sloLearner
04-17-2007, 10:11 AM
Hi - I've been asked by a friend to build a simple, but secure password system using ASP. I'm using this as an excuse to learn ASP, and being as I'm familiar with PHP, Javascript etc, I'm hoping this will be quite easy. The username and password will simply be checked with the username and passwords kept in a database, and a session variable will be set to register that user as being logged in.
However, if I was using PHP I'd be using hashing functions like sha1() to make it all a bit more secure... First question... are there similarly easy ways to hash the password in ASP?
Secondly, we're wondering whether it's worth using SSL for this (although it might be a tad OTT). I'm just wondering if people could advise me on whether it's even worth trying to learn the ins and outs of SSL (not something I've done before), or whether it's even worth using SSL on such a basic system (ie I realise SSL could slow the system down etc.), or whether it's wise just to leave security to simple hashing.
Any thoughts/help would be very very much appreciated! :D
However, if I was using PHP I'd be using hashing functions like sha1() to make it all a bit more secure... First question... are there similarly easy ways to hash the password in ASP?
Secondly, we're wondering whether it's worth using SSL for this (although it might be a tad OTT). I'm just wondering if people could advise me on whether it's even worth trying to learn the ins and outs of SSL (not something I've done before), or whether it's even worth using SSL on such a basic system (ie I realise SSL could slow the system down etc.), or whether it's wise just to leave security to simple hashing.
Any thoughts/help would be very very much appreciated! :D