|
So where do you get the error? That should gve some clue.
Bob
Ashfield Consultants Ltd
|
|
|
|
|
Hi,
I am developing a Windows application which has login form where user can enter userid & password. The same will be checked against the database for verification.
I want to know how the password should be stored in database in Encrypted format? Also, how to retrive such encrypted data in WinForm?
I am currently using SQL 2005 as database. Later the database may changed to Oracle 10g. Will the database change affect the coding at UI level?
If anyone can give me any suggestions on the same, that would be great.
Thanks in advance
HR
|
|
|
|
|
A common way of doing this is by using a one-way hash on the password before storing in the database. You can use this:
FormsAuthentication.HashPasswordForStoringInConfigFile
to do that. When the user enters a password, its hashed again and the hashes are compared. Using this approach though, you can never get back to plain text password. If a user forgets it, a new one must be created.
Regards,
Rob Philpott.
|
|
|
|
|
What's the best way for an application to store credentials if they need to be recoverable (for transmission elsewhere)? One-way hashes are great if all the application has to do is validate credentials when they are re-entered. But what about when some other device will need the real credentials?
|
|
|
|
|
You could use an encryption algorithm one-way on the "less secure" server, treating the result like you would a hash. Your "more secure" server could then decrypt a token from the "less secure" server to retrieve the password.
This lets you keep only the public half of the key on the "less secure" server. Presumably you'd also be salting the password, which the "more secure" server could ignore.
|
|
|
|
|
You could use an encryption algorithm one-way on the "less secure" server, treating the result like you would a hash. Your "more secure" server could then decrypt a token from the "less secure" server to retrieve the password.
You're suggesting using a public key cryptosystem, where the intended recipient of the key knows half of the key and the entity storing the key knows the other? That would be a nice approach if the recipient of the key could handle the public key cryptography. Unfortunately, the recipient has no such facilities. It needs the credentials (sent via serial port, not Internet) in clear form.
Security by Obscurity may be the only workable approach (the machine that will legitimately communicate with the recipient must have all the information an impostor would need) but there's still a huge gap between approaches that can be undone in five minutes with a disassembler and those that would take much longer. My guess is that any approach that would be hard to break would take impractically long to implement, but perhaps there are some good methods I don't know about.
|
|
|
|
|
In my project requirement was same as of your. There is two approach two encrypt as the code level & database level, but I took the code level approach. Although I am not an expert in this area would like to know whether my approach was correct or not also it may answer your query.
I used some class provided by .NET framework.
private static string Encrypt(string originalString)
{
DESCryptoServiceProvider cryptoProvider = new DESCryptoServiceProvider();
MemoryStream memoryStream = new MemoryStream();
CryptoStream cryptoStream = new CryptoStream(memoryStream, cryptoProvider.CreateEncryptor(bytes, bytes), CryptoStreamMode.Write);
StreamWriter writer = new StreamWriter(cryptoStream);
writer.Write(originalString);
writer.Flush();
cryptoStream.FlushFinalBlock();
writer.Flush();
return Convert.ToBase64String(memoryStream.GetBuffer(), 0, (int) memoryStream.Length);
}
Now the returned string is in encrypted format & can be inserted in the database.
modified on Thursday, July 31, 2008 2:33 AM
|
|
|
|
|
What kind of timeframe do you need to hang on to the cleartext? Can you just hold it in memory for the duration of the session with the "less secure" server - handing it out to the serial box when necessary?
Otherwise if you have to persist it at all, then I agree with the obscurity approach - use some trivial encryption as a deterrant to someone who's ended up with a database backup tape but somehow not the whole app. Not that it should make you feel comfortable - obviously if the server is capable of retrieving the cleartext then it may as well be cleartext
|
|
|
|
|
Hi
Some time ago I created a Linq2Sql DBML file. Now I want to create the same database on a test server without having access to the original DB. Is there any way to create the database from this file without doing it manually?
Thanks in advance.
Greetz!
M.T.
|
|
|
|
|
Unfortunately, there is no way to create a database file from a DBML file.
Best Regards,
Sam Xavier
www.componentone.com
|
|
|
|
|
Okay. Thanks
By now I already did it manually
Greetz!
M.T.
|
|
|
|
|
The generated ModelNameDataContext class has a CreateDatabase Method. This creates the database with the tables in the model.
Best regards,
MisterX44.
|
|
|
|
|
I can't quite decide where this belongs, because of what I'm trying to do. I'm not actually creating a website / webpage etc. so I'm not sure it belongs in ASP.NET forum, and I'm not actually trying to do anything (yet) with the database, so not SqlServer forum.
