i have application whiwh uses username and password for each user ..
All is in Microsoft access base on user's hard drive..
How can I protect that database from preveting user viewing it...or how can I prtect passwords?
maybe by cripting them?
how? any link or explanation would be great..
I'm using .NET C#, Framework 1.1
BR
13  1511 
Alfa,
You shouldn't encrypt passwords period. With enough time and processing
power, someone will break it (although some algoritms are more likely to be
broken than others).
What you need to do is use a hash. Take a hash of the password and then
recreate it when people log in. If the hashes match, then you can allow
them to log in. The reason a hash works is that you can not recreate the
password from the hash, it is a one-way transformation.
Hope this helps.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard. caspershouse.co m
"Alfa & Omega" <al*****@gmail. comwrote in message
news:ea******** **@ss408.t-com.hr...
>i have application whiwh uses username and password for each user ..
All is in Microsoft access base on user's hard drive..
How can I protect that database from preveting user viewing it...or how
can I prtect passwords?
maybe by cripting them?
how? any link or explanation would be great..
I'm using .NET C#, Framework 1.1
BR
Alfa & Omega wrote:
i have application whiwh uses username and password for each user ..
All is in Microsoft access base on user's hard drive..
How can I protect that database from preveting user viewing it...or how can I prtect passwords?
maybe by cripting them?
how? any link or explanation would be great..
Not crypting, but hashing them : Take the clear password, give it to an
hash algorithm (SHA-1 for example) and store the resulting hash in the
database. When you want to check a user-supplied password, hash it
using the same algorithm and compare the 2 hashed values (the one you
just computed and the one stored int he database).
Arnaud
MVP - VC
<ad******@clu b-internet.frwrot e in message
news:11******** **************@ 75g2000cwc.goog legroups.com...
|
| Not crypting, but hashing them : Take the clear password, give it to an
| hash algorithm (SHA-1 for example) and store the resulting hash in the
| database. When you want to check a user-supplied password, hash it
| using the same algorithm and compare the 2 hashed values (the one you
| just computed and the one stored int he database).
|
Thanks for advices, adebaene and Nicholas....
That's all I need..but I just found this: http://www.codeproject.com/cpp/rehash.asp http://www.codeproject.com/dotnet/HackingMd5.asp
md5 cracked or it's fake??
BR
Igor
"Alfa & Omega" <al*****@gmail. coma écrit dans le message de news:
ea*********@ss4 08.t-com.hr...
<ad******@clu b-internet.frwrot e in message
news:11******** **************@ 75g2000cwc.goog legroups.com...
|
| Not crypting, but hashing them : Take the clear password, give it to an
| hash algorithm (SHA-1 for example) and store the resulting hash in the
| database. When you want to check a user-supplied password, hash it
| using the same algorithm and compare the 2 hashed values (the one you
| just computed and the one stored int he database).
|
Thanks for advices, adebaene and Nicholas....
That's all I need..but I just found this:
http://www.codeproject.com/cpp/rehash.asp
http://www.codeproject.com/dotnet/HackingMd5.asp
md5 cracked or it's fake??
MD5 is known to have a few weaknesses, that's why I suggested SHA-1.
Arnaud
MVP - VC
<ad******@clu b-internet.frwrot e:
How can I protect that database from preveting user viewing it...or how can I prtect passwords?
maybe by cripting them?
how? any link or explanation would be great..
Not crypting, but hashing them : Take the clear password, give it to an
hash algorithm (SHA-1 for example) and store the resulting hash in the
database. When you want to check a user-supplied password, hash it
using the same algorithm and compare the 2 hashed values (the one you
just computed and the one stored int he database).
Note that there are times when you *do* want to store an encrypted
password. Web browsers do it all the time, for instance - they save
passwords from forms, and need to present the same password later on.
Likewise Eclipse remembers my Subversion password.
I believe the Windows Cryptography API allows this to be tied closely
and reasonably safely to the current user.
If you only need to *verify* passwords, however, hashing is the right
way to go.
--
Jon Skeet - <sk***@pobox.co m> http://www.pobox.com/~skeet Blog: http://www.msmvps.com/jon.skeet
If replying to the group, please do not mail me too
Alfa & Omega <al*****@gmail. comwrote:
i have application whiwh uses username and password for each user ..
All is in Microsoft access base on user's hard drive..
How can I protect that database from preveting user viewing it...or how can I prtect passwords?
maybe by cripting them?
You shouldn't use a cipher, but rather a hash .. unless you want the password
to be recoverable, but that is less secure.
Use an MD5 has to hash the password. Then, when a user types their password,
you run the MD5 has of that password and compare the result to what is in teh
database.
The reason a hash is better than crypto (like DES) is that it is a one way
algorithm, so there is no chance of somebody stealing the database and
recovering all the passwords from it. With a cipher, they are subject to
brute force hacks.
--
Thomas T. Veldhouse
Key Fingerprint: 2DB9 813F F510 82C2 E1AE 34D0 D69D 1EDC D5EC AED1
Arnaud Debaene <ad******@clu b-internet.frwrot e:
>
MD5 is known to have a few weaknesses, that's why I suggested SHA-1.
Out of curiosity, what weaknesses? My FreeBSD boxes use them to great effect.
--
Thomas T. Veldhouse
Key Fingerprint: 2DB9 813F F510 82C2 E1AE 34D0 D69D 1EDC D5EC AED1
Thomas T. Veldhouse wrote:
Arnaud Debaene <ad******@clu b-internet.frwrot e:
>MD5 is known to have a few weaknesses, that's why I suggested SHA-1.
Out of curiosity, what weaknesses? My FreeBSD boxes use them to great effect.
md5 has been proven to have collisions. ie two values producing the same
hash.
Same for sha1, I believe that sha256 is recommended (over sha1) at the
moment.
In reality the chances are infinitesimally small of a collision actually
happening but if we can easily code around even that small chance then
why not.
Do a google search on sha1 collision and md5 collision for more info.
JB
Alfa & Omega wrote:
i have application whiwh uses username and password for each user ..
All is in Microsoft access base on user's hard drive..
How can I protect that database from preveting user viewing it...or how can I prtect passwords?
maybe by cripting them?
how? any link or explanation would be great..
I'm using .NET C#, Framework 1.1
BR
As well as what everyone else has said about using hashes, consider a
good salting scheme as well, so that two same passwords do not produce
the same hash.
JB This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: siliconmike |
last post by:
Is there a way to protect data files from access by root ?
I have a data-centered website and would like to protect data piracy
from any foot-loose hosting company employee.
Any ideas?
Thanks
Mike
|
by: Dakkar |
last post by:
i saw something named obfuscator and its decompiling the source code
of my program which written in c# and my program includes mysql root
password inside of it
is there anyway to protect my program against this decompilers.
Thanks
Posted Via Usenet.com Premium Usenet Newsgroup Services
----------------------------------------------------------
** SPEED ** RETENTION ** COMPLETION ** ANONYMITY **
|
by: Brent Burkart |
last post by:
I want to protect my website with a user and password. I have SQL Server
2000 where I want to store the users and passwords and the website is
complete. I just need to add in some security with password protection.
Can anyone help me out?
|
by: SpIcH |
last post by:
Hi All,
This is all about protecting my data in Executable file.
I have developed a program in Visual Basic .NET 2002. I have many
questions in mind... please help me to complete my project.
1. I have very much data to be incorporated into the executable file. I
have to add much data into my developed program into 2 Combo Boxes and 1
List Box control. For that i have created an xml element with all of the
|
by: Dino Buljubasic |
last post by:
Hi,
My application is extensivelly querying a remote server. Somebody
sniffing the traffic could eventually find out all important
information such as passwords (from users in datatables as sell as the
password and user name used in connectiong string to that server.
How can I protect my self from this?
Thank you
| | |
by: teejayem |
last post by:
Hi,
I am new to programming with databases and was wanting some help.
Is there any way to password protect an access database and access
sent sql commands to it via vb.net code?
Any help would be much appreciated.
Thanks in advanced.
|
by: Simon.Whiteside |
last post by:
If someone has created a database for me and transferred it over is
there any way that I can check I have full access to all areas?
I am a beginner with Access and so the development has been done by a
temporary employee who has now handed the database over to me. Not
that I think he is an untrustworthy character but I would sleep easier
at night if I could check he has given me 100% of the database and
three months down the line I am...
|
by: Mike |
last post by:
Hi,
If protect MS Access with password it doesn't mean to much. On
internet, we can find plenty tools for opening forgotten passwords
etc.
I have a small c# aplication wit large amount of data and I can not
begin with selling process with protection like that.
What I should do, is there some example of encryption data within db
|
by: cefrancke |
last post by:
I have a few tables with sensitive user information (passwords, etc.)
and I would like to prevent someone from opening a blank database and
importing those tables.
Is there a way to "hide" or protect these tables from being linked or
imported?
TIA
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| | |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
| | |
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
