akp007
asked on
Secure way of passing / inserting password in Database - ASP
Dear Experts-
Let me explain the scenario first
I have login form with Userid and Password. Once the user enters userid and password, as a programmer I can know what is the value of the password user entered.
I would like to know if there is a way that the password can not be read even by the programmer and get the password in an encrypted way and send it to the database and save it
Regards
Let me explain the scenario first
I have login form with Userid and Password. Once the user enters userid and password, as a programmer I can know what is the value of the password user entered.
I would like to know if there is a way that the password can not be read even by the programmer and get the password in an encrypted way and send it to the database and save it
Regards
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Another useful resource: http://www.frez.co.uk/freecode.htm#md5
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you for all quick responses. I still have a small doubt. This may be dumb. But I want to get the clarification
All the suggestion and advice that you have provided to me are, Once the user submits the form, then we capture the password and encrypt that. But as a programmer, before I do the encryption, I can still see the password that user entered , if I want to right? using response.write or some other way using ASP.
Is that right? Please
thanks
All the suggestion and advice that you have provided to me are, Once the user submits the form, then we capture the password and encrypt that. But as a programmer, before I do the encryption, I can still see the password that user entered , if I want to right? using response.write or some other way using ASP.
Is that right? Please
thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
not true
if you effect the password (hash it or whatever) on the client side then the posted value will not be what the user entered ...
if you effect the password (hash it or whatever) on the client side then the posted value will not be what the user entered ...
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
All the comments were excellent . I appreciate your quick response
Best Regards
Best Regards