Tech Off Thread

11 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

Pass hashed info through query string

Back to Forum: Tech Off
  • User profile image
    Remon

    Hey all , I am passing Hashed password from a server to another physical server. I had to use the query strong
    The problem is that hashed pass has special characters like linefeeds ... How can i do such thing ?

  • User profile image
    Pop Catalin Sever

    one posible way would be to encode it as base64 string using Convert class

  • User profile image
    Remon

    I am using 2005
    Can you give me a sample ?

  • User profile image
    Pop Catalin Sever

    static void Main(string[] args)

    {

    string toEncode = "This will be base64 encoded!";

    string encoded = Convert.ToBase64String(System.Text.Encoding.Default.GetBytes(toEncode));

    Console.WriteLine(encoded);

    }


    Be sure to have the same Defaul Encoder where you decode the string Wink

  • User profile image
    Remon

    Thank you Smiley I have been into my ears in this project, I just can see binaries now Smiley

    Thanks again Smiley

  • User profile image
    dwoodard

    Unless you are using SSL, you realize that this is not secure? A hacker wouldn't need to do anything but capture the hash and that would be as good as having the password itself.

  • User profile image
    Harlequin

    dwoodard wrote:

    Unless you are using SSL, you realize that this is not secure? A hacker wouldn't need to do anything but capture the hash and that would be as good as having the password itself.



    Yeah, if it's a form, maybe you can do a Server.Transfer or something to send the form elements somewhere else...

  • User profile image
    sbc

    You can't use Server.Transfer to transfer to pages on another server AFAIK.

  • User profile image
    Pop Catalin Sever

    dwoodard wrote:

    Unless you are using SSL, you realize that this is not secure? A hacker wouldn't need to do anything but capture the hash and that would be as good as having the password itself.



    well he said "pass hashed string" not encripted string Smiley it should be a diference. The first is not necesarly secure

  • User profile image
    dwoodard

    It doesn't matter if you are using HTTP GET or POST. If you are passing the hash on an un-encrypted channel, then the hash can be viewed and stolen.

    All that is being hidden is the plain text password. Which means that an attacker doesn't know your password, without cracking it. But if the hash is used for authentication or re-authentication then the attacker can simply pass the stolen hash around to get access.

    That is why I mentioned using SSL.

  • User profile image
    Maurits

    Remon wrote:
    Hey all , I am passing Hashed password from a server to another physical server. I had to use the query strong
    The problem is that hashed pass has special characters like linefeeds ... How can i do such thing ?


    What kind of hash uses special characters??

    Anyway, the usual way to do this is to URLEncode anything you put in the query string.

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.