Database Storage with the ASP.NET Web Matrix - Password security
(Page 6 of 6 )
A security measure often used when setting passwords is to enforce a minimum password length as the longer a password is, the longer it will take to crack it. Minimum length password enforcing can easily be worked into the existing page with just one more label and an extension of the If control structure on the code page.
In design view, drag a label control next to the first password box, set the ID to lblPasswordLengthError, the fore color to red and the Text value to nothing. Switch to the Code view and change the btnSubmit_Click sub as follows:
Sub btnSubmit_Click(sender As Object, e As EventArgs)
lblUsernameError.Text = ""
lblPasswordError.Text = ""
lblPasswordLengthError.Text = ""
if txtPassword.Text.Length < 7 then
lblPasswordLengthError.Text = "* Your password is not secure, please ensure
it is 7 characters or more"
Else If txtPassword.Text <> txtPassword2.Text Then
lblPasswordError.Text = "* Verify password must match password"
Else
NewUser(txtUsername.Text, txtPassword.Text)
End if
End Sub
Now passwords will need to be seven characters or more before the database will accept them.
It would be nice if we lived in a world where clear-text passwords could be stored safely in a database. Unfortunately however, we don’t. Using a hashing algorithm to encrypt the password before storing it in the database table is a common method of secure password storage. This is not unbeatable however, as a hacker may still be able to brute-force a hashed password if they can find this out by exploiting the database somehow. This is much more time consuming and will be an effective deterrent.
A minor change must be made to the Code view. You need to define a hashing method and write a method that will convert the contents of the password textbox into the hash before storing it. Change the btnSubmit_Click sub to the following:
Sub btnSubmit_Click(sender As Object, e As EventArgs)
lblUsernameError.Text = ""
lblPasswordError.Text = ""
lblPasswordLengthError.Text = ""
if txtPassword.Text.Length < 7 then
lblPasswordLengthError.Text = "* Your password is not
secure, please ensure it is 7 characters or more"
else if txtPassword.Text <> txtPassword2.Text Then
lblPasswordError.Text = "* Verify password must match
password"
Else
Dim hashMethod as string
hashMethod = "MD5"
Dim encryptPassword as string
encryptPassword = FormsAuthentication.HashPasswordForStoringInConfigFile
(txtPassword.Text, hashMethod)
NewUser(txtUsername.Text, encryptPassword)
End if
End Sub
The finished Design view should now appear like this:
Test the page and enter a username and password; now go to the Data Pane in the Web Matrix and view the table. The entered password show now be encrypted. If this failed, you may have forgotten to increase the maximum size of the Password column in the table.
So there you go, using the Web Matrix as your IDE can result in clean code and increased productivity. If you’re not using it already, maybe it’s something you should consider.
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
/ 10 
