Comments on: Authentication account Joomla on ASP.NET applications

By: RFID Reader

RFID Reader — Fri, 16 Apr 2010 19:17:25 +0000

Nice content. Thank you for your information.

By: free game download

free game download — Fri, 16 Apr 2010 15:47:43 +0000

Thanks for posting! I really enjoyed the report. I’ve already bookmark

this article.

By: free trial offer

free trial offer — Thu, 08 Apr 2010 11:03:18 +0000

Thanks a lot for the post!

By: Kiliman

Kiliman — Sat, 13 Mar 2010 08:02:08 +0000

I didn’t understand the concluding part of your article, could you please explain it more?

By: Mr.AD

Mr.AD — Wed, 10 Mar 2010 13:05:06 +0000

Hi,

Thanks for your comment !

Send me the link you ‘re talking about, please ! I want to know what the content it contained !

Thanks !

By: StUnT

StUnT — Wed, 10 Mar 2010 08:23:16 +0000

I am reading this article second time today, you have to be more careful with content leakers. If I will fount it again I will send you a link

By: loans

loans — Tue, 09 Mar 2010 03:58:36 +0000

I want to thank the blogger very much not only for this post but also for his all previous efforts. I found blog.microsync.net to be greatly interesting. I will be coming back to blog.microsync.net for more information.

By: Paco

Paco — Sat, 06 Mar 2010 23:15:40 +0000

1. The salt is not enough. The salt is also stored in the database, it makes brute forcing slower, but not slow enough to prevent it. Unless when you use a very large salt. Try the tools hackers use to test your own security. You can try the backtrack md5 tools, or rainbowtables.com
2. A random class without seeds can return the same value multiple times under certain conditions (example: iis app pool recycle). That makes the value predictable and useful for hackers. You can prevent this by using a seed, like new Random(DateTime.Now.Milliseconds). A better way is to call a security specific cryptography algorithm to create the salt, like: public string CreateSalt()
{
var rng = new RNGCryptoServiceProvider();
var buff = new byte[saltSize];
rng.GetBytes(buff);
return Convert.ToBase64String(buff);
}

3. I guess it makes dataaccess more complicated because you have to write code to combine the value and split the value. It’s less code and more readable code when just have separate fields in the database for the separate fields in your class.
4. When you just want to integrate with Joomla, please ignore my comments! I could better post them on the Joomla forum…

A site I created had better security than you describe, and it was hacked 3 years ago. The current version is much harder to hack

By: Mr.AD

Mr.AD — Sat, 06 Mar 2010 03:34:44 +0000

Hi,

Thanks for your comment !

1. Yes! So they add SALT to restrict exploration password.
2. That’s not my algorithm! It belongs to Joomla!
3. I am not sure but I guess it helps to access data is convenient.

My article just help someone who want to integrate a ASP.NET web application with Joomla !

By: Paco

Paco — Fri, 05 Mar 2010 15:04:11 +0000

1. MD5 is too easy to bruteforce now.
2. The random algorithm you use without seed is predictable.
3. What is the benefit of storing the password and salt in one field?