Re: Form authentication security question!
- From: "Tomas Machala" <t.machala@xxxxxxxxxx>
- Date: Fri, 24 Feb 2006 13:29:31 +0100
Hi,
No, hash value of the password is created on the server after client send it
as a plaintext. The reason why are passwords stored as a hashes is to
prevent it's misuse when the database is hacked, not to transmit them
securely. So yes, form manipulation would be successfull.
Btw. I don't think that login controls would use MD5 - it's unsecure,
deprecated alghorithm.
"jens Jensen" <jens@xxxxxxxxx> pí¹e v diskusním pøíspìvku
news:e7KgENTOGHA.2236@xxxxxxxxxxxxxxxxxxxxxxx
Hello,
When my users logs in to my site, an MD5 hashed value of the password is
sent to the server, and there the value is validated against a database.
What if someone catchs my hash value and also send it to my server. Will
that form manipulation succeed?
Many thansk in advance
JJ
.
- References:
- Form authentication security question!
- From: jens Jensen
- Form authentication security question!
- Prev by Date: Problem with PasswordRecovery Control
- Next by Date: System.UnauthorizedAccessException: Access to the path ...Temporary ASP.NET Files.. is denied.
- Previous by thread: Form authentication security question!
- Next by thread: Session Time Out Issue In ASP.NET hosted in Windows 2003 Enterprise Edition
- Index(es):
Relevant Pages
|
