Re: Password Security

From: Alun Jones [MSFT] (alunj_at_online.microsoft.com)
Date: 09/08/04 

Date: Tue, 7 Sep 2004 17:17:08 -0700

"Callum Winter" <callum@REMOVE_THISwinter9999.fsnet.co.uk> wrote in message
news:eGr#NOPlEHA.2868@TK2MSFTNGP11.phx.gbl...
> How do i get winsock to encrypt the packet so people cant rip off other
> peoples passwords??
> Does winsock include encryption?? is it automatically done as part of the
> TCP protocol.

No, Winsock doesn't include encryption. There are several different
encryption methods you can choose to implement on top of Winsock, of course.
Many applications currently use SSL / TLS, for instance, using the SChannel,
or SSPI, interfaces. This may be overkill for what you need.

As I said, there are many different ways to solve the problem of verifying
your identity to a server, and which one you choose will depend largely on
what you intend to do. Does the server need to impersonate the client's
Windows user account, or merely verify that the client is likely to be
listed in a database of users somewhere? Does the server / client exchange
need to be encrypted after the logon has occurred? How much data is
expected to be encrypted?

There are a number of books on the subject of secure network
communications - it really isn't a small topic - I would suggest you visit
your local library or book store and see what they have for you to check
out.

Alun.
~~~~

Relevant Pages
Loading