how to send user ID across differnet application in ASP.Net?
-
Could you not just create a hash of the (userID + logginDateTimeString) and store that in database along with an expiary DateTime? - Thats fairly simple
My opinion is... If someone has already posted an answer, dont post the SAME answer
Good solution, musefan! regards, George
-
Then what is your better solution? regards, George
-
then throw in a salt value. it would take a while to brute force attack it anyway. plus the only valuable info in the hash would be a userID value i.e. 1, 34 or 103 which is useless if it cannot be used anywhere. no?
My opinion is... If someone has already posted an answer, dont post the SAME answer
"then throw in a salt value. it would take a while to brute force attack it anyway." -- intersted in this, could you show me what do you mean salt value please? :-) happy weekend, George
-
Cookies are not difficult to expose either thou so... what about when a user logs in you create a random key and store that on the server so you can identify the user. That could be passed in the URL and would be different each time Ive never done it, so just a suggestion.
My opinion is... If someone has already posted an answer, dont post the SAME answer
Cool, musefan! "Cookies are not difficult to expose either thou" -- could you show me more information please? Any documents or your experience proves some ways to expose cookie information? regards, George
-
make a database to store that user id or use xml if its just user id... its your choice. SQL Database is more secured
TVMU^P[[IGIOQHG^JSH`A#@`RFJ\c^JPL>;"[,*/|+&WLEZGc`AFXc!L %^]*IRXD#@GKCQ`R\^SF_WcHbORY87֦ʻ6ϣN8ȤBcRAV\Z^&SU~%CSWQ@#2 W_AD`EPABIKRDFVS)EVLQK)JKSQXUFYK[M`UKs*$GwU#(QDXBER@CBN% Rs0~53%eYrd8mt^7Z6]iTF+(EWfJ9zaK-iTV.C\y<pjxsg-b$f4ia> -------------------------------------------------------- 128 bit encrypted signature, crack if you can
Why cookie is not secured? regards, George
-
Why cookie is not secured? regards, George
cookies saves on client side. And server side is more secure than client side
TVMU^P[[IGIOQHG^JSH`A#@`RFJ\c^JPL>;"[,*/|+&WLEZGc`AFXc!L %^]*IRXD#@GKCQ`R\^SF_WcHbORY87֦ʻ6ϣN8ȤBcRAV\Z^&SU~%CSWQ@#2 W_AD`EPABIKRDFVS)EVLQK)JKSQXUFYK[M`UKs*$GwU#(QDXBER@CBN% Rs0~53%eYrd8mt^7Z6]iTF+(EWfJ9zaK-iTV.C\y<pjxsg-b$f4ia> -------------------------------------------------------- 128 bit encrypted signature, crack if you can
-
cookies saves on client side. And server side is more secure than client side
TVMU^P[[IGIOQHG^JSH`A#@`RFJ\c^JPL>;"[,*/|+&WLEZGc`AFXc!L %^]*IRXD#@GKCQ`R\^SF_WcHbORY87֦ʻ6ϣN8ȤBcRAV\Z^&SU~%CSWQ@#2 W_AD`EPABIKRDFVS)EVLQK)JKSQXUFYK[M`UKs*$GwU#(QDXBER@CBN% Rs0~53%eYrd8mt^7Z6]iTF+(EWfJ9zaK-iTV.C\y<pjxsg-b$f4ia> -------------------------------------------------------- 128 bit encrypted signature, crack if you can
Thanks, Xmen! I agree with you on server side is more secure. But I think cookie is encrypted on client side always? So, it should also be ok? regards, George
-
Thanks, Xmen! I agree with you on server side is more secure. But I think cookie is encrypted on client side always? So, it should also be ok? regards, George
dude, encryption can be cracked easily.
TVMU^P[[IGIOQHG^JSH`A#@`RFJ\c^JPL>;"[,*/|+&WLEZGc`AFXc!L %^]*IRXD#@GKCQ`R\^SF_WcHbORY87֦ʻ6ϣN8ȤBcRAV\Z^&SU~%CSWQ@#2 W_AD`EPABIKRDFVS)EVLQK)JKSQXUFYK[M`UKs*$GwU#(QDXBER@CBN% Rs0~53%eYrd8mt^7Z6]iTF+(EWfJ9zaK-iTV.C\y<pjxsg-b$f4ia> -------------------------------------------------------- 128 bit encrypted signature, crack if you can
-
dude, encryption can be cracked easily.
TVMU^P[[IGIOQHG^JSH`A#@`RFJ\c^JPL>;"[,*/|+&WLEZGc`AFXc!L %^]*IRXD#@GKCQ`R\^SF_WcHbORY87֦ʻ6ϣN8ȤBcRAV\Z^&SU~%CSWQ@#2 W_AD`EPABIKRDFVS)EVLQK)JKSQXUFYK[M`UKs*$GwU#(QDXBER@CBN% Rs0~53%eYrd8mt^7Z6]iTF+(EWfJ9zaK-iTV.C\y<pjxsg-b$f4ia> -------------------------------------------------------- 128 bit encrypted signature, crack if you can
Hi Xmen, Could you show me how unsecure even if we encrypt cookie at client side? Either your experience or other documents are fine. Previous I fully trust encrypted cookie is secure and very hard (not impossible) to hack. :-) regards, George
-
"then throw in a salt value. it would take a while to brute force attack it anyway." -- intersted in this, could you show me what do you mean salt value please? :-) happy weekend, George
a salt is basically just a static string that you append to other information before hashing i.e. string salt = "SALTVALUE"; string password = "PASSWORD"; string combined = salt + password; Hash(Combined); now the hashed value is not simply the password, so it makes it harder to crack
My opinion is... If someone has already posted an answer, dont post the SAME answer
-
Cool, musefan! "Cookies are not difficult to expose either thou" -- could you show me more information please? Any documents or your experience proves some ways to expose cookie information? regards, George
well you can use the WebBrowser control, then view the cookies with the following WebBrowser.Document.Cookie //this is a string of cookies for the loaded page, they are split with ;
My opinion is... If someone has already posted an answer, dont post the SAME answer