Wrox Programmer Forums
ASP.NET 1.0 and 1.1 Professional For advanced ASP.NET 1.x coders. Beginning-level questions will be redirected to other forums. NOT for "classic" ASP 3 or the newer ASP.NET 2.0 and 3.5
Welcome to the p2p.wrox.com Forums.

You are currently viewing the ASP.NET 1.0 and 1.1 Professional section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
Old July 27th, 2006, 05:27 AM
Authorized User
Join Date: May 2006
Posts: 10
Thanks: 0
Thanked 0 Times in 0 Posts
Default How to encrypt and decrypt a pwd in vb.net


           i need to encrypt a password and has to save it in sql server.if any know this please help me its very urgent.

                                Thanks in advance,


Old July 27th, 2006, 06:19 AM
Authorized User
Join Date: Apr 2006
Posts: 79
Thanks: 1
Thanked 0 Times in 0 Posts
Send a message via AIM to anujrathi Send a message via MSN to anujrathi Send a message via Yahoo to anujrathi

Hi varsha,

I hope when u want to save passwords in SQL Server, then no need to encrypt them. Bcoz only admin can handle the database. How ever if u want to save user names & passwords in web.config then it will be necessacary. Now the days there r several algorithms so that u can encrypt ur password like DES or Tripple DES. .NET also gives builtin SHA1 & MD5algo.

First suppose u r saving ur passwords in web.config,
<credentials passwordFormat="SHA1" >
<users name=first password="25FDHS252GF5HGF58RT2H5">
For generating the password u will use a seperate procedure HashPasswordForStoringInConfigFile() of FormsAuthentication Class.

u can use it as;
strhashValue = FormsAuthentication.HashPasswordForStoringInConfig File(txtPassword.Text,"SHA1" or "MD5");

I hope, now u hav a good idea about it.


Anuj Rathi
Old July 27th, 2006, 02:03 PM
Wrox Author
Join Date: Oct 2005
Posts: 4,104
Thanks: 1
Thanked 64 Times in 64 Posts
Send a message via AIM to dparsons

It is a good practice to encrypt your data...even if your storing it in a Database. Living under the premis that "You dont need to encrypt passwords because only the admin can handle the database" is truly giving you a false sense of security.

Harshaghanta: Remember that MD5 is a one-way encryption, e.g., there is no easy way to convert the encrypted string back into plain text. For slightly less sensitive data you could also opt to use a Base64 encoded string.

"The one language all programmers understand is profanity."
Old July 27th, 2006, 03:21 PM
Imar's Avatar
Wrox Author
Join Date: Jun 2003
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts

Exactly. Imagine a conflict with your DBA that threatens to steal your database if you fire him / her??

Security is not just about keeping people out. It's also about keeping data safe from people at the inside....

Imar Spaanjaars
Everyone is unique, except for me.
Author of ASP.NET 2.0 Instant Results and Beginning Dreamweaver MX / MX 2004
Old July 27th, 2006, 03:57 PM
Registered User
Join Date: Jul 2006
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts

There is a good article on encrypting passwords for databases here: http://aspnet.4guysfromrolla.com/articles/103002-1.aspx
and an expansion on that theme here: http://aspnet.4guysfromrolla.com/articles/112002-1.aspx

Similar Threads
Thread Thread Starter Forum Replies Last Post
ASP.NET control to encrypt data ? ScottHW ASP.NET 2.0 Basics 2 September 14th, 2007 07:53 AM
encrypt and decrypt query string hanusoftware ASP.NET 2.0 Professional 1 July 16th, 2007 04:53 AM
encrypt and decrypt fuadlutfi85 Pro JSP 0 July 5th, 2007 09:00 PM

Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.