473,324 Members | 2,248 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,324 software developers and data experts.

Form authentication security question!


Hello,
When my users logs in to my site, an MD5 hashed value of the password is
sent to the server, and there the value is validated against a database.

What if someone catchs my hash value and also send it to my server. Will
that form manipulation succeed?
Many thansk in advance

JJ
Feb 24 '06 #1
1 879
Hi,

No, hash value of the password is created on the server after client send it
as a plaintext. The reason why are passwords stored as a hashes is to
prevent it's misuse when the database is hacked, not to transmit them
securely. So yes, form manipulation would be successfull.

Btw. I don't think that login controls would use MD5 - it's unsecure,
deprecated alghorithm.

"jens Jensen" <je**@jensen.dk> pí¹e v diskusním pøíspìvku
news:e7**************@TK2MSFTNGP15.phx.gbl...

Hello,
When my users logs in to my site, an MD5 hashed value of the password is
sent to the server, and there the value is validated against a database.

What if someone catchs my hash value and also send it to my server. Will
that form manipulation succeed?
Many thansk in advance

JJ

Feb 24 '06 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
by: Rudi Groenewald | last post by:
Hi there... I use SQL server integrated security so when a user opens a database in access it prompts the username & password in a small popup box on connection, but I'd like to use my own...
3
by: Nick | last post by:
I am working a new application...well actually a series of applications for my company. They want internal users to be able to go to a site and everything regarding security is transparent,...
4
by: Andrew | last post by:
Hey all, I would like to preface my question by stating I am still learning ASP.net and while I am confident in the basics and foundation, the more advanced stuff is still a challenge. Ok....
13
by: david | last post by:
I can not figure out what is the problem that I can protect ASP.NEt form resource but not some other type of files, for example, images. All my aspx forms located in Demo folder and image files...
3
by: JIM.H. | last post by:
Hello, I used this site to do form authentication http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secmod/html/secmod17.asp My code successfully comes to the point: if...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.