Hi,We have a web application that where the username and password are stored in the database.The password is stored as SHA1. We have just been through a security audit which deemed SHA1 to be not the saftest encryption algorithm.Is there any way we can update the passwords from SHA1 to base64?
SHA1 is an hash algorithm, so it is irreversible. Base64 is an encoding algorithm. Afaik there is no easy way to get your passwords back from their SHA1 hashes.
how can we develop against Https without purchasing a certificate?
Pros and cons here; if you are going to use it in a production environment then consider purchasing a certificate from a trusted authority. If not, you could generate a usable certificate using a tool like makecert [1].
[1] http://msdn2.microsoft.com/en-us/library/bfsktky3(VS.80).aspx HTH -- Efran Cobisi http://www.cobisi.com =================================== This list is hosted by DevelopMentorĀ® http://www.develop.com View archives and manage your subscription(s) at http://discuss.develop.com
