aspnet database stores password in plaintext?

  • Thread starter Thread starter PJ6
  • Start date Start date
P

PJ6

I'm just going over using the asp.net 2.0 membership provider model, built
out the database, and realized that passwords are being stored in plaintext
in the aspnet_Membership table. I'm just looking at this with a demo
application I downloaded... do I need to manually take care of encrypting
the password before sending it?

Paul
 
I'm just going over using the asp.net 2.0 membership provider model, built
out the database, and realized that passwords are being stored in plaintext
in the aspnet_Membership table. I'm just looking at this with a demo
application I downloaded... do I need to manually take care of encrypting
the password before sending it?

Paul
Click to expand...

ASP.NET membership provider allows for three different ways to protect
user's passwords via the passwordFormat attribute:
http://www.developmentnow.com/blog/Using+PasswordFormat+With+ASPNET+Membership.aspx
 
I'm just going over using the asp.net 2.0 membership provider model,
built out the database, and realized that passwords are being stored
in plaintext in the aspnet_Membership table. I'm just looking at this
with a demo application I downloaded... do I need to manually take
care of encrypting the password before sending it?
Click to expand...

This is controlled in web.config. In addition to what Alexy pointed out,
you should consider creating your own machine keys rather than using the
default, esp. if you intend on migrating any data from a test system to
production without recreating all of the accounts. This is also
basically mandatory in a web farm (basically, as there are ways around
this in an extremely high security context - but the added security does
require a somewhat difficult process to accomplish it).

Peace and Grace,

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

Twitter: @gbworld
Blog: http://gregorybeamer.spaces.live.com

*******************************************
| Think outside the box! |
*******************************************
 
Back
Top