What I am trying to do is.... pass an ASP.NET webpage an XML message for it to then call a dll and create / populate / return and SqlServerCE datafile.
So far, I have the flag set to allow ASP.NET to work with Mobile databases, I've got that far. I've installed the .NET Framework 3.5 on the server, but when I try to make a call to an SqlCeConnection object, I get an error about not being able to find the assembly System.Data.SqlServerCe 3.5.0.0. What am I missing to be able to communicate?
|
|
|
|
|
hammerstein05 wrote: I get an error about not being able to find the assembly System.Data.SqlServerCe 3.5.0.0. What am I missing to be able to communicate?
The obvious answer based on your post is "the assembly". So either you don't have the correct version installed or your runtime environment isn't looking where you installed it. So I imagine some reading of the different parts of your runtime environment and how they locate assemblies. Keep security issues in mind as they can play into locating assemblies when it comes to things like using the GAC.
Also it's always a good idea to post the exact error message rather than your interpretation of it.
led mike
|
|
|
|
|
The most obvious answer was indeed the answer. My understanding of the .NET framework grew a little today. In order to have the SqlServerCe assembly available, I didn't need to have the .NET Framework 3.5 installed, I need to have Sql Server Mobile 3.5 installed. With that installed, and the flag set in the ASP.NET script I'm now happily manipulating mobile databases. Just for the record though, I'm not trying to write ASP.NET websites using mobile databases, I understand the limitations. I'm using the pages to call from a mobile application.
|
|
|
|
|
Hi,
I'm having a problem with writing a file on my desktop using VB.NET ...
I'm in a domain and the problem can be solved by running the program locally.
But I want it to run when I log on to my domain ...
It has something to do with the assemblies !!!
anybody who can help me to fix this problem ?
here is the link to the screenshot
http://www.plaatjesupload.nl/bekijk/2008/07/28/1217248063-140.jpg[^]
|
|
|
|
|
Don't cross post/repost...
"The clue train passed his station without stopping." - John Simmons / outlaw programmer
"Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon
|
|
|
|
|
I did it because I think people who know a lot of the .NET framework might know the solution ...
|
|
|
|
|
problem solved ...
I reprogrammed it in visual studio 2003 instead of visual studio express 2008
|
|
|
|
|
I created C# application that connects to MS Access Database
I compiled, built, and ran the application, and everything went well
Then I copied the *.exe file to another folder and other computers
I ran it many times with no problems
But, sometimes it does not work and displays the message (Unable to find a version of the runtime to run this application)
And this problem is not solved till I rebuild the source code again
I rebuild and run for 10s of times and the problem appears again
What is the source of such aproblem, and what is the true solution
foreach(Minute m in MyLife)
myExperience++;
modified on Monday, July 28, 2008 3:32 AM
|
|
|
|
|
When you are not sure if client computer has necessary all .dll's, runtimes etc. installed, you should make setup project for your application.
In setup project you can deal with prerequisites.
This is highly unlikely, but stranger things happened to me,
do you have some .dll's in your bin directory? Perhaps you forgot to copy them.
Edit: I've read your personal info after I've posted my answer, so please excuse me for patronizing tone; as I've said, stranger things had happened to me and to my local Gandalfs.
|
|
|
|
|
First of all, thanks for your reply
I post this qustion along time ago with no response
Oshtri Deka wrote: do you have some .dll's in your bin directory? Perhaps you forgot to copy them.
you will be surprized when you know that this problem occurs with the executable file even while running from the bin directory itself
another thing I recently noticed, is that th file size changes
when it runs proberly its size is 452 kb
when it fails, its size becomes 484 kb
Oshtri Deka wrote: so please excuse me for patronizing tone; as I've said, stranger things had happened to me and to my local Gandalfs.
Do not mention it, thanks for your thoughtfullness and help
foreach(Minute m in MyLife)
myExperience++;
|
|
|
|
|
Mohammed Gouda wrote: when it runs proberly its size is 452 kb
when it fails, its size becomes 484 kb
Scan a target computer with an antivirus software (e.g. free Avast[^]).
Greetings - Gajatko
Portable.NET is part of DotGNU, a project to build a complete Free Software replacement for .NET - a system that truly belongs to the developers.
|
|
|
|
|
It seems to be really a virus activity, in spite of I scanned my machine and got none infected files
But, I discovered the problem source
The executable file is opened somehow and some bytes are appended making it unusable.
So, the simple solution I did is ....
... I put the file in the READ ONLY access mode
Now, everything works well
Thanks to all participants
foreach(Minute m in MyLife)
myExperience++;
|
|
|
|
|
This doesn't concern you?
Wow.
Mark Salsbery
Microsoft MVP - Visual C++
|
|
|
|