How to send encrypted Username and Password to SQL Server database with Classic ASP
Hi Experts,
I am submitting Username and Password to a database table with Classic ASP. This is my form:
Thank you for your help.
I am submitting Username and Password to a database table with Classic ASP. This is my form:
<form name="form" method="post" action="Passwords_send.asp">
Username: <input name="Username" type="text" id="Username" /><br />
Password: <input name="Password" type="text" id="Username" /><br />
<input type="submit" name="Submit" value="Submit" />
</form><!-- #include virtual="/Connections/SQLConn.asp" -->
<%
strUsername = request.Form("Username")
strPassword = request.Form("Password")
'create connection object
Set MesIns=CreateObject("ADODB.Command")
MesIns.ActiveConnection=conn
MesIns.commandtext = "insert into Login (Username, Password) VALUES (?,?)"
MesIns.Parameters.Append MesIns.CreateParameter("@Username", 200, 1, 999, strUsername)
MesIns.Parameters.Append MesIns.CreateParameter("@Password", 200, 1, 255, strPassword)
MesIns.Execute
Response.Redirect "Passwords.asp"
conn.Close()
Set conn = Nothing
%>Thank you for your help.
ASKER
I was hoping for a piece of code that stores my form submission in an encrypted format.
e.g. I submit from my form the word "MyPassword" from my Password field, and it gets stored in the database in an encrypted format, something like "oiaufxv9usladfkjtjkjasdka
e.g. I submit from my form the word "MyPassword" from my Password field, and it gets stored in the database in an encrypted format, something like "oiaufxv9usladfkjtjkjasdka
Hi RomSom,
Just Use OS authentication?
PS. Don't let the website connect directly to the database. Use middleware like a web service.
Hope it helps..!!
Thanks
Mukesh Chandra
Just Use OS authentication?
PS. Don't let the website connect directly to the database. Use middleware like a web service.
Hope it helps..!!
Thanks
Mukesh Chandra
I have an article on this here https://www.experts-exchange.com/articles/18259/Classic-ASP-Login-System-Utilizing-a-Token.html
What I think you are asking is how to store and use passwords in your classic asp app.
You are going to submit your username and password to your asp page in clear text. That is no issue. On your page that processes the username and password you will generate a one way hash. For first time users, you will store the hashed password in your database. For users logging in, you will again create the hash, look up the username and check that the hash you created matches that in the database.
As a simple example, let's say you have the password "abc" to submit. You generate a hash by adding some additional information (called the salt) and run it through a hash algorithm.
There are better hashing algo's than sha256, but I think for classic asp, you will only find sha256. However, you can run asp in jscript and that means if you find a hash algo in javascript you can run that too.
What I think you are asking is how to store and use passwords in your classic asp app.
You are going to submit your username and password to your asp page in clear text. That is no issue. On your page that processes the username and password you will generate a one way hash. For first time users, you will store the hashed password in your database. For users logging in, you will again create the hash, look up the username and check that the hash you created matches that in the database.
As a simple example, let's say you have the password "abc" to submit. You generate a hash by adding some additional information (called the salt) and run it through a hash algorithm.
<!--#include virtual="/sha256.asp" -->
salt = "123"
data = request.form("pass")&salt
hash = sha256(data)
response.write hash ' 6CA13D52CA70C883E0F0BB101E425A89E8624DE51DB2D2392593AF6A84118090There are better hashing algo's than sha256, but I think for classic asp, you will only find sha256. However, you can run asp in jscript and that means if you find a hash algo in javascript you can run that too.
> Just Use OS authentication?
This is for a web app, the user will submit a username and password, not OS authentication
> PS. Don't let the website connect directly to the database. Use middleware like a web service.
What do you suggest? There are standard ways for connection to a database be it asp, php or some other language. The abstraction is in your code.
This is for a web app, the user will submit a username and password, not OS authentication
> PS. Don't let the website connect directly to the database. Use middleware like a web service.
What do you suggest? There are standard ways for connection to a database be it asp, php or some other language. The abstraction is in your code.
This is a good article on hashing passwords https://crackstation.net/hashing-security.htm it is a older and uses outdated hashing algorithms but the ideas are good.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you very much Scott! Where do I find the code of sha256.asp?
I have it posted in my article. see the code under functions.asp. it is too hard to copy and paste from my phone otherwise I would do it for you.
ASKER
I found it in your other article. Thank you very much, this is what I needed.
https://www.experts-exchange.com/questions/28449938/Creating-a-function-to-encrypt-a-string-with-sha512-hash-with-Classic-ASP.html
https://www.experts-exchange.com/questions/28449938/Creating-a-function-to-encrypt-a-string-with-sha512-hash-with-Classic-ASP.html
ASKER
Thank you so much, works like a charm!
(can be stunnel or IPSEC or something that resembles that.)
For Browser -> webserver you will need SSL enabled HTTP (aka https).