This time, I would like to share with you, few of my ideas on Encryption and Decryption and more over would like to know what could be the challenges if I follow this while dealing with Password code. I thought, it would be a good idea to put it in the blog and participate in this discussion.
Baseline: WHY TO USE DECRYPTION, WHEN WE CAN MANAGE THE CODE WITH JUST ENCRYPTION. (Specific to only scenarios where we go for Decryption even if it is not necessary)
First thing first: There are several functions and we can create our own encryption functions, however, we have direct functions to encrypt the text and submitt it. i.e.,
FormsAuthentication.HashPasswordForStoringInConfigFile(txtPassWord.Text, "SHA1");
Lets take a simple example of a Registration Screen and Login Screen.
Simple Registration Screen:
If we think about this, we can have just a Username, Password, DOB. (we can have many more but as we are considering simple Registration Form, I am just considering this)
We need to take care of the following:
- Username should be Unique.
- Password should be encrypted while submitting the data to the back-end and
- Any other field such as DOB for verification in case of forgotton password or something else
As I am now confined to with Encryption and Decryption, in this blog, I will worry about only the highlighted thing i.e., "Password should be encrypted while submitting the data to the back-end".
In such scenarios where there is a Registration Form and a Login Form, and where we need to submit the data and need to retrieve the submitted data, using Decryption doesn't make any sense (no offence on making this sentence) because of the following strong reason.
* Not safe to transfer the clear text to the server due to theft and more over Password is the only way to secure and have to be very keen about securely providing the information while sending through electronically.
Simple Login Screen:
If we think about this, we can have just a Username, and Password only.
For this, we need to take care of the following:
•Username should be Unique.
•Password from the Database should be decrypted while checking the login information with the data which is already there in the back-end server.
As I am now confined to with Encryption and Decryption, in this blog, I will worry about only the highlighted thing i.e., "Password from the Database should be decrypted while checking the loging information with the data which is already there in the back-end server.".
We now need to ensure, that the login information matches with one of the records in the Back-end server, hence for this, we usually decrypt the Password residing in the server and then bring it to the Front-end and compare the Clear text value, which is not safe, instead, if we encrypt the login information and compare the encrypted values at the server, and based on the match we will redirect the user to the corresponding pages.
Transffering the sensitive information electronically is not safe atleast to some extent, and hence I prefer to encrypt the login information and compare the encrypted values at the Back-end server as it is going to be a one time job (as mentioned in the specific scenarios only).
Hence, I think "Why Decryption when we can go for Encryption in ASP.NET".
Any comments or contradictions, please feel free to put it here.
Everyday is a learning day.
Date Changes, Month Changes, Year Changes, Be Yourself, No Matter What ever Changes......!
No comments:
Post a Comment
Please Leave Your Comments Here On This Post.....