i want to encrypt the password by using the encryption algorithm dll uploaded by the user. is it possible to do the action. how can i call the method used by the user to create the dll.
View 1 RepliesNot sure if I'm posting the question in the right category.
1) I'm working in a project where encryption of data is high priority. Could some one suggest what would be the best encryption method to protect data from being cracked.
I'm using TCP/IP protocol.
2) Is HTTPS totally secured. If I'm using HTTPS, does that mean that there is no encryption of data required in the coding?
I have a page that will receive an encrypted query string containing a user name, password & jobId, the problem is I don't want someone to be able to grab the encrypted url (browser history) and reuse it, so it has to change each time the page is requested.
The only way I can think of doing this is by having an encryption key associated with the the job and then change it after each time the page is requested. The client would either request the key or the entire url from a web service residing on my server.
Is this the best way to do this?
Is there a mutating encryption method out there I could use "out the box"?
I heard that .NET framework will encrypt the ViewState using SHA1 or some other algorithm. So if i know the SHA1 encryption and decryption algorithm can i tamper a ViewState?I mean a malicious user studies SHA1 encryption algorithm,if he understand that algorith and develops decryption algorithm ,will it open the road of viewstate tampering? or SHA1 or other algorithm uses any random tricks for encryption and decryption?
View 1 RepliesI have to Encrypt and Decrypt Back the Password field in sql server i have used the pwdencrypt and pwdCompare() but i dont have to compare but i have to display the password back using the Decrypt technique Is there any algorithm which i can use only for encryption and decryption of password field?
View 4 RepliesI have a problem with changing the password from Microsoft Access Database. I get an Error "No data exists for the row/column". The password in the database is encrypted and when I change the password it should be decrypting the password and new password should be updated with encryption again. I have following Encryption and Decryption Function:
Code:
Imports System.Collections.Generic
Imports System.Linq
Imports System.Web
Imports System.Text
[code]....
can I change the password algorithm and still use the sqlMembershipProvider or do I have to create a new sqlMembershipProvider. If so, are they any step by step tutorials on how to do that.
View 1 RepliesI want to know how can I protect my password in login & register pages because I am not using .net's Login or CreateUserWizard controls.I want an encryption method for this process e.g. when storing password in the database form the register page and when comparing the password with stored password in database to varify a user in login page.
View 3 RepliesJust a quick question i've been asked to look at enhancing security but encrypting passwords we store in a db table, essentially the data thats linked to the user account isnt sensitive however its more to stop someone reading passwords out of the table directly etc
I've read multiple ways of implimenting hashing etc i've started using FormsAuthentication.HashPasswordForStoringInConfigFile
//create new salt and update the password
Hashtable newInfo = new Hashtable();
newInfo["salt"] = GenerateFriendlyPassword(5);
string tmppass = FormsAuthentication.HashPasswordForStoringInConfigFile(txtNewPass1.Text.ToString() + newInfo["salt"].ToString(), "SHA1");
newInfo["passwordHash"] = tmppass;
Generate friendly password returns a 5 char string based on a random position in a valid char array containing a - z and 0 - 9At present the functionality is at page level in the code behind, re this is the forms authentication HashPasswordForStoringInConfigFile function thread safe? Or do i need to look at implimenting this in a different wayCheers appreciate your response as im always jubious about multi threading etc,
Can anyone help with best practice for storage of database passwords/connectionstrings for ASP.NET applications? Most tutorials suggest storing the connection string (along with the password) in Web.config. I don't like this solution because the connectionstring is visible to anyone working on the application (although I appreciate it is secured from the consumer). You can use aspnet_regiis to encrypt sections of Web.config, but then surely anyone with access to the web server could easily decrypt it anyway. For an enterprise level application what should I be doing?I could store it in Web.config and encrypt with my own key, but then would that offer any advantage over aspnet_regiis, because the key would have to reside on the web server anyway?
View 1 Replieshow can i encrypt password field in asp.net mvc to be store in encrypted form
View 2 RepliesI am using a custom membership provider with a custom ValidateUser method. The ValidateUser sends and additional parameter to authenticate my users (Username, Password, and Dealer). I created a custom stored procedure for ValidateUser to call. I copied over all my users from another table and encrypted all the passwords in the aspnet_membership table using the code below. My question is, how do I take the password the user enters in the login form and validate that against what is in my aspnet_membership Here is the code I used to encrypt the passwords (not even sure this was the right way to encrypt. Please tell me if I did this wrong):
public static string EncodePasswordNow(string originalPassword)
{
Byte[] originalBytes;
[code]...
I have a website which has reference to a service layer through which it calls the procedures.I have a web.config file in my service layer.I want to know is that possible to encrypt the database password alone in connection string.if so how it could be done using Enterprise library 5.0.And whether encrypted password should be decrypted before procedure call or it would automatically take decypted value for procedure call.
