I.P. Posted July 12, 2012 Posted July 12, 2012 the .NET Cloud API requires a pc monitor username and password. i want to make it more flexible and provide the username/password as a commandline parameter - is there a possibility to use MD5 hashes instead of the clear-text username and password?
Marius Posted July 13, 2012 Posted July 13, 2012 We cannot make this change as the server expects the clear password. But you can as you are in control of the app that uses the API - send the username/password as encrypted arguments that your app will decrypt before sending them to the server.
I.P. Posted July 13, 2012 Author Posted July 13, 2012 i know it would depend on the servers capabilities - maybe a general improvement in the server for the future acception cleartext user/pass OR md5. yes, an encryption/decryption between control and api is the second best solution and i will use it but everything that is decryptable is decryptable and therefor not as secure as a one-way encryption like MD5.
Marius Posted July 13, 2012 Posted July 13, 2012 We only store a salted SHA1 password in the database and in order to validate it the server needs the clear password.
Administrators Paul Posted July 13, 2012 Administrators Posted July 13, 2012 "Even if you store a MD5 encoded password, the hash itself will become your account password and it will be stored as clear text in your cloud instance." -Marius I had this idea once too. I've quoted the answer. Paul.
I.P. Posted July 13, 2012 Author Posted July 13, 2012 i do not agree completely. yes, the hash represents my password but i can only use it with authentication api's that allow using the hash and not everywhere, for instance at the web app or in the mobile apps. but when someone has my real password he can use it everywhere. my idea was to accept the hash as logon password only with machanisms where an automated login is required, not everywhere. the Cloud API is such a thing. but the facts are clear now that marius explained so i will use an alternative. by the way, paul, i have read many of your posts in here and i thought many times this guy is a genious in really understanding the things. keep on! Paul 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now