Click here to Skip to main content
15,566,522 members
Home / Discussions / C#
   

C#

 
Generalfiltering properties Pin
Roger Alsing28-Dec-03 2:34
Roger Alsing28-Dec-03 2:34 
GeneralRe: filtering properties Pin
Wizard_0128-Dec-03 3:53
Wizard_0128-Dec-03 3:53 
GeneralRe: filtering properties Pin
Roger Alsing28-Dec-03 4:37
Roger Alsing28-Dec-03 4:37 
GeneralRe: filtering properties Pin
Wizard_0128-Dec-03 5:07
Wizard_0128-Dec-03 5:07 
GeneralRe: filtering properties Pin
Roger Alsing28-Dec-03 5:34
Roger Alsing28-Dec-03 5:34 
GeneralRe: filtering properties Pin
Heath Stewart28-Dec-03 4:38
protectorHeath Stewart28-Dec-03 4:38 
GeneralSalted Hash add vulnerabilities Pin
laphijia28-Dec-03 0:15
laphijia28-Dec-03 0:15 
GeneralRe: Salted Hash add vulnerabilities Pin
Heath Stewart28-Dec-03 4:34
protectorHeath Stewart28-Dec-03 4:34 
Even comprimising your SQL Server system would not yield the password if using a digest algorithm like MD5 or SHA1 without using a brute force attack. You make a good point about avoid such an attack, though.

Encrypting the ticket is definitely a good idea. Take a look at my article Role-based Security with Forms Authentication[^] for a brief mention of using FormsAuthentication.Encrypt to encrypt a forms authentication-based ticket. Doing this manually would work as well, but I thought I'd just mention it.

As far as using a salted hash, storing the salt makes your system little more secure than the first method of using an unsalted hash. If a cracker comprimised your system, nothing is stopping them from discovering the hash. The MD5-digest authentication mechanisms that many HTTP daemons support - as well as many browsers - actually generate a salt of sorts that it communicates with the browser (handshaking) and they use that to digest the credentials. Unfortunately, you can't do that because you need your salt to be persistent.

So, instead of storing the salt in the SQL Server, what about storing it in a different medium? You could, for example, keep an XML document (or even a simple text file) up-to-date with users and salts and read that into memory (use ASP.NET's Cache - if applicable - for some good event-based page validation). If a user comprimised the SQL Server, that cracker would have to comprise the entire system as well so that they could - most likely - gain debugging rights in order to insert their code into the ASP.NET worker process space and read the memory directly. This is just an example off the top of my head, but conceptually something you might want to consider.

 

-----BEGIN GEEK CODE BLOCK-----
Version: 3.21
GCS/G/MU d- s: a- C++++ UL@ P++(+++) L+(--) E--- W+++ N++ o+ K? w++++ O- M(+) V? PS-- PE Y++ PGP++ t++@ 5 X+++ R+@ tv+ b(-)>b++ DI++++ D+ G e++>+++ h---* r+++ y+++
-----END GEEK CODE BLOCK-----
QuestionHow to use array update the xml file?███ Pin
nichen100127-Dec-03 21:19
nichen100127-Dec-03 21:19 
AnswerRe: How to use array update the xml file? Pin
Nick Parker28-Dec-03 4:19
protectorNick Parker28-Dec-03 4:19 
GeneralAttention C++ developers Pin
Alex Korchemniy27-Dec-03 16:40
Alex Korchemniy27-Dec-03 16:40 
GeneralRe: Attention C++ developers Pin
Colin Angus Mackay27-Dec-03 18:07
Colin Angus Mackay27-Dec-03 18:07 
GeneralRe: Attention C++ developers Pin
Alex Korchemniy27-Dec-03 18:11
Alex Korchemniy27-Dec-03 18:11 
GeneralRe: Attention C++ developers Pin
Colin Angus Mackay27-Dec-03 18:52
Colin Angus Mackay27-Dec-03 18:52 
GeneralRe: Attention C++ developers Pin
leppie27-Dec-03 20:07
leppie27-Dec-03 20:07 
GeneralRe: Attention C++ developers Pin
Heath Stewart28-Dec-03 4:21
protectorHeath Stewart28-Dec-03 4:21 
QuestionHow Do I transform 2d coordinates of the mouse into 3d? Pin
SherKar27-Dec-03 15:21
SherKar27-Dec-03 15:21 
AnswerRe: How Do I transform 2d coordinates of the mouse into 3d? Pin
Colin Angus Mackay27-Dec-03 18:55
Colin Angus Mackay27-Dec-03 18:55 
AnswerRe: How Do I transform 2d coordinates of the mouse into 3d? Pin
leppie27-Dec-03 20:12
leppie27-Dec-03 20:12 
GeneralRe: How Do I transform 2d coordinates of the mouse into 3d? Pin
Colin Angus Mackay28-Dec-03 2:55
Colin Angus Mackay28-Dec-03 2:55 
GeneralRe: How Do I transform 2d coordinates of the mouse into 3d? Pin
Nick Parker28-Dec-03 4:44
protectorNick Parker28-Dec-03 4:44 
GeneralRe: How Do I transform 2d coordinates of the mouse into 3d? Pin
Colin Angus Mackay28-Dec-03 13:13
Colin Angus Mackay28-Dec-03 13:13 
GeneralRe: How Do I transform 2d coordinates of the mouse into 3d? Pin
Nick Parker28-Dec-03 17:55
protectorNick Parker28-Dec-03 17:55 
AnswerRe: How Do I transform 2d coordinates of the mouse into 3d? Pin
Bryan White29-Dec-03 23:30
Bryan White29-Dec-03 23:30 
GeneralRe: How Do I transform 2d coordinates of the mouse into 3d? Pin
Colin Angus Mackay31-Dec-03 6:37
Colin Angus Mackay31-Dec-03 6:37 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.