Re: How is the ASPNET password managed?
From: Scott Allen (bitmask_at_[nospam)
Date: 08/30/04
- Next message: Scott Allen: "Re: ASP.NET server process hangs for some time"
- Previous message: Quentin Huo: "AutoEventWireup problem"
- In reply to: Cowboy \(Gregory A. Beamer\) [MVP]: "Re: How is the ASPNET password managed?"
- Next in thread: Scott Allen: "Re: How is the ASPNET password managed?"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 30 Aug 2004 14:26:56 -0400
User account passwords are kept as a hash, but I don't believe local
service account credentials are stored with a one way algorithm. A
service needs to remember it's password to authenticate against an
authority just like a user does. In NT 4 this was a vulnerability for
a time as the passwords were stored in plaintext (encoded, essentially
plaintext), and it was easy to find tools to dump the service account
passwords even though the registry keys were restricted to the system
account. Since NT4 the SAM et al is encrypted.
-- Scott http://www.OdeToCode.com On Mon, 30 Aug 2004 10:29:53 -0500, "Cowboy \(Gregory A. Beamer\) [MVP]" <NoSpamMgbworld@comcast.netNoSpamM> wrote: >It is system created and uses a one-way algorythm. You can set the password >yourself, if you wish (machine.config file). There is also an >IUSR_ComputerName account for IIS, which you can control, if you so desire. >In most instances, it is better to let the machine control both. If the >pwd(s) are compromised, the machine is already owned by someone else.
- Next message: Scott Allen: "Re: ASP.NET server process hangs for some time"
- Previous message: Quentin Huo: "AutoEventWireup problem"
- In reply to: Cowboy \(Gregory A. Beamer\) [MVP]: "Re: How is the ASPNET password managed?"
- Next in thread: Scott Allen: "Re: How is the ASPNET password managed?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
Loading
