A majority of websites show the answer to their user's security question. Passwords are encrypted. It is overkill to encrypt the security answer as well. How the hell did this thread get changed?!?
On Jun 10, 2:54 pm, Brandon Betances <[email protected]> wrote: > Major security breach why would you want to do that? > > On Wed, Jun 10, 2009 at 12:36 PM, Scott K. > <[email protected]>wrote: > > > > > > > I'm trying to figure out if there is a setting to allow PasswordAnswer > > in the Membership table to be stored as plain text (PasswordQuestion > > already is) while still having the PasswordFormat="hashed" and thereby > > my Password encrypted. Below is an excerpt from my web.config for my > > current membership settings. > > > Much thanks. > > > Scott > > > <membership defaultProvider="AspNetMembershipProvider"> > > <providers> > > <remove name="AspNetMembershipProvider"/> > > <add connectionStringName="LocalSqlServer" > > enablePasswordRetrieval="false" > > enablePasswordReset="true" > > requiresQuestionAndAnswer="true" > > applicationName="/ePass" requiresUniqueEmail="false" > > passwordFormat="Hashed" > > maxInvalidPasswordAttempts="5" > > minRequiredPasswordLength="7" > > minRequiredNonalphanumericCharacters="0" > > passwordAttemptWindow="5" > > passwordStrengthRegularExpression="" > > name="AspNetMembershipProvider" > > type="System.Web.Security.SqlMembershipProvider, > > System.Web, Version=2.0.0.0, Culture=neutral, > > PublicKeyToken=b03f5f7f11d50a3a" /> > > </providers> > > </membership>- Hide quoted text - > > - Show quoted text -
