Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>I'm not familiar with ASP, so I can't answer you on how best to communicate and keep the credentials throughout the session. It sounds like using the built-in membership system, as others have suggested, is the safest approach. I totally sympathize, however, with your desire to do things yourself and understand how they are working under-the-hood. If you do want to tackle doing this yourself, I can speak to the database side of things.</p> <p>If at all possible, don't ever store the actual password anywhere. You should only be storing an irreversibly-encrypted value generated from the password (using a hash-encryption algorithm such as <a href="http://msdn.microsoft.com/en-us/library/system.security.cryptography.sha512managed.aspx" rel="nofollow">SHA512Managed</a>). To authenticate the user, rather than decrypting the stored password and comparing the two plain-text passwords, you want to encrypt the entered password and then compare the two encrypted values. If you store the actual password, even if it's encrypted with a reversible-encryption algorithm, it is a big security risk. </p> <p>Also, if you are using an encryption algorithm that allows you to specify a seed value, you should use an algorithm to generate the seed value based on the original password. You don't want to use the same encryption-seed value for every password.</p> <p>Also, most encryption methods are designed to be fast so that they can be used for communication streams. However, if they are fast, that means someone can brute-force crack them more quickly. Therefore, the best method for making your encryption safer is to make them as slow as is reasonably possible. Often this is accomplished by re-encrypting the encrypted value over and over again in a loop for a fixed number of times.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload