Plateforme Level Extreme
Abonnement
Profil corporatif
Produits & Services
Support
Légal
English
Showing ASP.NET page as pop-up/modal?
Message
De
29/12/2014 15:00:14
 
 
Information générale
Forum:
ASP.NET
Catégorie:
Autre
Versions des environnements
Environment:
VB 9.0
OS:
Windows Server 2012
Network:
Windows 2008 Server
Database:
MS SQL Server
Application:
Web
Divers
Thread ID:
01612499
Message ID:
01612796
Vues:
55
>I hear what you are saying; and it makes sense. However my application applies to such a non-secure business that security hole is not a problem. However, making a customer to do another step (like resetting their password) may piss them off and get me fired :)
>Thank you for the suggestion.
>>May I suggest that you email a token that allows them to reset their password online? For example, the email will have a link with the token as a parameter (http://www.mysite/com/resetpwd/734jGkagkjKEW9856kj) The token is generally a guid. Emailing a UID/PWD is a security hole as the data is sent in plain text as is storing the pwd unencrypted.
>>
>>>Thank you for the link. I will review it. But I abandoned my idea of using a Bootstrap/jQuery modal pop up form and decided in favor of a simple ASP.NET form. The purpose of the pop-up form was for a user to recover his password. That is, he/she would enter their email address and the program would email them their User ID and Password (calling SQL Server database first). Putting such functionality (calling SQL Server and sending email) into a pop-up/modal form turned out to be too complicated. ASP.NET form is much simpler.

Having someone gain access to your site may not be a big deal, but people tend to reuse passwords. Sending out their username and password may end up giving access to any number of other sites that the user uses. The WebSecurity class (http://msdn.microsoft.com/en-us/library/webmatrix.webdata.websecurity%28v=vs.111%29.aspx) has methods to generate a temporary token and reset the password based off of the token. It also uses hashed passwords in case there is a data breach.

Implementing security like this is a lot like performing backups: it doesn't seem like its important until something goes wrong.
Précédent
Suivant
Répondre
Fil
Voir

Click here to load this message in the networking platform