aspnet database stores password in plaintext?


P

PJ6

I'm just going over using the asp.net 2.0 membership provider model, built
out the database, and realized that passwords are being stored in plaintext
in the aspnet_Membership table. I'm just looking at this with a demo
application I downloaded... do I need to manually take care of encrypting
the password before sending it?

Paul
 
Ad

Advertisements

A

Alexey Smirnov

I'm just going over using the asp.net 2.0 membership provider model, built
out the database, and realized that passwords are being stored in plaintext
in the aspnet_Membership table. I'm just looking at this with a demo
application I downloaded... do I need to manually take care of encrypting
the password before sending it?

Paul

ASP.NET membership provider allows for three different ways to protect
user's passwords via the passwordFormat attribute:
http://www.developmentnow.com/blog/Using+PasswordFormat+With+ASPNET+Membership.aspx
 
Ad

Advertisements

G

Gregory A. Beamer

I'm just going over using the asp.net 2.0 membership provider model,
built out the database, and realized that passwords are being stored
in plaintext in the aspnet_Membership table. I'm just looking at this
with a demo application I downloaded... do I need to manually take
care of encrypting the password before sending it?

This is controlled in web.config. In addition to what Alexy pointed out,
you should consider creating your own machine keys rather than using the
default, esp. if you intend on migrating any data from a test system to
production without recreating all of the accounts. This is also
basically mandatory in a web farm (basically, as there are ways around
this in an extremely high security context - but the added security does
require a somewhat difficult process to accomplish it).

Peace and Grace,

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

Twitter: @gbworld
Blog: http://gregorybeamer.spaces.live.com

*******************************************
| Think outside the box! |
*******************************************
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top