if I complete a form, the data will be sent to the server as raw plain text which could be read by sniffers.
I want to encrypt form's data client-side (like username, password,...) and then send them to the server.
It seems that there are two ways:
1- Using SSL (in my scenarion, I can't use)
2- Using custom ActiveX control.
3- Using server side dynamic javascript encryption function.
Not sure if I'm posting the question in the right category.
1) I'm working in a project where encryption of data is high priority. Could some one suggest what would be the best encryption method to protect data from being cracked.
I'm using TCP/IP protocol.
2) Is HTTPS totally secured. If I'm using HTTPS, does that mean that there is no encryption of data required in the coding?
I have to make changes to classic asp website where once a button is clicked it autologins to a third party website with a intermediate page that warns that you are logging in to a third party website.
The thirdparty is providing us with a username and password and gave us an examle javascript to encode the password to send to them. Now where do I store the userid and password. I cannot execute the javascript on the serverside. It has to go to the client. If the asp page which has the encryption javascript goes to the client side then the source can be viewed and the username and password is given out.
Is there a way that I can have hidden asp page whose only job is to encrypt the password and create a new url and auto redirect it to that new url.
So when the user clicks ok on the intermediate warning page I redirect it to this hidden asp page which does the encryption and a creates a url for get method and redirects to that page.
I am a novice as far as java script and classic asp is concerned.
When you need to store sensitive data such as CCs or SSNs, do you:1) Build your own encryption routine within the application, define a secret key somewhere in a config file, and then manually encrypt/decrypt data going to the database.2) Push all the problem to the database, using the built in DB capabilities (I think most vendors call it Transparent Database Encryption).What trade-offs have you find for your solution? Does writing your own routine perform poorly when compared to TDE? Is code maintainability, or conversely DB vendor lock-in an issue?
View 3 Repliesexplain me Secure Socket Layers (SSL) and how it provide the functionality of encryption and decryption of data ?
View 1 RepliesI have a URL like this: [URL]How it could encrypt and decrypt the parameters of a URL ?. how to achieve this task
View 5 RepliesI have web.config file and it is encrypted completely and hosted in one server,Now I got one requirement to change admin person mail id. So I need to decrypt the web.config file and update the mail id then encrypt the config file again. Please tell me how to do this using aspnet_regiis -pdf commands?
View 1 RepliesI am passing values through query string. I want to restrict the user to modify the url to get the unauthorized permissions.I want to encrypt the url so that user can not understand and decrypt and use in the code.How can i do this.If there is any method to restrict the user to modify the url,
View 2 RepliesI am using this method to encrypt password.. When user enters special characters it gives an error.. Method below :
private string base64Decode(string sData) {
string result=null;
try
{
System.Text.UTF8Encoding encoder = new System.Text.UTF8Encoding();
System.Text.Decoder utf8Decode = encoder.GetDecoder();
[Code] ....
I was able to encrypt the password and save it in the database but I need to encrypt the password now when the users try to login. For example, user comes and types his/her username and password but the password is already encrypted in the database, how can I decrypt and authenticate the user?
protected void ValidateUser(object sender, EventArgs e)
{
int userId = 0;
string constr = ConfigurationManager.ConnectionStrings["constr"].ConnectionString;
using (SqlConnection con = new SqlConnection(constr))
{
using (SqlCommand cmd = new SqlCommand("Validate_User"))
[code].....
here is the decrypt function
private string Decrypt(string cipherText)
{
string EncryptionKey = "MAKV2SPBNI99212";
byte[] cipherBytes = Convert.FromBase64String(cipherText);
using (Aes encryptor = Aes.Create())
[Code]......
How do I encrypt the URL while navigating in asp.net 3.5 ?
View 3 RepliesI am using a Query Encryption Technique shown in Thread[URL]I am facing a problem with the above module status bar always displays real URL,& when ever i right click on page then properties than Address URL shows Real URL
View 4 RepliesI would like to use the System.Security.Cryptography to encrypt / decrypt my passwords strings for my custom membership provider login.I've read some basic article's but they don't explain much about the process in detail. I've decided to use AES because it is said to replace DES encryption. How can I encrypt and decrypt my password strings in the strongest way possible with AES? I would really like a very detailed explanation about the method to use for this task.
