locked
Best guidance for login userid and password RRS feed

  • Question

  • User88744855 posted
    our website has two login area. One use js to Login and other use postback. I saw userid and password goes in such a way anyone can hack in the middle of the path.

    how we can provide security for login credentials. Two things coming to my mind. One is ssl and certificate and other is encryption.

    we have some constraint so we can not use ssl and certificate.

    just give me best routine for encrypting credentials.
    just give one js routine which will encrypt credentials and give me one c# routine which decrypt credentials encrypted by js.

    if any other way exist for login credentials security then plzz discuss here. Thanks.
    Monday, November 17, 2014 6:34 AM

Answers

All replies

  • User-760709272 posted

    If you can't implement ssl then you can't have secure communication between client and server, it's the only proper solution.

    Monday, November 17, 2014 6:37 AM
  • User724169276 posted

    I agree with Aidyf , that's the best option.I guess you are looking for alternatives from past few days by raising new threads.Wink

    Monday, November 17, 2014 10:09 AM
  • User88744855 posted
    Please give me best js encryption routine which will encrypt credentials before sending it to server end and need equivalent C# routine to decrypt it.
    thanks
    Monday, November 17, 2014 12:34 PM
  • User-1151753377 posted

    Hi mou_inn,

    Welcome to the ASP.NET forum.

    Please give me best js encryption routine which will encrypt credentials before sending it to server end and need equivalent C# routine to decrypt it.

    If you want to encrypt and decrypt credentials, there are some articles about how to encrypt and decrypt username, password. You could refer to it and hope it could helpful for you.

    http://stackoverflow.com/questions/22073453/encrypt-cryptojs-decrypt-net

    Also you could achieve it in code behind:

    http://www.aspsnippets.com/Articles/Encrypt-and-Decrypt-Username-or-Password-stored-in-database-in-ASPNet-using-C-and-VBNet.aspx

     

    Best Regards,

    Summer

     

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, November 18, 2014 1:28 AM
  • User-760709272 posted

    Client-based encryption routines are useless as anyone can view->source and discover the encryption keys you use.

    Tuesday, November 18, 2014 3:37 AM
  • User88744855 posted

    we can obfuscate the javascript used at client side to encrypt password!

    Wednesday, November 19, 2014 8:11 AM
  • User-760709272 posted

    If this was at all viable, then people would be routinely doing it.  But it isn't, so they don't, they use SSL which is the proper solution.

    Wednesday, November 19, 2014 8:59 AM