473,387 Members | 1,834 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > hash codes of passwords as query string?

Join Bytes to post your question to a community of 473,387 software developers and data experts.

hash codes of passwords as query string?

dear all;
my simple quetion is that if we have hashed the users passwords and
stored in databases.
then can we use that hash code e.g
D52987198EA2730FD22A38E7976344D843A7FFA0
in query string. the reasion for asking is that: are generated hash
codes are always unique? so that we can use them for page navigation
like in query string.

Jul 3 '06 #1
3 1836

na********@yahoo.com wrote:
my simple quetion is that if we have hashed the users passwords and
stored in databases.
then can we use that hash code e.g
D52987198EA2730FD22A38E7976344D843A7FFA0
in query string. the reasion for asking is that: are generated hash
codes are always unique? so that we can use them for page navigation
like in query string.
Why would you ever put the password in a querystring ? It would be a
huge security problem...

Use sessions and use the sessionid for whatever you wanted to use the
password hash for. The sessionId will be unique for each user AND
change when the session expires (eg the user logs off). You could also
generate your own unique ID to use.

Jul 3 '06 #2
Theoretically it should be pretty darned secure, but why risk it when there
are such simple alternatives?
I prefer to never expose a password in any form. You could just as easily
use a SessionID or create a custom GUID that you associate with that user.
I think these techniques would be preferable.

--
I hope this helps,
Steve C. Orr, MCSD, MVP
http://SteveOrr.net
<na********@yahoo.comwrote in message
news:11**********************@a14g2000cwb.googlegr oups.com...
dear all;
my simple quetion is that if we have hashed the users passwords and
stored in databases.
then can we use that hash code e.g
D52987198EA2730FD22A38E7976344D843A7FFA0
in query string. the reasion for asking is that: are generated hash
codes are always unique? so that we can use them for page navigation
like in query string.

Jul 3 '06 #3

Steve C. Orr [MVP, MCSD] skrev:
Theoretically it should be pretty darned secure
That depends on how he plans to use the hash - if its like
"page.aspx?logged_in=true" its not even close to secure. If its just
some sort of useridentification its a little secure - it could be easy
to hijack another users profile just by changing the hash in the query.
And if it is just to identify the logged in user there is plenty of
better ways to do that.

The only way its secure is that its still pretty hard to reverse the
hash and get the actual password from it - but that might not even be
necessary.

Jul 4 '06 #4
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
password hash
by: Phil Townsend | last post by:
I have been asked to rewrite some apps that contain databases of username and passwords to store the passwords as hashes. Getting the data into a hash format is no problem. however, how do I go...
C# / C Sharp
1
Hash Passwords
by: Shapper | last post by:
Hello, I created a login system and I my passwords are being hashed. I need to check if everything is working so I need to generate some hashed passwords to replace the actual passwords I have...
ASP.NET
8
Generate hash code
by: mortb | last post by:
Hi, How do I write a GenerateHashcode function that will generate guaranteed unique hashcodes for my classes? cheers, mortb
C# / C Sharp
2
trying to get hash from os.urandom
by: Grzegorz Smith | last post by:
Hi all I'm writing small python module which will be a password generator. I read that python can use system random generator on machine whit *nix os. So i start using os.urandom and when i...
Python
3
Storing Hash Codes
by: Brian | last post by:
I know this is the wrong way to do it, but maybe someone can tell me the right way to do it... I have two different databases that I need to synchronize. The database doesn't have keys exactly,...
C# / C Sharp
0
hash codes of passwords as query string?
by: nasirmajor | last post by:
dear all; my simple quetion is that if we have hashed the users passwords and stored in databases. then can we use that hash code e.g D52987198EA2730FD22A38E7976344D843A7FFA0 in query string....
ASP.NET
1
Accessing a hash API
by: TheCite | last post by:
I am trying to make a function to hash passwords with. Here is the code: Option Compare Database Option Explicit 'function declarations Private Declare Function CryptAcquireContext Lib...
Microsoft Access / VBA
139
How to implement a Hash Table in C
by: ravi | last post by:
Hi can anybody tell me that which ds will be best suited to implement a hash table in C/C++ thanx. in advanced
C / C++
4
1-way hash
by: ChipAuger | last post by:
Hello Group, Thank you in advance to the group for all responses and help. I'm looking for a 1-way hash for storing passwords on an older embedded system that would be computationally stressed...
C / C++
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!