Databases
StackOverflow2013
Postsdbo
PO
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    primarykey
    data
    text
    <p>I'm not familiar with ASP, so I can't answer you on how best to communicate and keep the credentials throughout the session. It sounds like using the built-in membership system, as others have suggested, is the safest approach. I totally sympathize, however, with your desire to do things yourself and understand how they are working under-the-hood. If you do want to tackle doing this yourself, I can speak to the database side of things.</p> <p>If at all possible, don't ever store the actual password anywhere. You should only be storing an irreversibly-encrypted value generated from the password (using a hash-encryption algorithm such as <a href="http://msdn.microsoft.com/en-us/library/system.security.cryptography.sha512managed.aspx" rel="nofollow">SHA512Managed</a>). To authenticate the user, rather than decrypting the stored password and comparing the two plain-text passwords, you want to encrypt the entered password and then compare the two encrypted values. If you store the actual password, even if it's encrypted with a reversible-encryption algorithm, it is a big security risk. </p> <p>Also, if you are using an encryption algorithm that allows you to specify a seed value, you should use an algorithm to generate the seed value based on the original password. You don't want to use the same encryption-seed value for every password.</p> <p>Also, most encryption methods are designed to be fast so that they can be used for communication streams. However, if they are fast, that means someone can brute-force crack them more quickly. Therefore, the best method for making your encryption safer is to make them as slow as is reasonably possible. Often this is accomplished by re-encrypting the encrypted value over and over again in a loop for a fixed number of times.</p>
    singulars
    1. This table or related slice is empty.
    1. POBest way to authenticate users?
      singulars
      1. PTQuestion
    1. PTAnswer
    1. USSteven Doggart
    1. USSteven Doggart
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    1. COExactly Steven, I want to know the ‘science’ behind it all. Not to mention I feel like the build-ins are too cumbersome and hard to manage. I’ve tried customizing the info and difficult. But, then again I'm new and might be missing something. But you are correct. I would much rather do it myself if for any other reason, to learn. You have enlightened me a great deal! Now on to ASP part… hopefully!
      singulars
      1. PO
      1. USjharris8567
    2. COYes, using provided features, like that, is great, but I've been bitten enough times in the past to at least be cautious about doing so. Writing something yourself may take longer, but in the end, you fully understand how it works, so when something goes wrong, you know how to fix it. Also, you don't have to write hacks around it to make it work the way you want it to work. I know nothing about this "membership" feature, but if its anything like any other security-related feature coming out of Redmond, I can easily imagine just how convoluted and cumbersome it might be.
      singulars
      1. PO
      1. USSteven Doggart
    3. COThat being said, it's still a good idea to learn the tools, like that, which are provided in the framework and use them judiciously in the areas where they make sense. If all you need is a simple authentication mechanism with no out-of-the-ordinary requirements, its probably best to use what's already there, or at least wrap it inside a more friendly "sheath" interface.
      singulars
      1. PO
      1. USSteven Doggart
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload