CodeCharge Studio
search Register Login  

Web Reports

Visually create Web Reports in PHP, ASP, .NET, Java, Perl and ColdFusion.
CodeCharge.com

YesSoftware Forums -> CodeCharge Studio -> ASP.NET - InMotion Framework

 Using Encryption on passwords

Print topic Send  topic

Author Message
AndyGB4

Posts: 121
Posted: 04/22/2015, 8:20 AM

Hi,

I'm trying to use CodeCharge's Encryption feature on passwords but I can't get it to work.

In the documentation, it says to use "SecurityUtility.MD5({password})" as the Code Expression, but when I load the login page, it doesn't recognize SecurityUtility and I get an error:

CS0103: The name 'SecurityUtility' does not exist in the current context

Has anyone else gotten it to work? What have you done differently?
Is it better I used the Database function instead of the Code Expression, and if so, what function would I use? (My database is SQL Server)

Thanks,
- Andrew
View profile  Send private message
cvboucher

Posts: 189
Posted: 04/23/2015, 8:44 AM

This is what I used in CCS4/InMotion. Don't know if it changed in CCS5.

InMotion.Security.Cryptography.MD5({password})

Craig
View profile  Send private message
AndyGB4

Posts: 121
Posted: 04/23/2015, 10:54 AM

Thanks so much, that did the trick!

So now, when a user is created, to save their password I'd have to pass it through this:

InMotion.Security.Cryptography.MD5({password})

Is that correct? If not, what would I have to do?

Thanks again!
View profile  Send private message
eratech


Posts: 512
Posted: 04/23/2015, 7:49 PM

AndyGB4 - if you have the above in the Code Expression then it should use that expression to encrypt when you add a user - just use the 'Encrypt Password Action' to change the Password field before Insert.

Be aware though that MD5 is very old and anyone who gets your data will be able to read the passwords fairly easily - there are several MD5 tools that 'convert' MD5 hash back to plain text (NOT decrypt - just lookup in tables of all possible values)

A better hashing method is SHA256 with salt, and best (at the moment) is 'bcrypt', but both need to change the CCS coding so you need to get it very right or portions of code don't re-generate.

I had been working on a tutorial for upgrading CCS encryption as the CCS standard is very old and not great for modern password hashing. I might have to revisit that and get it publishable. Hard part is doing it *simply* in ASP.NET and PHP as they appear to be the most popular CCS languages. If it's too hard then it doesn't get used.

Cheers

Eric
_________________
CCS 3/4/5 ASP Classic, VB.NET, PHP
Melbourne, Victoria, Australia
View profile  Send private message
AndyGB4

Posts: 121
Posted: 04/24/2015, 5:45 AM

Thanks a lot Eric, I'll have to look into that some more then.

Let me know if you ever get that newer encryption working.
View profile  Send private message

Add new topic Subscribe to topic   


These are Community Forums for users to exchange information.
If you would like to obtain technical product help please visit http://support.yessoftware.com.

Internet Database

Visually create Web enabled database applications in minutes.
CodeCharge.com

Home   |    Search   |    Members   |    Register   |    Login


Powered by UltraApps Forum created with CodeCharge Studio
Copyright 2003-2004 by UltraApps.com  and YesSoftware, Inc.