|
dev
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
storing the username and password informationI am developing a backup application.
I have a provision where users from different domain can login and then do backups. My question is ,once they login I need to store the info,i.e their username and password should be stored securely somewhere,so that whenever next time the backup runs it uses these stored credential to authenticate. I was thinking of using a xml file to store the iformation and do hashing to the password. But how do i retrieve the password back after hashing?? so that my backup application can use it again to authenticate? Is there any other way to do this? Thanks and regards Hi MVB,
When checking for the correct password you don't unhash the original password but rather hash the new one and compare the result. If the same, the password should be correct. -- Happy Coding! Morten Wennevik [C# MVP] The thing here is ,there won't be any new password.
The user will login just once and I have to save all these crendentials somwhere so that I can use the username and passwords lateron during backing up different domains Thanks and Regards Show quoteHide quote "Morten Wennevik" wrote: > Hi MVB, > > When checking for the correct password you don't unhash the original > password but rather hash the new one and compare the result. If the same, > the password should be correct. > > -- > Happy Coding! > Morten Wennevik [C# MVP] > Hashing isn't what you're looking for if you need to get the original
password back. What you'll need to look at are the one of the bidirectional encryption methods (symmetric or asymmetric). The issue that exists with these methods is that they rely on the storage of a "master" key that is used to encrypt and decrypt the password. You'll want to look at the Cryptography namespace for encryption and decryption of your user's information. Then how you store the master key will be up to you, but some of the available options are: use DPAPI, run your application under a specific identity then protect a file containing your key using the Encrypted File System, or perhaps run your application under an identity then use simple ACL protection on the file (there are lots of other options that I'm sure you can find references to). Just realize that storage of the key is likely to be the hardest part of this and that at a certain point you are going to have to make a choice between cost, robustness, security, and risk. Hope this helps. Have A Better One! John M Deal, MCP Necessity Software MVB wrote: Show quoteHide quote > The thing here is ,there won't be any new password. > The user will login just once and I have to save all these crendentials > somwhere so that I can use the username and passwords lateron during backing > up different domains > > Thanks and Regards > > > > "Morten Wennevik" wrote: > > >>Hi MVB, >> >>When checking for the correct password you don't unhash the original >>password but rather hash the new one and compare the result. If the same, >>the password should be correct. >> >>-- >>Happy Coding! >>Morten Wennevik [C# MVP] >>  
Other interesting topics
w3wp.exe locking DLL and PDB files.
Multithreading and RollBacks Starting up application from dll. Re-flunk-tion! ASP.NET 2.0 Maintain Scroll Position on PostBack with Mozilla FIREFOX in the works? ANN: Bob Powell's Beginners Guide to GDI+ Monitor (lock) Application Error Version of .Net.... .net framework 1.1 installation on Windows NT 4 with SBS |
|||||||||||||||||||||||
