 '05 #2
Yes, Steve, but in this case how could I provide that "fogotten password"
feature - I plan to be able to send an email to the user, containing the
username & password, as most sites do !

Should I roll up my own encryption/decryption system, then ?

"Steve C. Orr [MVP, MCSD]" <St***@Orr.net> wrote in message
news:ek**************@TK2MSFTNGP12.phx.gbl...
I think you should hash the password. It's true you can't decrypt it, but
neither can anybody else, therefore you will never be liable for letting
people's passwords get stolen.
Here are the details:
http://SteveOrr.net/faq/encrypt.aspx

--
I hope this helps,
Steve C. Orr, MCSD, MVP
http://SteveOrr.net
"Alex Nitulescu" <RE***********************@yahoo.com> wrote in message
news:%2****************@TK2MSFTNGP10.phx.gbl...
Hi. I am writing an app which stores usernames/passwords and email
addresses in a database table.

The question is how can I encrypt the password provided by the user ?

FormsAuthentication.Encrypt produces an encrypted string, but it is for
use in a ticket.

On the other hand, FormsAuthentication.HashPasswordForStoringInConfig File
produces an encrypted string for use in a config.xml file.
Anyway, even if I wanted to use this one, how do I reverse it (decrypt
it) in order to be able to send it to the user in case he requests it
(Forgotten password) ?

The second question would be how do I get my application's name ?

Thanks a lot, Alex.


Nov 19 '05 #3
Okay, sorry, Steve, I rushed to answer you BEFORE noticing and therefore
reading your link. I'll follow the links on the page provided.

Thanks a lot for your time,
Alex.

"Steve C. Orr [MVP, MCSD]" <St***@Orr.net> wrote in message
news:ek**************@TK2MSFTNGP12.phx.gbl...
I think you should hash the password. It's true you can't decrypt it, but
neither can anybody else, therefore you will never be liable for letting
people's passwords get stolen.
Here are the details:
http://SteveOrr.net/faq/encrypt.aspx

--
I hope this helps,
Steve C. Orr, MCSD, MVP
http://SteveOrr.net
"Alex Nitulescu" <RE***********************@yahoo.com> wrote in message
news:%2****************@TK2MSFTNGP10.phx.gbl...
Hi. I am writing an app which stores usernames/passwords and email
addresses in a database table.

The question is how can I encrypt the password provided by the user ?

FormsAuthentication.Encrypt produces an encrypted string, but it is for
use in a ticket.

On the other hand, FormsAuthentication.HashPasswordForStoringInConfig File
produces an encrypted string for use in a config.xml file.
Anyway, even if I wanted to use this one, how do I reverse it (decrypt
it) in order to be able to send it to the user in case he requests it
(Forgotten password) ?

The second question would be how do I get my application's name ?

Thanks a lot, Alex.


Nov 19 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

4 posts views Thread by Neil Ginsberg | last post: by
3 posts views Thread by Luis Esteban Valencia | last post: by
2 posts views Thread by Miles Keaton | last post: by
8 posts views Thread by Declan Barry | last post: by
12 posts views Thread by googlegroups | last post: by
6 posts views Thread by Aneesh P | last post: by
4 posts views Thread by Gilles Ganault | last post: by
reply views Thread by gheharukoh7 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.