Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...How to implement MD5 secured login without SSLHow to implement MD5 secured login without SSL
Previous
 
Next
New Post
5/21/2008 4:36 AM
 
Iadalang Pyngrope

Joined: 6/20/2007
Posts: 102

I need to provide MD5 secured login without SSL enabled.

Why this is needed: Hackers can sniff your connection for outgoing packets. If your password is in clean text, your site can be easily hacked as DNN's admin is purely web based.

I need to encrypt login password with a salt generated from server before sending to server for authentication. So even if someone is sniffing my connection, he will get an encrypted string (with salt).

Would be grateful if someone can provide me the way to do it.
 
New Post
5/27/2008 4:32 AM
 
Iadalang Pyngrope

Joined: 6/20/2007
Posts: 102

No takers till now. So let me rephrase it a bit :

My DNN site never got thru internal audit. One reason cited for this was that the password was sent in clear text. I know I'll be better off with SSL, but I'm just worried about the scenario where my host might not enable or even allow SSL support. So, what I'd like to know is how to configure the AspNetSqlMembershipProvider not just to store the password in the database in hashed or encrypted form, but also to encrypt or hash the password sent over the wire when SSL is not enabled. More specifically, what client-side JavaScript needs to be written to mask (or even hide the password being transmitted) and I suppose this JS function also needs to match the storage format for the password on the server, i.e., Hashed (SHA1), or Encrypted (Triple-DES) and what .vb file has to be modified to call this JavaScript function? In fact, I'm surprised why this kind of thing was never included with DotNetNuke in the first place, it would have made life for newbies like me a lot more pleasant. In fact, even client-side validation for a number of core modules in DNN seems to be lacking which is another reason why my DNN site was unable to get thru internal security audit. I hope someone will now be willing to offer some tips.
 
New Post
5/27/2008 5:16 AM
 
Sebastian Leupold


Sebastian Leupold's Avatar

Sebastian Leupold's Avatar

Sebastian Leupold's Avatar

Sebastian Leupold's Avatar

www.dnnwerk.de
Joined: 3/8/2004
Posts: 46212

please check out MSDN for options of the MS membership component, but I am not aware of a feature like client side encryption. IMO using SSL would be more secure and appropriate.

Cheers from Germany,
Sebastian Leupold

dnnWerk - The DotNetNuke Experts   German Spoken DotNetNuke User Group

Speed up your DNN Websites with TurboDNN
 
New Post
5/27/2008 8:07 AM
 
Iadalang Pyngrope

Joined: 6/20/2007
Posts: 102

Thank you, Sebastian.

In this connection, I would like to know whether Windows Live authentication would solve my problem as it looks like you can login only if you have associated a Windows LiveID with your User Account and the secret key and Application ID seem to be the key mechanisms to thwart off any eavesdropping attacks based on the clear text password currently being transmitted.

Further, say my present LiveID-enabled site is hosted on a staging server and after it has passed the mandatory internal security audit, it is then hosted in the production server, necessitating a change in my Return URL. Would I then be able to edit my existing (registered) Return URL setting in https://msm.live.com/app/default.aspx or do I have to re-register my application?

Last but not the least, I've not seen any option to associate a Windows LiveID with my User Account on www.dotnetnuke.com. Is this something that only an Administrator can do?

 
 
New Post
5/30/2008 9:13 AM
 
Iadalang Pyngrope

Joined: 6/20/2007
Posts: 102

Well, anyone?
 
 Page 1 of 2
12Next 
Previous
 
Next
HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...How to implement MD5 secured login without SSLHow to implement MD5 secured login without SSL


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out