locked
Security of email addresses RRS feed

  • Question

  • User-962670764 posted

    How secure are email addresses in the asp.net  > aspnet_Membership table? My site does not contain a greaat deal of sensitive info, but I think that I have to at least give the users an idea of the level of security they can expect.

    Friday, June 3, 2011 2:12 AM

Answers

  • User-1856974186 posted

    Email addresses are stored in plain text. Passwords are hashed (assuming you haven't edited to the config to specify they also get stored in plain text). You're therefore at the mercy of your database security and who can access it. If that's an issue then you need to make sure you don't connect as the admin (ie no 'sa' in the connection string) and you lock down the SQL security so that the website user (ie the user in the connection string) doesn't have direct access to the tables, but only has access via the stored procedures.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, June 3, 2011 5:20 AM

All replies

  • User-1856974186 posted

    Email addresses are stored in plain text. Passwords are hashed (assuming you haven't edited to the config to specify they also get stored in plain text). You're therefore at the mercy of your database security and who can access it. If that's an issue then you need to make sure you don't connect as the admin (ie no 'sa' in the connection string) and you lock down the SQL security so that the website user (ie the user in the connection string) doesn't have direct access to the tables, but only has access via the stored procedures.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, June 3, 2011 5:20 AM
  • User-1561814533 posted

    If someone undesirable can get access to your database server then I imagine that email security is the least of your problems.

    Friday, June 3, 2011 5:23 AM