Products

Solutions

Resources

Partners

Community

About

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Password Formats

Return to previous page

  • 4/7/2015
  • 8379 Views

Comments

8379 Views

Password Formats

Last updated long time ago

Comments

Common

(Enter the content of this article below)

Advanced

 

Background

Since version 3.0 DotNetNuke's user membership is built upon (and extended from) Microsofts MembershipProvider classes that ship with asp.net.

These handle the storage and retrieval of user specific information, as well as the user's passwords. Version 3.0 and above shipped with encrypted passwords set by default, but version 7.1.0 changes to hashed passwords. Users can elects to change the default by editing the following value in web.config

passwordFormat="[Clear|Hashed|Encrypted]"

PasswordFormat values

The PasswordFormat property indicates the format that passwords are stored in. Passwords can be stored in Clear, Encrypted, and Hashed password formats. Clear passwords are stored in plain text, which improves the performance of password storage and retrieval but is less secure, as passwords are easily read if your data source is compromised. Encrypted passwords are encrypted when stored and can be decrypted for password comparison or password retrieval. This requires additional processing for password storage and retrieval, but is more secure, as passwords are not easily determined if the data source is compromised. Hashed passwords are hashed using a one-way hash algorithm and a randomly generated salt value when stored in the database. When a password is validated, it is hashed with the salt value in the database for verification. Hashed passwords cannot be retrieved.
Contents
No sections defined
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out