Solved

Secure data transmission from ASP.NET pages

Posted on 2008-10-19
7
425 Views
Last Modified: 2012-05-05
Hi,

I would like to build a page to capture some sensitive information that shouldnt end up in the hands on wrong people (:-))

I will be also provide login facilities for people entering these info on the page.

How can i secure both the login details and sensitive data

Is there any encryption and stuff available for ASP.Net

Thanks

0
Comment
Question by:justin_smith
  • 3
  • 2
  • 2
7 Comments
 
LVL 8

Expert Comment

by:Wikkard
Comment Utility
All you need to do is use SSL on the web server.

This will secure the connection from the user to the server.

After that if you think the security on your server may be an issue you can store the data gathered in an encrypted format.
.net does have excellent support for crytography built in.
0
 
LVL 4

Expert Comment

by:CDirenzi
Comment Utility
0
 
LVL 8

Accepted Solution

by:
Wikkard earned 500 total points
Comment Utility
Normally user passwords would be encrypted using a one way hashing function.  You store this encrypted version of the user password in your database, then when a user login occurs you simply hash the input password and compare the result with the hashed password which you have stored. This way the users password is never exposed.

This site has some good info on the .net cryptography namespace which should get you started.
http://www.codeproject.com/KB/security/Cryptography_NET.aspx

If you are using SQL Server 2005 or later you may want to consider using the built in crypto features it can provide on specific columns or tables.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:justin_smith
Comment Utility
Thanks everyone....

most of the crypto stuff give me a shield between the web server and the database..

i may be wrong here.. if i use just HTTP the username and password will be cleartext.

When you say SSL, i have to use HTTPS.. is it ok even if dont posses a valid digital certificate?
0
 
LVL 4

Expert Comment

by:CDirenzi
Comment Utility
Yes you will need to use HTTPS
0
 

Author Comment

by:justin_smith
Comment Utility
ok.. the security side functionality will still work even if i use HTTPS without a valid certificate
0
 
LVL 8

Assisted Solution

by:Wikkard
Wikkard earned 500 total points
Comment Utility
Yes it will however the users browser will complain that the certificates aren't valid.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

I have developed many web applications with asp & asp.net and to add and use a dropdownlist was always a very simple task, but with the new asp.net, setting the value is a bit tricky and its not similar to the old traditional method. So in this a…
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
This video discusses moving either the default database or any database to a new volume.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now