No idea how "Juan M. Oviedo's" question got intermingled with this thread. Weird, I tells ya ! ;-)
-- Cerebrus. Group Moderator. On Jun 11, 10:38 pm, "Scott K." <[email protected]> wrote: > A majority of websites show the answer to their user's security > question. Passwords are encrypted. It is overkill to encrypt the > security answer as well. How the hell did this thread get changed?!? > > On Jun 10, 2:54 pm, Brandon Betances <[email protected]> wrote: > > > > > Major security breach why would you want to do that? > > > On Wed, Jun 10, 2009 at 12:36 PM, Scott K. > > <[email protected]>wrote: > > > > I'm trying to figure out if there is a setting to allow PasswordAnswer > > > in the Membership table to be stored as plain text (PasswordQuestion > > > already is) while still having the PasswordFormat="hashed" and thereby > > > my Password encrypted. Below is an excerpt from my web.config for my > > > current membership settings. > > > > Much thanks. > > > > Scott > > > > <membership defaultProvider="AspNetMembershipProvider"> > > > <providers> > > > <remove name="AspNetMembershipProvider"/> > > > <add connectionStringName="LocalSqlServer" > > > enablePasswordRetrieval="false" > > > enablePasswordReset="true" > > > requiresQuestionAndAnswer="true" > > > applicationName="/ePass" requiresUniqueEmail="false" > > > passwordFormat="Hashed" > > > maxInvalidPasswordAttempts="5" > > > minRequiredPasswordLength="7" > > > minRequiredNonalphanumericCharacters="0" > > > passwordAttemptWindow="5" > > > passwordStrengthRegularExpression="" > > > name="AspNetMembershipProvider" > > > type="System.Web.Security.SqlMembershipProvider, > > > System.Web, Version=2.0.0.0, Culture=neutral, > > > PublicKeyToken=b03f5f7f11d50a3a" /> > > > </providers> > > > </membership>- Hide quoted text - > > > - Show quoted text -- Hide quoted text - > > - Show quoted text -