View 1 RepliesI have to make changes to classic asp website where once a button is clicked it autologins to a third party website with a intermediate page that warns that you are logging in to a third party website.
The thirdparty is providing us with a username and password and gave us an examle javascript to encode the password to send to them. Now where do I store the userid and password. I cannot execute the javascript on the serverside. It has to go to the client. If the asp page which has the encryption javascript goes to the client side then the source can be viewed and the username and password is given out.
Is there a way that I can have hidden asp page whose only job is to encrypt the password and create a new url and auto redirect it to that new url.
So when the user clicks ok on the intermediate warning page I redirect it to this hidden asp page which does the encryption and a creates a url for get method and redirects to that page.
I am a novice as far as java script and classic asp is concerned.
Before I continue I'm going to let everybody know that I am not trying to follow a traditional .Net Membership Provider. I'm attemping to write my own Membership Provider which does not extend the default .Net Membership Provider b/c I feel that in areas it can become extremely cumbersome. Please keep this in mind before responding. Also keep in mind that I am trying to learn from this experience, not find an easy solution for some client's application.I am writing a custom membership provider that has password formatting functionality similar to .Net's default membership provider. I'm looking for soe good/easy examples of ways to encrypt/decrypt or hash password values. I previously tried going the RSA route, but got stuck when I had to Import an RSAParameter and was unsure of how to generate a RSAParameter.
I would like to have both Hashing and Encryption available, but only need Encryption. I'm also looking for a very strong encryption. I'm storing the password format in an external .xml file (similar to how the web.config stores the password format for .Net's Membership Provider) which will become manageable from the administrative side of my webapplication.If anybody knows of any existing Encryption libraries that may provide assistance, please feel free to post links. I only ask that they be open source solutions so I can see how they went about doing this.
I am using this method to encrypt password.. When user enters special characters it gives an error.. Method below :
private string base64Decode(string sData) {
string result=null;
try
{
System.Text.UTF8Encoding encoder = new System.Text.UTF8Encoding();
System.Text.Decoder utf8Decode = encoder.GetDecoder();
[Code] ....
i have mail setting in web.config
[Code]....
Now how i encrypt only the Password ?
I designed a website, in login page username and password should be encrypted and sent to server for validation. How to do this.
View 5 Replieshow to Encrypt and Decrypt Password?
I want to store the password in database by encrypting it and want to decrypt when user will log in on to the application.
I there any common in built class to encrypt password in java(black berry, android api) and objective c(iphone). I heard about Md5 but don't know whether it is available for all these languages.
Bajrang Singh
Using .net 2.0 (VS2005)
How to encrypt Password using query string in asp.net c#
View 1 RepliesFor our website, we have decided we would like to maintain our user passwords as encrypted binary data in our database. We are using ASP.NET 3.5 to host our site and SQL Server Express 2008 for the database, both running on the same server. When a user logs in and submits a username and password, there will need to be some sort of encryption or decryption in order to verify the credentials. To me, it would appear that there are 3 ways to do this:
1)[C# Encyrption] On User creation, perform encryption in the Web App and submit the encrypted password to the database. To verify credentials at Login, perform the same encryption on the submitted password and ensure that it matches the value stored in the database.
2)[SQL Encryption] On User creation, submit the plain-text password to the database and have it perform one of the SQL encryption variants during INSERT. To verify credentials at Login, have the database perform decryption on the password during the SELECT statement, and compare the plain-text submitted password to the one in the database.
3)[Mix] On User creation, submit the plain-text password to the database, and have it perform one of the SQL encryption variants during INSERT. To verify credentials at Login, perform the same encryption algorithm used by SQL on the submitted password ( is this possible? ), and ensure that it matches the value stored in the database.
Does anybody have an opinion as to which of these options is best? Number 1) is the most familiar to me, and would be the easiest to use with LINQ to SQL ( which is our current data model ), so I am leaning towards that. But if there are better options I would love to know about them.
<system.net>
<mailSettings>
<smtp from="email@domain.com" deliveryMethod="Network">
<network clientDomain="www.domain.com" host="smtp.live.com" defaultCredentials="false" port="25" userName=" email@domain.com " password="password" enableSsl="true" />
</smtp>
</mailSettings>
</system.net>
This is the case where I need encryption for my password. I searched and googled much on the web but I can't be able to encrypt anymore.
how encrypt log in password but cannot descrypt back.
View 4 RepliesI have the following requirement:
- During client registration, the password must be client side encrypted with SHA1 algorithm and stored in the DB
I have done that before using javascript on the client side. But it was a non MVC web app. I know I can use js again, but I'm trying to find a better approach.Using https or not is not depending on our development side, so we can not change the requirement.