LogOn sequrity

Vote:
 

Hi all,

Do anybody know id there is a way to encrypt username and password when login into the system?

We use http and would like to avoid sending credentils in plain text.

Thank you in advance.

#136606
Sep 17, 2015 9:55
Vote:
 

Switch to https

#144066
Feb 04, 2016 23:48
Vote:
 

Episerver stores passwords hashed so np there. If you want encrypted network traffic use https. If you want to store username encrypted too, override standard membership provider methods and add encryption to username there. Dont normally do that though. Https and hashed passwords out of the box is usually good enough.

#144068
Feb 05, 2016 0:08
Vote:
 

Daniel are correct, the way for you to encrypt the communication is to use https.

If you want to implement the encryption and hash'ing by yourself there are a good article about it here:

https://crackstation.net/hashing-security.htm

#144073
Feb 05, 2016 7:18
This thread is locked and should be used for reference only. Please use the Episerver CMS 7 and earlier versions forum to open new discussions.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.