tryisng something like this:
[Code]....
the code raise an error which the translated version is something like "the lenght of the data to decrypt is not valid" here is my Decrypt function:
[Code]....
Not sure if I'm posting the question in the right category.
1) I'm working in a project where encryption of data is high priority. Could some one suggest what would be the best encryption method to protect data from being cracked.
I'm using TCP/IP protocol.
2) Is HTTPS totally secured. If I'm using HTTPS, does that mean that there is no encryption of data required in the coding?
I'm using the CreatUserWizard control along with my MembershipProvider. It all works fine bout a year now Recently there has been a new requirement to reserve some usernames. There is no need to go in details i think. Point is that i want to manually raise the same error the control raises when a user tries to register a username that has already been registered (i.e. DuplicateUserName) so the situation is handled the same way as when username really is a duplicate in aspMembership. Have tried differnet things with no luck, what would you advise me doing?
View 2 RepliesWhy the error does not appear at the UI layer? I am using ExecuteScaler
BEGIN CATCH
PRINT N'The transaction is in an uncommittable state. Rolling back transaction.'
ROLLBACK TRANSACTION;
DECLARE @ErrorMessage NVARCHAR(4000);
DECLARE @ErrorSeverity INT;
DECLARE @ErrorState INT;
SELECT @ErrorMessage = ERROR_MESSAGE(),
@ErrorSeverity = ERROR_SEVERITY(),
@ErrorState = ERROR_STATE();
RAISERROR (@ErrorMessage,
@ErrorSeverity,
@ErrorState);
END CATCH
I have written a stored proc for raise error.Whenever a customer checks for a record in the DB that doesn't exist in the DB he has to get an error displayed.I have written a stored proc help me on it i know it is wrong suggest me the correct one.
[Code]....
This is my format file
8.0
5
1 SQLCHAR 0 0 "," 5 LastName ""
2 SQLCHAR 0 0 "," 4 LastName ""
3 SQLCHAR 0 0 "," 2 DOB ""
4 SQLCHAR 0 0 "," 3 AdmissionNo ""
5 SQLCHAR 0 0 "
" 7 Reg ""
This is my Sp
begin
BULK
INSERT tblChild
FROM 'F:ArruniArruniRaj-NathanSchool-DocPupils.txt'
with
(
formatfile = 'c:format.txt'
)
end
This is my table structure.......
i an sending the url with some inofmation say some thing like this:
"http://localhost:4622/Emp_ResumeResult.aspx?UId=109" now if any one types 110 in place of 109 the infomration of 110 is being displayed so how can i hide this information and how can in encript and decript this issue any url or code.
I am using a Query Encryption Technique shown in Thread[URL]I am facing a problem with the above module status bar always displays real URL,& when ever i right click on page then properties than Address URL shows Real URL
View 4 RepliesI would like to use the System.Security.Cryptography to encrypt / decrypt my passwords strings for my custom membership provider login.I've read some basic article's but they don't explain much about the process in detail. I've decided to use AES because it is said to replace DES encryption. How can I encrypt and decrypt my password strings in the strongest way possible with AES? I would really like a very detailed explanation about the method to use for this task.
View 1 RepliesIf a website is already using SSL, this guarantees a secure channel between the client and the website right. If I do another encrypt on the information being transmitted via HTTP POST would this be an overkill?
View 2 RepliesI inherited a ASP.Net website. Some changes need to be implemented. The login for the application is encrypted using the md5cryptoserviceprovider class. After upgrading to 2.0, the password is no longer encrypted the same as when it was 1.1.
I left the 1.1 virtual directory and it's still working. On the same box, I loaded the 2.0 code and setup a new virtual directory (which isn't encrypting the same as 1.1).
I copied the section below from the 1.1 machine.config section into the web.config and the 2.0 machine.config.
<machineKey validationKey="AutoGenerate,IsolateApps" decryptionKey="AutoGenerate,IsolateApps" validation="SHA1"/>
Here is the code that is generating the hash.
MD5CryptoServiceProvider encryptionServiceProvider = new MD5CryptoServiceProvider();
var bytes = ASCIIEncoding.ASCII.GetBytes(inputString);
what is two way encryption and how does that work ?
View 2 RepliesI have a hex string (encrypted)I need to use Rijndael classes with these settings:
Encryption: AES
I have a problem trying to encrypt a string in PHP and also in C# using DES (cbc) encryption. The problem I'm facing is that I'm getting different results using the different languages.In C#:
[Code]....
You can see that they are close...
PHP: HLp51qoFW0rimOTafCVTVQ==
C# : HLp51qoFW0ojU8eGEGkk4w==
But something is going wrong somewhere, I suspect it's a difference between (PHP) pack("H*", '0F26EF560F26EF56') and (C#) StringToBytes.ConvertHex("0F26EF560F26EF56") but I'm really struggling to spot it.
my code:
[Code]....
I have a stored encryption: "dkljas84u238jidasjidoia"When I get in this instance decryption "11111111111111111"show how the combobox "****************** 1111 "Something like: SELECT RIGHT ('11111111111111111 ', 4)
I'm just starting to really get into JSON as a tool for my sites. I was showing my friend how I am calling a WS and returning the data, and he asked me about security of passing JSON data to and from a web service as he saw the data from the "POST" (via Firebug). Many of our public facing sites deal with member information and contain PHI. Can I encrypt the JSON data and then unencrypt it? Is that a good way to go about it to ensure a layer of protection? Or is there another "better/right" way of doing it? Or are his concerns unfounded? Is there an article about how to encrypt or secure the JSON data when needed? Just trying to gather as much knowledge as possible before I go down a path that won't work for the company.
