Form Authentication?

Discussion in 'ASP .Net Security' started by Sulaiman, Oct 19, 2007.

  1. Sulaiman

    Sulaiman Guest

    Please correct me if I am wrong here,
    When we put the username/password in the Form Authentication Web
    application, usually the username/password is stored in the cleartext, in the
    client memory space. So what happen is that in the public computer, a hacker
    can run a program like Winhex to read the memory space and get the
    username/password.

    Now is there something that we can do on the Server side to prevent this
    sort of things? I knew that this is in client boundary, but hashing the
    username/password using javascript will make any different?

    I was thinking maybe
    example
    HTTP REQUEST
    HTTP.....
    username:abc
    password:test123

    if we use JavaScript to Hash the username/password
    the HTTP request that come will be like
    HTTP...
    username:hash...
    password:hash...

    Will it work? or is there any better way to do it?
     
    Sulaiman, Oct 19, 2007
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Li Zhang
    Replies:
    4
    Views:
    6,110
    softip
    Feb 27, 2009
  2. Dom
    Replies:
    0
    Views:
    473
  3. Dom
    Replies:
    0
    Views:
    518
  4. Max
    Replies:
    2
    Views:
    1,122
  5. kitchai yong via .NET 247

    authenticate win32 form client with form based authentication web services

    kitchai yong via .NET 247, May 13, 2004, in forum: ASP .Net Web Services
    Replies:
    1
    Views:
    236
    Jan Tielens
    May 13, 2004
Loading...

Share This Page