AndyGB4
Posts: 122
|
Posted: 04/22/2015, 8:20 AM |
|
Hi,
I'm trying to use CodeCharge's Encryption feature on passwords but I can't get it to work.
In the documentation, it says to use "SecurityUtility.MD5({password})" as the Code Expression, but when I load the login page, it doesn't recognize SecurityUtility and I get an error:
CS0103: The name 'SecurityUtility' does not exist in the current context
Has anyone else gotten it to work? What have you done differently?
Is it better I used the Database function instead of the Code Expression, and if so, what function would I use? (My database is SQL Server)
Thanks,
- Andrew
|
|
|
cvboucher
Posts: 191
|
Posted: 04/23/2015, 8:44 AM |
|
This is what I used in CCS4/InMotion. Don't know if it changed in CCS5.
InMotion.Security.Cryptography.MD5({password})
Craig
|
|
|
AndyGB4
Posts: 122
|
Posted: 04/23/2015, 10:54 AM |
|
Thanks so much, that did the trick!
So now, when a user is created, to save their password I'd have to pass it through this:
InMotion.Security.Cryptography.MD5({password})
Is that correct? If not, what would I have to do?
Thanks again!
|
|
|
eratech
Posts: 513
|
Posted: 04/23/2015, 7:49 PM |
|
AndyGB4 - if you have the above in the Code Expression then it should use that expression to encrypt when you add a user - just use the 'Encrypt Password Action' to change the Password field before Insert.
Be aware though that MD5 is very old and anyone who gets your data will be able to read the passwords fairly easily - there are several MD5 tools that 'convert' MD5 hash back to plain text (NOT decrypt - just lookup in tables of all possible values)
A better hashing method is SHA256 with salt, and best (at the moment) is 'bcrypt', but both need to change the CCS coding so you need to get it very right or portions of code don't re-generate.
I had been working on a tutorial for upgrading CCS encryption as the CCS standard is very old and not great for modern password hashing. I might have to revisit that and get it publishable. Hard part is doing it *simply* in ASP.NET and PHP as they appear to be the most popular CCS languages. If it's too hard then it doesn't get used.
Cheers
Eric
_________________
CCS 3/4/5 ASP Classic, VB.NET, PHP
Melbourne, Victoria, Australia |
|
|
AndyGB4
Posts: 122
|
Posted: 04/24/2015, 5:45 AM |
|
Thanks a lot Eric, I'll have to look into that some more then.
Let me know if you ever get that newer encryption working.
|
|
|
|