At present, it is stored as plain text in the database. At the very least, I should encrypt it I guess. I was thinking of creating the user when I am importing the contacts via an SSIS import and then getting the user to change their password on first login. But the records are not in great shape. [EMAIL PROTECTED]
> Date: Thu, 3 Jan 2008 10:52:54 -0500> From: [EMAIL PROTECTED]> Subject: Re: > [ADVANCED-DOTNET] non authenticated security> To: > ADVANCED-DOTNET@DISCUSS.DEVELOP.COM> > Is this PIN stored in a database > somewhere, or do they have to re-enter it> after it "expires"?> > On Thu, 3 > Jan 2008 15:54:03 +0000, Paul Cowan <[EMAIL PROTECTED]> wrote:> > >Hi all,I > am migrating an ASP app. to an ASP.NET and have spotted a> potential security > hole.> >Most of the app. I am securing with Forms authentication but as > stands> they have another requirement where by users who are just contacts > who> exist in the system without a username or password can access certain> > parts of the site which are sensitive. They have been entered in the> system > by importing an excel or SAP feed. They have not been created via> the system > and as such do not have usernames or passwords.> >The way things stand at the > minute, the user gets redirected to a page> where they create a 4 digit pin > number which allows them to access the> system via another page.> >This seems > terrible to me.> >Can anyone think of a better way of handling this > situation?> >Cheers> >[EMAIL PROTECTED]> > >_________________________________________________________________> >Telly > addicts unite!> >http://www.searchgamesbox.com/tvtown.shtml> > >===================================> >This list is hosted by DevelopMentorĀ® > http://www.develop.com> >> >View archives and manage your subscription(s) at> > http://discuss.develop.com> > ===================================> This list > is hosted by DevelopMentorĀ® http://www.develop.com> > View archives and > manage your subscription(s) at http://discuss.develop.com _________________________________________________________________ Fancy some celeb spotting? https://www.celebmashup.com =================================== This list is hosted by DevelopMentorĀ® http://www.develop.com View archives and manage your subscription(s) at http://discuss.develop.com
