WSE Authentication .. forces DB pwd to be stored plaintext!!!
From: Aaron Robson (aaron@funkyfroSPAMKILL.com)
Date: 02/21/03
- Next message: Roman Gallauner: "Re: Win32 LogonUser()"
- Previous message: Yama: "Re: URGENT!! Windows Authentication Problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Aaron Robson" <aaron@funkyfroSPAMKILL.com> Date: Thu, 20 Feb 2003 23:26:28 -0000
Hi,
I hope somebody can point me in the right direction on this.
I am trying to use WSE to authenticate my web service calls. I have it
working.
However, it seems like the IPasswordProvider implementation of GetPassword
must return the password in plaintext - I can see why, as it has to recreate
the hash, but this appears to be saying 'its ok to store everyones password
as plaintext in the database'.
So I now seem to be forced to choose either plaintext 'on the wire' and
encrypted in DB, or vice versa.
Obviously SSL could be used, but I was rather hoping to avoid this.
Any help appreciated.
Thanks
Aaron Robson
[Intrepid Noodle Ltd]
- Next message: Roman Gallauner: "Re: Win32 LogonUser()"
- Previous message: Yama: "Re: URGENT!! Windows Authentication Problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
