Jump to content

Recommended Posts

Posted

the .NET Cloud API requires a pc monitor username and password. i want to make it more flexible and provide the username/password as a commandline parameter - is there a possibility to use MD5 hashes instead of the clear-text username and password?

Posted

We cannot make this change as the server expects the clear password.

But you can as you are in control of the app that uses the API - send the username/password as encrypted arguments that your app will decrypt before sending them to the server.

Posted

i know it would depend on the servers capabilities - maybe a general improvement in the server for the future acception cleartext user/pass OR md5.

yes, an encryption/decryption between control and api is the second best solution and i will use it but everything that is decryptable is decryptable and therefor not as secure as a one-way encryption like MD5.

Posted

We only store a salted SHA1 password in the database and in order to validate it the server needs the clear password.

  • Administrators
Posted

"Even if you store a MD5 encoded password, the hash itself will become your account password and it will be stored as clear text in your cloud instance."

-Marius

I had this idea once too. I've quoted the answer.

Paul.

Posted

i do not agree completely. yes, the hash represents my password but i can only use it with authentication api's that allow using the hash and not everywhere, for instance at the web app or in the mobile apps. but when someone has my real password he can use it everywhere.

my idea was to accept the hash as logon password only with machanisms where an automated login is required, not everywhere. the Cloud API is such a thing.

but the facts are clear now that marius explained so i will use an alternative.

by the way, paul, i have read many of your posts in here and i thought many times this guy is a genious in really understanding the things. keep on!

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...