MonoX support board

Start the conversation, ask questions and share tips and solutions with fellow developers.

Non-registered users can only browse through our support boards. Please register now if you want to post your questions. It takes a second and it is completely free. Alternatively, you can log in without registration using your credentials at major sites such as Google, Microsoft Live, OpenId, Facebook, LinkedIn or Yahoo.

Way to crypt the passwords (Closed) (Mono Support )

Viewed 14667 time(s), 4 post(s) 13.04.2012 08:58:26by livcons
livcons

livcons

13.04.2012 08:58:26
Hello Is there a way to crypt the user passwords?

Regards
Dieser Inhalt wurde noch nicht bewertet. 
986 Reputation 121 Total posts
Jeremy

Jeremy

13.04.2012 13:23:54
I think you would need to update the web.config passwordFormat setting to either Encrypted or Hashed, depending on your needs. See this section in web.config:

<membership defaultProvider="AspNetSqlMembershipProvider" hashAlgorithmType="SHA1">
<providers>
<remove name="AspNetSqlMembershipProvider"/>
<add connectionStringName="LocalSqlServer" enablePasswordRetrieval="true" enablePasswordReset="true" requiresQuestionAndAnswer="false" applicationName="MonoX" requiresUniqueEmail="false" passwordFormat="Clear" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordStrengthRegularExpression="" name="AspNetSqlMembershipProvider" type="MonoSoftware.MonoX.MonoXMembershipProvider, MonoX"/>
</providers>
</membership>

"The PasswordFormat property indicates the format that passwords are stored in. Passwords can be stored in Clear, Encrypted, and Hashed password formats. Clear passwords are stored in plain text, which improves the performance of password storage and retrieval but is less secure, as passwords are easily read if your data source is compromised. Encrypted passwords are encrypted when stored and can be decrypted for password comparison or password retrieval. This requires additional processing for password storage and retrieval, but is more secure, as passwords are not easily determined if the data source is compromised. Hashed passwords are hashed using a one-way hash algorithm and a randomly generated salt value when stored in the database. When a password is validated, it is hashed with the salt value in the database for verification. Hashed passwords cannot be retrieved."

quoted from: http://msdn.microsoft.com/en-us/library/system.web.security.membershipprovider.passwordformat
Bewertet mit 5,00, 1 Besucher. 
322 Reputation 36 Total posts
livcons

livcons

13.04.2012 13:46:09
Thanks

That solved the problem.

Regards
Dieser Inhalt wurde noch nicht bewertet. 
986 Reputation 121 Total posts
Jeremy

Jeremy

13.04.2012 13:57:01
Glad to hear that solved the problem. Please consider marking my post as the answer if you found it helpful.
Dieser Inhalt wurde noch nicht bewertet. 
322 Reputation 36 Total posts