achieve password encryption

A

Anton Sommer

Hello folks,

how can I encrypt the password that an user enters in my normal login
window.


Thank you

Anton
 
P

Pete

Hi,
You might want to try this


public string GetEncryptedPassword(string sPass)

{

return
FormsAuthentication.HashPasswordForStoringInConfigFile(sPass,"sha1");

}
 
A

Anton Sommer

thank you for responding Pete,


but can you give me a few more details, I am not understanding how the
password should be encrypted client wise

thank you


Anton
 
P

Pete

Hi Anton,
Sorry I never comment code ;-(

All this does is encrypt a client passed string (password).

You could use this as follows:

1) User creates an account, you encrypt the password before storing in the
db with the userId
2) When a user logs on you encrypt the supplied (logon) password and compare
it with whats stored in the db.

All encryption is done on the server not the client so you'd be wise to use
SSL if your site has sensitive info.

Hope this helps a bit.

Pete
 
A

Anton Sommer

Thanks for responding Pete,
All encryption is done on the server not the client so you'd be wise to use
SSL if your site has sensitive info.
Click to expand...

Well I meant anyway encrypting the password on the way from the client to
the webserver, so is SSL then the only opportunity there? How could I
achieve it or are there different solutions to secure the transmission of a
password on the way from the client to the webserver.


Thanks

Anton



P.S. Ironically in my case it would help a lot to me if the browsers would
simply display the page as being secure (Key sign or locked lock sign)
 
P

Pete

Well I meant anyway encrypting the password on the way from the client to
the webserver, so is SSL then the only opportunity there? How could I
achieve it or are there different solutions to secure the transmission of a
password on the way from the client to the webserver.
Click to expand...

I'd say SSL is the way to go as any technology you employ on the client
could be
open to abuse. Besides, SSL does it all for "free" for you (apart from a
slight
performance overhead)

A client side solution would probably be script based unless your thinking
of
installing assemblies (possible if it's in the intranet though).
I think client-side code should be kept to a minimum...especially when it's
security related.

HTH

Pete
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Encryption 6
How to Create a random password generator in a separate window 4
Another Password Confirmation 2
Password confirmation issue 5
Forgot password code! 2
Unique Session IDs and password encryption in ASP.Net 2.0 1
Problem in getting dashboard page from login page in python pycharm using POST command 0
React native post-request is not working 1

Members online

No members online now.
Total: 25 (members: 0, guests: 25)
Robots: 457

Forum statistics

Threads
473,769
Messages
2,569,580
Members
45,054
Latest member
TrimKetoBoost

Latest Threads

Top