Re: Places to store a password
- From: "Peter Bradley" <pbradley@xxxxxxxxxx>
- Date: Tue, 13 Mar 2007 07:59:02 -0000
If you need to retrieve the actual value of the password, you could put it
in Web.config - but make sure it's properly encrypted. Better still, put it
in a database (encrypted). You could also store it in the filesystem in a
folder only readable by your application. And finally, something we have
actually done, is to store the encrypted password in a database, but
retrieve it via a remote object: this allows you to have your application,
your remote object and your database all on different machines, which adds
some extra layers of security. Security is all about layers.
However, if you just want to compare the password with one that's been
entered, for authentication purposes, then store a hash - again, preferably
in a database. You never retrieve the password itself, but compare the hash
of the entry against the hash you've saved.
Peter
"eggie5" <eggie5@xxxxxxxxx> wrote in message
news:1173742628.827330.58150@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I'm looking for the best place to store a general password I use on
my website. Short of hard coding it into one of my aspx.cs files, I'm
trying to find a good place to store it. The only place I can think of
is the web.config file. Can somebody give me some pointers on elegent
ways to do this with asp.net?
.
- References:
- Places to store a password
- From: eggie5
- Places to store a password
- Prev by Date: Re: Places to store a password
- Next by Date: Re: Global Address List from ASP.NET web application?
- Previous by thread: Re: Places to store a password
- Next by thread: Re: Places to store a password
- Index(es):
Relevant Pages
|
