Security
-
Hi I currently have a web application that presents a user with a username and password box (text boxes) - once the user registers their password is encrypted and stored in a database. My question is this - the password is sent from their machine to the server in plain text. Is there a simple way of encrypting the form without using javascript to make it more difficult for their password to be seen across the internet/network Also are there basic security issues i should look into or does any one have any resources/links that will help me make a secure site. Thanks and sorry for the general nature of the problem Dan.
-
Hi I currently have a web application that presents a user with a username and password box (text boxes) - once the user registers their password is encrypted and stored in a database. My question is this - the password is sent from their machine to the server in plain text. Is there a simple way of encrypting the form without using javascript to make it more difficult for their password to be seen across the internet/network Also are there basic security issues i should look into or does any one have any resources/links that will help me make a secure site. Thanks and sorry for the general nature of the problem Dan.
-
Hi I currently have a web application that presents a user with a username and password box (text boxes) - once the user registers their password is encrypted and stored in a database. My question is this - the password is sent from their machine to the server in plain text. Is there a simple way of encrypting the form without using javascript to make it more difficult for their password to be seen across the internet/network Also are there basic security issues i should look into or does any one have any resources/links that will help me make a secure site. Thanks and sorry for the general nature of the problem Dan.
There are methods to encrypt strings in .Net. Use the following article as base, http://support.microsoft.com/kb/301070 Ram
-
There are methods to encrypt strings in .Net. Use the following article as base, http://support.microsoft.com/kb/301070 Ram
Try using MD5 as the encryption on the client side. You can change the password using the javascript code at http://pajhome.org.uk/crypt/md5/">http://pajhome.org.uk/crypt/md5. The tricky part is to use a unique "salt" value that is created when the page is created and used as part of the submit process. The stored password is encrypted with the same salt value on the server side and the value is compared with the calculated value from the client. I have used a date stamp like yymmddHHmmssfff or something like that to calc the salt value. Hope this helps.