User Passwords In a Hosted Environment

Jordan · Jun 22, 2004

I'm implementing ASP.NET Forms authentication, and storing passwords in a
SQL Server database.

Just wondering what some of you who have implemented this scenario in a
hosted environment do to keep the passwords in the database "safe". Do you
store them as plain text, do you base(64) encode them? do you encrypt them?

What would you recommend for keeping user's passwords safe in a hosted
environment?

Thanks.

Steve C. Orr [MVP, MCSD] · Jun 22, 2004

The best practice is to not store the password at all, but instead store a
hash of the password.
Here's more details:
http://www.aspnetpro.com/NewsletterArticle/2003/04/asp200304so_l/asp200304so_l.asp

And here's some articles using other encryption techniques:
http://www.fawcette.com/vsm/2002_08/online/hottips/fergus/default.asp
http://www.devx.com/security/article/7019

Jordan · Jun 22, 2004

Thank You Steve and Eric. You provided exactly the type of information I was
seeking.

Steve: FWIW: the fawcett.com link you provided is dead.

How to protect files in a hosted environment?	4	Feb 28, 2005
Custom E-Mail In Hosted Environment	0	Jul 13, 2004
Best practices for using forms authentication and security in a hosted env (was: Re: Using a Forms a	1	Nov 12, 2007
SQLMembershipProvider: Comparing Hashed Passwords	7	Mar 3, 2006
Developer Environment Setup Opinions // Seeking your opinion	11	Mar 20, 2008
Clear text passwords and Oracle - arrrrrrgh - please help!	0	Jul 9, 2005
Create user within the Login Control	1	Oct 31, 2007
organizing many python scripts, in a large corporate environment.	1	Mar 12, 2011

User Passwords In a Hosted Environment

Jordan

Steve C. Orr [MVP, MCSD]

Jordan

Ask a Question

Similar Threads

Members online

Forum statistics

Latest Threads