Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > Storing passwords in database

Reply
Thread Tools

Storing passwords in database

 
 
VB Programmer
Guest
Posts: n/a
 
      11-29-2004
I am using SQL Server as the database for my ASP.NET app.

I have a users table with a password field. What is the best way to encrypt
it before it goes into the table, then decrypt it to read the value? Any
sample code or links would be helpful.

Thanks!


 
Reply With Quote
 
 
 
 
John M Deal
Guest
Posts: n/a
 
      11-29-2004
You shouldn't encrypt or decrypt it at all. What you should do is create
a hash of the password value and then store it in the database. The next
time the user tries to logon you should hash the password they entered
and compare it to the stored hash, if they are the same then the user
entered the proper password. This helps prevent anyone with access to
your database (for legitimate or other wise) purposes from figuring out
people's passwords (as the hash can not be reversed). You may also
consider salting the password when hashing it.

Here's one site with some info:

http://www.ondotnet.com/pub/a/dotnet...chap01/?page=2

others can be located using a search on google for:

dotnet password hash salt

Hope this helps.

Have A Better One!

John M Deal, MCP
Necessity Software


VB Programmer wrote:
> I am using SQL Server as the database for my ASP.NET app.
>
> I have a users table with a password field. What is the best way to encrypt
> it before it goes into the table, then decrypt it to read the value? Any
> sample code or links would be helpful.
>
> Thanks!
>
>

 
Reply With Quote
 
 
 
 
Vaibhav
Guest
Posts: n/a
 
      11-29-2004
Try using .Net Crypto API . it provides the best tested algorithams for
encryption.


Try using trusted_connection=true; in the web.config file instead of using
sql connection string with username and password

HTH


"VB Programmer" <Dont*NoSpam-Please*@jEmail.com> wrote in message
news:(E-Mail Removed)...
>I am using SQL Server as the database for my ASP.NET app.
>
> I have a users table with a password field. What is the best way to
> encrypt it before it goes into the table, then decrypt it to read the
> value? Any sample code or links would be helpful.
>
> Thanks!
>



 
Reply With Quote
 
Steve C. Orr [MVP, MCSD]
Guest
Posts: n/a
 
      11-29-2004
I agree with John that hashing is preferable. Most programmers would
consider it to be the best practice.
Here's an example for you:
http://www.aspnetpro.com/NewsletterA...200304so_l.asp

--
I hope this helps,
Steve C. Orr, MCSD, MVP
http://Steve.Orr.net


"VB Programmer" <Dont*NoSpam-Please*@jEmail.com> wrote in message
news:(E-Mail Removed)...
>I am using SQL Server as the database for my ASP.NET app.
>
> I have a users table with a password field. What is the best way to
> encrypt it before it goes into the table, then decrypt it to read the
> value? Any sample code or links would be helpful.
>
> Thanks!
>



 
Reply With Quote
 
Andy G
Guest
Posts: n/a
 
      11-29-2004
I just finished programming the same thing that you want to do and I used,

http://msdn.microsoft.com/library/de...SecNetHT03.asp

That's all you will need, follow it step-by-step, by far the most secure
password handling out there using the SHA-1 type.


"VB Programmer" <Dont*NoSpam-Please*@jEmail.com> wrote in message
news:(E-Mail Removed)...
> I am using SQL Server as the database for my ASP.NET app.
>
> I have a users table with a password field. What is the best way to

encrypt
> it before it goes into the table, then decrypt it to read the value? Any
> sample code or links would be helpful.
>
> Thanks!
>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Database Database Database Database scott93727@gmail.com Computer Information 0 09-27-2012 02:43 AM
DataBase DataBase DataBase DataBase scott93727@gmail.com Computer Information 0 09-26-2012 09:40 AM
User Images: Storing in Files VS Storing in Database Jonathan Wood ASP .Net 1 06-02-2008 05:56 PM
solutions for storing passwords on a computer matt Computer Security 9 11-10-2005 04:31 AM
storing`passwords in cookies Jason ASP .Net 1 12-29-2003 02:26 PM



Advertisments