webfarm + machinekey + crypto/hashing
- From: joelkeepup <jnylund@xxxxxxxxx>
- Date: Wed, 23 Jul 2008 11:45:50 -0700 (PDT)
Hi, we have had an application live in production for 6 months, it
uses crypto/hashing in the following ways:
1- membership provider default password hash
2- membership provider security answer
3- viewstate mac (unknowingly)
4 - byte[] encryptedBytes = ProtectedData.Protect(encodedBytes,
EncryptionEntropy, DataProtectionScope.LocalMachine);
We want to move systems and put them in a webfarm.
We do NOT have machinekey defined in the web.config. Can someone tell
me are we hosed in all these cases? If we add a machine or move
machines, will we be able to hash passwords using same salt, hash
answers using same salt, and the data we have encrypted using #4 be
able to decrypt? What machinekey was used for these by default if we
didnt specify? Is hashing ok, but not encryption?
It seems like we can login on the new system, so somehow the hashing
must be portable....
thanks
Joel
.
- Prev by Date: Integrated Authentication and change user
- Next by Date: ScriptResource.axd is occasionally throwing Server Error (500) RSS
- Previous by thread: Integrated Authentication and change user
- Next by thread: ScriptResource.axd is occasionally throwing Server Error (500) RSS
- Index(es):
Relevant Pages
|