View 1 RepliesA few years ago, when first being introduced to ASP.net and the .NET Framework, I built a very simple online file storage system.This system used Rijndael encryption for storing the files encrypted on the server's hard drive, and an HttpHandler to decrypt and send those files to the client. Being one of my first project with ASP.net and databases, not understanding much about how the whole thing works (as well as falling to the same trap described by Jeff Atwood on this subject), I decided to store freshly generated keys and IVs together with each file entry in the database.
To make things a bit clearer, encryption was only to protect files from direct access to the server, and keys were not generated by user-entered passwords. My question is, assuming I don't want to keep one key for all files, how should I store encryption keys for best security? What is considered best practice? (i.e: On a different server, on a plain-text file, encrypted). Also, what is the initialization vector used for in this type of encryption algorithm? Should it be constant in a system?
I was told that there's an encryption library I can use and there's a couple that I can choose from (eg. AES, RSA, etc). I also read something about keys. Are keys something you just generate so you can encrypt and decrypt a series of texts? Do you have to purchase that key? Also, is there a best practice that I need to be aware of in encrypting and decrypting? Is encrypting a password recommended? Would performance be affected?
View 3 RepliesIf a website is already using SSL, this guarantees a secure channel between the client and the website right. If I do another encrypt on the information being transmitted via HTTP POST would this be an overkill?
View 2 RepliesI am encrypting data (health care industry) using the aes encryption classes in the .net framework. What are some of the recommended locations for safely storing the key? I have it in the web.config for development, but that does not feel production worthy, to say the least.
View 4 RepliesI am struct in a bad sitiation. I have developed my whole application and at the end client requested that they want encrypted URLs :(. Now application is in a state where I can not encrypt URL on individual pages.Is there any module through which I can add URL encryption throughout my website without changing the application as application code is 100% verified from Q/A.
View 1 RepliesI inherited a ASP.Net website. Some changes need to be implemented. The login for the application is encrypted using the md5cryptoserviceprovider class. After upgrading to 2.0, the password is no longer encrypted the same as when it was 1.1.
I left the 1.1 virtual directory and it's still working. On the same box, I loaded the 2.0 code and setup a new virtual directory (which isn't encrypting the same as 1.1).
I copied the section below from the 1.1 machine.config section into the web.config and the 2.0 machine.config.
<machineKey validationKey="AutoGenerate,IsolateApps" decryptionKey="AutoGenerate,IsolateApps" validation="SHA1"/>
Here is the code that is generating the hash.
MD5CryptoServiceProvider encryptionServiceProvider = new MD5CryptoServiceProvider();
var bytes = ASCIIEncoding.ASCII.GetBytes(inputString);
what is two way encryption and how does that work ?
View 2 RepliesI have an MVC2 .NET 4.0 app, hosted on TFS 2008 (soon to be TFS 2010) that uses connection strings in web.config to connect to a database on another server. I need to encrypt these connection strings.
As I understand it, I can use aspnet_regiis.exe to encrypt the connectionstring portion of the web.config file, but I have to do it on the deployment machine because the encryption uses the machine name to generate the encryption key.
Now, it seems to me that this represents a problem - every time I deploy my code to the dev server won't it overwrite the web.config file, and need to be re-encrypted? This sort of manual process seems kludgy.
Is my understanding about needing to re-encrypt after deployment correct? If so, is there some way to automate this process? I don't want to forget this or get a new team member who doesn't know the process and have the connectionstring exposed to the world.
I have a hex string (encrypted)I need to use Rijndael classes with these settings:
Encryption: AES
I have a problem trying to encrypt a string in PHP and also in C# using DES (cbc) encryption. The problem I'm facing is that I'm getting different results using the different languages.In C#:
[Code]....
You can see that they are close...
PHP: HLp51qoFW0rimOTafCVTVQ==
C# : HLp51qoFW0ojU8eGEGkk4w==
But something is going wrong somewhere, I suspect it's a difference between (PHP) pack("H*", '0F26EF560F26EF56') and (C#) StringToBytes.ConvertHex("0F26EF560F26EF56") but I'm really struggling to spot it.
i an sending the url with some inofmation say some thing like this:
"http://localhost:4622/Emp_ResumeResult.aspx?UId=109" now if any one types 110 in place of 109 the infomration of 110 is being displayed so how can i hide this information and how can in encript and decript this issue any url or code.
my code:
[Code]....
I have a stored encryption: "dkljas84u238jidasjidoia"When I get in this instance decryption "11111111111111111"show how the combobox "****************** 1111 "Something like: SELECT RIGHT ('11111111111111111 ', 4)