Password Encryptor/Decryptor for ASP 3.0?
in [ASP]
|
From: M P on 13 Oct 2005 23:36 Hi! Im planning to encrypt the password that was stored on msaccess database and also the text inputed from a password textbox. Also, if I want to get the password from the database, I need to decrypt it so it can be comparable to the one that is inputed on the textbox. Is there a way on how to handle this? MP
From: Evertjan. on 14 Oct 2005 03:11 M P wrote on 14 okt 2005 in microsoft.public.inetserver.asp.general: > Also, if I want to get the > password from the database, I need to decrypt it Not the only way. You also could, if the encription proces is unique [=gives always the same result], compare both encripted forms. -- Evertjan. The Netherlands. (Replace all crosses with dots in my emailaddress)
From: Gottfried Mayer on 14 Oct 2005 03:14 M P wrote: > Hi! > > Im planning to encrypt the password that was stored on msaccess database and > also the text inputed from a password textbox. Also, if I want to get the > password from the database, I need to decrypt it so it can be comparable to > the one that is inputed on the textbox. Is there a way on how to handle > this? > > MP > > Hi M P, To store passwords, the one-way or "hash" algorhythms will be the most useful to use: As the name says, this is a one-way procedure, for example: Password: mysecretpass Hash (example): 28F9E2A118B3 <== Store this in DB User inputs: mysecretpass Calculate Hash: 28F9E2A118B3 Compare this to value stored in DB. There are several different hash algorhythms around, the most commonly used is called MD5: http://www.aspfaq.com/show.asp?id=2397 The first example on this page is a implementation in JavaScript, this ensures that the password is encrypted on the client computer and submitted in the encrypted form. HTH Gottfried
From: M P on 18 Oct 2005 20:35 Hi! Thanks for the reply. My question is how do I handle this MD5 algorithm? For example, I have a login page, how do I use the javascript? regards, Me "Gottfried Mayer" <ngs(a)NOOfusedSPAAAM.ch> wrote in message news:e9m$e7I0FHA.2064(a)TK2MSFTNGP09.phx.gbl... >M P wrote: >> Hi! >> >> Im planning to encrypt the password that was stored on msaccess database >> and >> also the text inputed from a password textbox. Also, if I want to get the >> password from the database, I need to decrypt it so it can be comparable >> to >> the one that is inputed on the textbox. Is there a way on how to handle >> this? >> >> MP >> >> > > Hi M P, > > To store passwords, the one-way or "hash" algorhythms will be the most > useful to use: > As the name says, this is a one-way procedure, for example: > > Password: mysecretpass > Hash (example): 28F9E2A118B3 <== Store this in DB > > User inputs: mysecretpass > Calculate Hash: 28F9E2A118B3 > Compare this to value stored in DB. > > > There are several different hash algorhythms around, the most commonly > used is called MD5: > http://www.aspfaq.com/show.asp?id=2397 > > The first example on this page is a implementation in JavaScript, this > ensures that the password is encrypted on the client computer and > submitted in the encrypted form. > > > HTH > Gottfried
From: Roland Hall on 19 Oct 2005 03:26 "M P" wrote in message news:%23AcaaUE1FHA.904(a)tk2msftngp13.phx.gbl... : Thanks for the reply. My question is how do I handle this MD5 algorithm? For : example, I have a login page, how do I use the javascript? Please respond after responses, not before them. You don't use javascript to do this. You do it on the server-side. If you need a MD5 function already written to work in ASP, then go here: http://www.frez.co.uk/freecode.htm#md5 The function is md5. I call it with: eStr = md5(str) I put it in it's own file and I include it into any page I need. A starter example... <%@ Langauge = "VBScript" %> <% Option Explicit Response.Buffer = True %> <!--#include virtual="/asp/nocache.asp"--> <!--#include virtual="/asp/md5.asp"--> <% dim username, password, ePassword, method method = Request.ServerVariables("REQUEST_METHOD") if method = "POST" then ' form has been posted username = Server.HTMLEncode(Replace(Request.Form("username"),"'","''")) password = Server.HTMLEncode(Replace(Request.Form("password"),"'","''")) ' form validation ' get password from database if username exists ePassword = md5(password) if ePassword = cPassword then ' write to log ' validate logon session("user") = username ' redirect to welcome else ' report error to user ' write to log ' redirect to logon end if end if %> <!-- display logon form --> My nocache.asp page: <% with Response .Expires = -1 .ExpiresAbsolute = Now() - 1 .AddHeader "pragma", "no-cache" .AddHeader "cache-control", "private" .CacheControl = "no-cache" end with %> HTH... -- Roland Hall /* This information is distributed in the hope that it will be useful, but without any warranty; without even the implied warranty of merchantability or fitness for a particular purpose. */ Technet Script Center - http://www.microsoft.com/technet/scriptcenter/ WSH 5.6 Documentation - http://msdn.microsoft.com/downloads/list/webdev.asp MSDN Library - http://msdn.microsoft.com/library/default.asp
|
Next
|
Last
Pages: 1 2 Prev: ScriptEngine threw exception 'C0000005' Next: Create Certificate Error '80070002' |