473,385 Members | 1,355 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > user login and passwords

Join Bytes to post your question to a community of 473,385 software developers and data experts.

user login and passwords

dee
Hi
I'm writing a page withing our site that requires logins. Where should the
logins and passwords be kept? SqlServer/Access? Flat files? What are the
options and trade offs?
Thanks.
Dee
Nov 19 '05 #1
10 1274
"dee" <de*@home.net> wrote in
news:uf**************@TK2MSFTNGP09.phx.gbl:
I'm writing a page withing our site that requires logins. Where should
the logins and passwords be kept? SqlServer/Access? Flat files? What
are the options and trade offs?


Anywhere you like, but you want want to hash the passwords for security.

SQL Server or Access is probably the best for easy retrieval.

--
Lucas Tam (RE********@rogers.com)
Please delete "REMOVE" from the e-mail address when replying.
http://members.ebay.com/aboutme/coolspot18/
Nov 19 '05 #2
dee
Thanks for response.
Is hashing recommended even when database is used?

"Lucas Tam" <RE********@rogers.com> wrote in message
news:Xn***************************@127.0.0.1...
"dee" <de*@home.net> wrote in
news:uf**************@TK2MSFTNGP09.phx.gbl:
I'm writing a page withing our site that requires logins. Where should
the logins and passwords be kept? SqlServer/Access? Flat files? What
are the options and trade offs?


Anywhere you like, but you want want to hash the passwords for security.

SQL Server or Access is probably the best for easy retrieval.

--
Lucas Tam (RE********@rogers.com)
Please delete "REMOVE" from the e-mail address when replying.
http://members.ebay.com/aboutme/coolspot18/

Nov 19 '05 #3
Yes, otherwise the administrator of the database, or someone who gains
access to the database can see everyone's password in plain text.

"dee" <de*@home.net> wrote in message
news:u9**************@TK2MSFTNGP12.phx.gbl...
Thanks for response.
Is hashing recommended even when database is used?

"Lucas Tam" <RE********@rogers.com> wrote in message
news:Xn***************************@127.0.0.1...
"dee" <de*@home.net> wrote in
news:uf**************@TK2MSFTNGP09.phx.gbl:
I'm writing a page withing our site that requires logins. Where should
the logins and passwords be kept? SqlServer/Access? Flat files? What
are the options and trade offs?


Anywhere you like, but you want want to hash the passwords for security.

SQL Server or Access is probably the best for easy retrieval.

--
Lucas Tam (RE********@rogers.com)
Please delete "REMOVE" from the e-mail address when replying.
http://members.ebay.com/aboutme/coolspot18/


Nov 19 '05 #4
Hi Dee,

I really suggest you look into asp.net 2 (I am on a quest to let every living
soul upgrad to v2 so I maybe biased) :

New Security Features in ASP.NET 2.0 http://msdn.microsoft.com/library/en...asp?frame=true
22/08/2005 15:47:47
Securing ASP.NET Applications - With Less Code http://msdn.microsoft.com/library/en...asp?frame=true
22/08/2005 15:46:52
New Membership Features in ASP.NET Whidbey http://msdn.microsoft.com/library/en...asp?frame=true
22/08/2005 15:46:15

If you use v2 then:

- The choice between sql server and access is transparent (access provider
will be available after the official release but I would use sql server (express)
anyway)
- You don't write a single line of code (and as a consequence give the user
more functions like recovery, secret questions,...)
- Your solution is very safe (The passes are salted out of the box. Which
developer did this in the past? My guess is <1%)
- You will feel like an action hero and thus look cooler than your colleagues
(that's why I do it)
Cheers,
Tom Pester
Hi
I'm writing a page withing our site that requires logins. Where should
the
logins and passwords be kept? SqlServer/Access? Flat files? What are
the
options and trade offs?
Thanks.
Dee

Nov 19 '05 #5
UJ
When you say 'hash' the variable, what does that mean? I do it all manually
through triggers but is there an easier way?

TIA - Jeffrey.

"Marina" <so*****@nospam.com> wrote in message
news:%2****************@tk2msftngp13.phx.gbl...
Yes, otherwise the administrator of the database, or someone who gains
access to the database can see everyone's password in plain text.

"dee" <de*@home.net> wrote in message
news:u9**************@TK2MSFTNGP12.phx.gbl...
Thanks for response.
Is hashing recommended even when database is used?

"Lucas Tam" <RE********@rogers.com> wrote in message
news:Xn***************************@127.0.0.1...
"dee" <de*@home.net> wrote in
news:uf**************@TK2MSFTNGP09.phx.gbl:

I'm writing a page withing our site that requires logins. Where should
the logins and passwords be kept? SqlServer/Access? Flat files? What
are the options and trade offs?

Anywhere you like, but you want want to hash the passwords for security.

SQL Server or Access is probably the best for easy retrieval.

--
Lucas Tam (RE********@rogers.com)
Please delete "REMOVE" from the e-mail address when replying.
http://members.ebay.com/aboutme/coolspot18/



Nov 19 '05 #6
http://en.wikipedia.org/wiki/Hash_function

Cheers,
Tom Pester
When you say 'hash' the variable, what does that mean? I do it all
manually through triggers but is there an easier way?

TIA - Jeffrey.

"Marina" <so*****@nospam.com> wrote in message
news:%2****************@tk2msftngp13.phx.gbl...
Yes, otherwise the administrator of the database, or someone who
gains access to the database can see everyone's password in plain
text.

"dee" <de*@home.net> wrote in message
news:u9**************@TK2MSFTNGP12.phx.gbl...
Thanks for response.
Is hashing recommended even when database is used?
"Lucas Tam" <RE********@rogers.com> wrote in message
news:Xn***************************@127.0.0.1...

"dee" <de*@home.net> wrote in
news:uf**************@TK2MSFTNGP09.phx.gbl:
> I'm writing a page withing our site that requires logins. Where
> should the logins and passwords be kept? SqlServer/Access? Flat
> files? What are the options and trade offs?
>
Anywhere you like, but you want want to hash the passwords for
security.

SQL Server or Access is probably the best for easy retrieval.

--
Lucas Tam (RE********@rogers.com)
Please delete "REMOVE" from the e-mail address when replying.
http://members.ebay.com/aboutme/coolspot18/

Nov 19 '05 #7
It means encrypt it.

"UJ" <fr**@nowhere.com> wrote in message
news:uF**************@TK2MSFTNGP15.phx.gbl...
When you say 'hash' the variable, what does that mean? I do it all
manually through triggers but is there an easier way?

TIA - Jeffrey.

"Marina" <so*****@nospam.com> wrote in message
news:%2****************@tk2msftngp13.phx.gbl...
Yes, otherwise the administrator of the database, or someone who gains
access to the database can see everyone's password in plain text.

"dee" <de*@home.net> wrote in message
news:u9**************@TK2MSFTNGP12.phx.gbl...
Thanks for response.
Is hashing recommended even when database is used?

"Lucas Tam" <RE********@rogers.com> wrote in message
news:Xn***************************@127.0.0.1...
"dee" <de*@home.net> wrote in
news:uf**************@TK2MSFTNGP09.phx.gbl:

> I'm writing a page withing our site that requires logins. Where should
> the logins and passwords be kept? SqlServer/Access? Flat files? What
> are the options and trade offs?

Anywhere you like, but you want want to hash the passwords for
security.

SQL Server or Access is probably the best for easy retrieval.

--
Lucas Tam (RE********@rogers.com)
Please delete "REMOVE" from the e-mail address when replying.
http://members.ebay.com/aboutme/coolspot18/



Nov 19 '05 #8
dee
Thanks Tom

"tom pester" <To********************@pandora.be> wrote in message
news:a1***************************@news.microsoft. com...
Hi Dee,

I really suggest you look into asp.net 2 (I am on a quest to let every
living soul upgrad to v2 so I maybe biased) :

New Security Features in ASP.NET 2.0
http://msdn.microsoft.com/library/en...asp?frame=true
22/08/2005 15:47:47 Securing ASP.NET Applications - With Less Code
http://msdn.microsoft.com/library/en...asp?frame=true
22/08/2005 15:46:52 New Membership Features in ASP.NET Whidbey
http://msdn.microsoft.com/library/en...asp?frame=true
22/08/2005 15:46:15
If you use v2 then:

- The choice between sql server and access is transparent (access provider
will be available after the official release but I would use sql server
(express) anyway)
- You don't write a single line of code (and as a consequence give the
user more functions like recovery, secret questions,...)
- Your solution is very safe (The passes are salted out of the box. Which
developer did this in the past? My guess is <1%)
- You will feel like an action hero and thus look cooler than your
colleagues (that's why I do it)
Cheers,
Tom Pester
Hi
I'm writing a page withing our site that requires logins. Where should
the
logins and passwords be kept? SqlServer/Access? Flat files? What are
the
options and trade offs?
Thanks.
Dee


Nov 19 '05 #9
dee
Thanks Marina

"Marina" <so*****@nospam.com> wrote in message
news:%2****************@tk2msftngp13.phx.gbl...
Yes, otherwise the administrator of the database, or someone who gains
access to the database can see everyone's password in plain text.

"dee" <de*@home.net> wrote in message
news:u9**************@TK2MSFTNGP12.phx.gbl...
Thanks for response.
Is hashing recommended even when database is used?

"Lucas Tam" <RE********@rogers.com> wrote in message
news:Xn***************************@127.0.0.1...
"dee" <de*@home.net> wrote in
news:uf**************@TK2MSFTNGP09.phx.gbl:

I'm writing a page withing our site that requires logins. Where should
the logins and passwords be kept? SqlServer/Access? Flat files? What
are the options and trade offs?

Anywhere you like, but you want want to hash the passwords for security.

SQL Server or Access is probably the best for easy retrieval.

--
Lucas Tam (RE********@rogers.com)
Please delete "REMOVE" from the e-mail address when replying.
http://members.ebay.com/aboutme/coolspot18/



Nov 19 '05 #10
"Marina" <so*****@nospam.com> wrote in
news:uG*************@TK2MSFTNGP15.phx.gbl:
It means encrypt it.


Nope don't confuse hashes with encryption.

Encryption is a 2-way process, you can encrypt and decrypt. Hashes on the
otherhand are not decryptable (once hashed, the original data is lost).

--
Lucas Tam (RE********@rogers.com)
Please delete "REMOVE" from the e-mail address when replying.
http://members.ebay.com/aboutme/coolspot18/
Nov 19 '05 #11
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

15
Best way to remember a logged in user
by: Joshua Beall | last post by:
Hi All, What is the best way to use a cookie to remember a logged in user? Would you store the username and password in two separate cookies? Should the password be plain text? Hashed? Not...
PHP
10
Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection.
by: DC Gringo | last post by:
Using latest SP Win2k and .NET versions, I have a .NET application running on server1 with a SQL Server database running on server2. I have the Windows user account passwords sync'd for...
.NET Framework
8
user account logon from python
by: Philippe C. Martin | last post by:
Hi, I am attempting to write a linux logon manager with python. Can python access login APIs (which module ?) or do I need to write a wrapper ? Regards, Philippe
Python
5
Login failed for user '<COMPUTER_NAME>\ASPNET'
by: Matthew Louden | last post by:
I wrote ASP.NET application that access SQL Server database. When I run the application, it yields "Login failed for user '<COMPUTER_NAME>\ASPNET'" error message. I then did the following, but...
ASP.NET
19
Persisting user login credentials across pages
by: Siobhan | last post by:
Hi What is the recommended way to store a user's database credentials across the pages of a web application so that each time the database is accessed the system doesn't have to ask them for their...
ASP.NET
12
Error: Login failed for user ????
by: Michael | last post by:
Please Help me. I've got a .Net 2003 program that attaches to a SQL Server machine and I'm getting the above error when a user tries to log in. The SQL server is setup to use Windows Auth. and I...
Visual Basic .NET
2
Change domain user password?
by: J | last post by:
Hello. I apologize if this isn't the appropriate group for this question but I was wondering if it's possible to allow regular windows domain users to change their passwords through an .asp page? ...
ASP / Active Server Pages
13
JodiPhillips
Extension of LogIn Table to display form based on user status
by: JodiPhillips | last post by:
G'day, I have a silly and simple problem that I need some guidance with. Due to the way our network is set up, I am unable to use the group permissions for Access and have had to implement log...
Microsoft Access / VBA
0
Create user within the Login Control
by: TheDude5B | last post by:
Hi, I have a problem with existing customers from an old site, coming to my new asp.net 2.0 site with the user roles and membership, and trying to login with their old details. As you know,...
ASP.NET
5
topher23
Generate secure user passwords using the MD5 hash class module
by: topher23 | last post by:
I've seen a lot of questions about how to make secure database passwords. I'm going to go over a method of encrypting a password using the MD5 encryption algorithm for maximum security. First,...
Microsoft Access / VBA
0
isladogs
Access Europe: Command bars, the Access Shortcut Tool and a simple Audit Log - Wed 3 April
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...
General
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!