Remove From My Forums

Preventing or Securing Password Textbox from Capturing

Question
0

Sign in to vote

User1449651191 posted

Hello

I have a system which is using LDAP for authentication, I don't store their passwords in my db and I need a way that no one later can add simple line to store users password in a file or anywhere.

way that no one later can add simple line to store users password in a file or anywhere.

The application is running in intranet and I don't want to use SSL(TSL).

it is very simple to capture the password for example

catpure.text = txtpassword.text;

I need to not allow anyone to do this.

any IDEA?

Thanks

Monday, October 10, 2016 10:16 PM

All replies

0

Sign in to vote

User347430248 posted

Hi almayahi,

you had mentioned that you don't want to use SSL.

is there any problem with using SSL?

if you don't implement SSL and try to use some other encryption method or something like that.

then also some one can add the code and get the password.

how you hosted your system?

many persons can access it and able to change it?

if so then why don't you think about make your code for this authentication non accessible to any other person except you.

Regards

Deepak

Tuesday, October 11, 2016 12:48 AM
0

Sign in to vote

User-654786183 posted

There is no easier/straight forward way to do this without SSL. But SSL also, helps to encrypt the password/data during communication.

it is very simple to capture the password for example

catpure.text = txtpassword.text;

If you are talking about C# code here, then whoever have access to the code can access the password. You have to really consider Single Sign-On(SSO) as your application is intranet.

https://msdn.microsoft.com/en-us/library/ms972971.aspx

Tuesday, October 11, 2016 12:58 AM
0

Sign in to vote

User1449651191 posted

Dear Deepak

It is a local system, the organization idea to not use SSL for local systems which is not published online.

Tuesday, October 11, 2016 9:01 PM
0

Sign in to vote

User1449651191 posted

I will check your idea for SSO , I am currently using LDAP (active directory) as source of accounts.

There is no easier/straight forward way to do this without SSL. But SSL also, helps to encrypt the password/data during communication.

almayahi@hotmail.com

it is very simple to capture the password for example

catpure.text = txtpassword.text;

If you are talking about C# code here, then whoever have access to the code can access the password. You have to really consider Single Sign-On(SSO) as your application is intranet.

https://msdn.microsoft.com/en-us/library/ms972971.aspx

Tuesday, October 11, 2016 9:06 PM
0

Sign in to vote

User347430248 posted

Hi Almayahi,

Did you try SSO? as suggested by other community member?

did it worked for you?

is it solved your issue so that nobody can try to copy and save the password?

Regards

Deepak

Monday, October 17, 2016 9:04 AM
0

Sign in to vote

User1449651191 posted

Hello Deepak

I didn't do it.

Thanks

Hi Almayahi,

Did you try SSO? as suggested by other community member?

did it worked for you?

is it solved your issue so that nobody can try to copy and save the password?

Regards

Deepak

Tuesday, October 18, 2016 9:32 PM

Asked by:

Preventing or Securing Password Textbox from Capturing

Question

All replies

almayahi@hotmail.com