c# - Get unencrypted password from MembershipProvider -
i'd user password unencrypted. how this?
public static string getcurrentuserpassword(string username) { membershipprovider p = (membershipprovider)membership.providers["default"]; membershipuser obj = membership.getuser(username); homecoming obj.getpassword(); } obj type : [telerik.sitefinity.security.model.user] = user "user1", id={59d9813c-f88e-4790-9f19-3145ba8347d1}, provider="default" password : "+hmreh/mzviiuvysm7+xdeoeqhi="
why expect able unencrypted password?
the think should able stored password utilize check validity of password user has entered. one-way hashing (and similar techniques) involves applying same transformation just-entered password (using same salt appropriate), , seeing whether end same hash.
you should not storing representation of password reversible. mean if attacker gained access database (and private keys), have access user's passwords straight - unacceptable, basically. (it wouldn't bad if used different password each resource protected, many people don't.)
c# asp.net telerik
No comments:
Post a Comment