Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
User passwords not encrypted
Message
From
07/08/2007 12:32:23
Greg Lee
Gcl Software
Newport Beach, California, United States
 
 
To
06/08/2007 15:21:41
Tony Scarpelli
Maine Medical Center
Portland, Maine, United States
General information
Forum:
ASP.NET
Category:
The Mere Mortals .NET Framework
Title:
Re: User passwords not encrypted
Environment versions
Environment:
VB 8.0
OS:
Windows XP SP2
Miscellaneous
Thread ID:
01246054
Message ID:
01246527
Views:
27
I agree about the need for encrypting the passwords. It's easy to add this to MM. We added a PasswordSalt field to the Users table and lengthened the Password field length. The user's password is appended to PasswordSalt and then hashed using the .NET SHA1 functionality. Prior to calling Login or authenticating the user, just append the password that the userr entered to PasswordSalt and hash it. Then compare the hashed passwords.
Greg Lee
GCL Software
Previous
Reply
Map
View

Click here to load this message in the networking platform