bri189a Posted March 18, 2004 Posted March 18, 2004 This is my first ASP.NET project... what is the best way to save user id and passwords for you database... the anyonomous user I guess would be hard coded in on the page itself, he/she would only have read permissions - is that the best way? But the admin, after he logs on should I store his user name and password in a cookie, session variable, or make it part of the ViewState object? What's the best practice? Thanks. Quote
Administrators PlausiblyDamp Posted March 18, 2004 Administrators Posted March 18, 2004 Storing usernames in the DB is ok, storing passwords is generally a bad idea - it is much better to hash the password and store the hash value. When somebody logs on you hash the password they enter and compare this with the hashed value in the DB. This way no plaintext passwords are stored and neither are the hashes reversible (i.e. you can't get a password back from a hash). If you are going to be authenticating users etc you probably want to look at Forms Authentication in .Net - it takes care of quite a bit of the hard work (like cookies etc) Quote Posting Guidelines FAQ Post Formatting Intellectuals solve problems; geniuses prevent them. -- Albert Einstein
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.