View 4 RepliesMy website has to connect to a hosted SQL Server database. The connectiostring, incluing username and password, is stored in the web config file.I have two questions.The first is that everything I read says this must be encrypted so that it cannot be read and used by others. Well, how would that happen. My understanding of ASP.net is that all the work is carried out on the hosted server and the rendered page is then delivered to the user. How would a user be able to view my connectionstring.Secondly, I have used some msdn vb.net code to encrypt the connection string in the web config file. Following on from the first question, how can I confirm that the encryption is intact on the published web.config file.
View 7 RepliesI am creating an application that will save financial data.I am in the process of creating an architecture for this application.I am stuck deciding wether to do encryption on the application side or SQL Server side. I am planning to use AESManaged algorithm for this.My requirement is such that the ecnryption key is unique for each user (based on user's password).I am of the opinion that it should be on the application server side as it becomes easily scalable. Another attractive thing that I find is that if my frontend is Silverlight then I can pass on the actual encryption load onto the client system.
View 7 RepliesI am trying to use both .NET Cryptography as well as SQL Symmetric Encryption with Triple DES, if it's possible. I was able to set up a test database with encryption on a single field like so:
[Code]....
I am using this because of SQL Reportas that are being ran and I don't have access to C# development within them. Now to insert the encrypted key what do I use? I found the following code on another post http://forums.asp.net/p/902066/1000988.aspx#1000988:
[Code]....
How do I modify OR what code do I use to Encrypt/Decrypt the SQL Encryption, does the SQL Encryption method need to change..Is it even possible?
I'm trying to encrypt username and password using a key file generated using enterprise library and every thing works fine, but the problem is that key can only be used on the mashine on which i have generated the key,eithor by machine mode or user mode, i want to ask if their any way to use encryption without using a key file ...
for example by machine key in web config..
I am trying to encrypt my passwords and store in database..i want to know which is the latest one..
View 2 Replieshow to encrypt a PIN in to 4 byte binary. The MD5 and other hashes I have known give the result as 8 or 16 byte. I need only 4 bytes because it is alloted only varchar(4) in the database.
View 3 RepliesI am trying to encrypt/decrypt a file with CAPICOM in javascript. I have to encrypt file with private key and decrypt with public key. But I dont know how to do this with CAPICOM.
View 1 RepliesThis is meant to be easy ...so ive been told, but still cant get it to work!I have a sql database hosted on a shared server which requires the use of sql authentication.As a result I require to encrypt my sensitive data in the config (connection strings etc).I understand that you can do this using aspnet_regiis etc, but ive been told that as I have no direct acccess to the server, I may need to program the encryption.
I have seen a few examples, but as a novice I have been banging away at this, looking at an errors screen most of the time!
I need to get message integrity by encrypting the data while dataflow between Service <-> client (by directional). Below are the details.
Development Environment: .net framework 4.0; Windows 7, IIS7, VS2010.
Production Environment: .net framework 4.0; Windows 2008, IIS7.
Business Requirement:
I have an WCF Service hosted in IIS7. There are multiple Windows Forms Application as clients to my service. Services will be consumed via internet.User, Role information are stored in SQL Server 2008 database. Need to Authenticate and Authorize requests agains the SQL Server database. Dataflow is bi-directional. Clients will write data to service. And also Service will serve data to clients Data transfered in wires must be encrypted, in both directions. My approch to solution:
Below is the configuration setting in Service web.config file.
<system.serviceModel> <bindings> <wsHttpBinding> <binding name="POCWsHttpBinding"> <security mode="Message"> <message clientCredentialType="UserName" negotiateServiceCredential="true" /> </security> </binding> </wsHttpBinding> </bindings> <services> <service behaviorConfiguration="POCServiceBehaviour" name="SecurityPOC.SecuredService"> <endpoint address="" binding="wsHttpBinding" bindingConfiguration="POCWsHttpBinding" name="POCwsHttpBindingEndPoint" contract="SecurityPOC.ISecuredService" /> </service> </services> <behaviors> <serviceBehaviors> <behavior name="POCServiceBehaviour"> <serviceMetadata httpGetEnabled="true" /> <serviceDebug includeExceptionDetailInFaults="false" /> <serviceCredentials> <serviceCertificate findValue="CN=WCFServer" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectDistinguishedName" /><userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="Common.MyCustomUsernamePasswordValidator, Common" /> </serviceCredentials> </behavior> </serviceBehaviors> </behaviors> <serviceHostingEnvironment multipleSiteBindingsEnabled="true" /> </system.serviceModel>
Questions & Assumptions:
My assumption is that, client certificate is used for authentication. I am not using Certificates at Client side, becuase my client authentication will be done using UserNameValitions against the Database.
Am I write? Using only Server side Certificate, with negotiateServiceCredential="true".
Is it required is install Server certificate on client machines in this case?
I am assuming Server Certificate details will be downloaded to client site during the first call..
<security mode="Message">,
Assuming this setting takes care about the message security/encryption using the Server certificate, in both directions. As per my requirement, message must encryped on wire while tranfer between Server to client and while Client to Server.
Am I write?
My Last question...How to ensure that messages are being encripted on both directions, from Testing point-of-view. I need to take test evidences out of it.