November Happy Hour will be moved to Thursday December 5th.

AI OnAI Off

LogOn sequrity

Vital Rudkouski
Vital Rudkouski
Vote:
 

Hi all,

Do anybody know id there is a way to encrypt username and password when login into the system?

We use http and would like to avoid sending credentils in plain text.

Thank you in advance.

#136606
Sep 17, 2015 9:55
Daniel Ovaska
Daniel Ovaska
Vote:
 

Switch to https

#144066
Feb 04, 2016 23:48
Daniel Ovaska
Daniel Ovaska
Vote:
 

Episerver stores passwords hashed so np there. If you want encrypted network traffic use https. If you want to store username encrypted too, override standard membership provider methods and add encryption to username there. Dont normally do that though. Https and hashed passwords out of the box is usually good enough.

#144068
Feb 05, 2016 0:08
Henrik Fransas
Henrik Fransas
Vote:
 

Daniel are correct, the way for you to encrypt the communication is to use https.

If you want to implement the encryption and hash'ing by yourself there are a good article about it here:

https://crackstation.net/hashing-security.htm

#144073
Feb 05, 2016 7:18
This thread is locked and should be used for reference only. Please use the Episerver CMS 7 and earlier versions forum to open new discussions.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.