Comments for MicroSYNC Network Blog

Comment on Authentication account Joomla on ASP.NET applications by Mr.AD

Mr.AD — Wed, 10 Mar 2010 13:05:06 +0000

Hi,

Thanks for your comment !

Send me the link you ‘re talking about, please ! I want to know what the content it contained !

Thanks !

Comment on Authentication account Joomla on ASP.NET applications by StUnT

StUnT — Wed, 10 Mar 2010 08:23:16 +0000

I am reading this article second time today, you have to be more careful with content leakers. If I will fount it again I will send you a link

Comment on Hello world! by Koobalou

Koobalou — Tue, 09 Mar 2010 10:11:43 +0000

Definitely excited to see more people started blogs, I love reading them. I have yours added to my bookmark list & will be back soon to see if you’ve made some progress.

Comment on Authentication account Joomla on ASP.NET applications by loans

loans — Tue, 09 Mar 2010 03:58:36 +0000

I want to thank the blogger very much not only for this post but also for his all previous efforts. I found blog.microsync.net to be greatly interesting. I will be coming back to blog.microsync.net for more information.

Comment on Retrieving the COM class factory for component with CLSID {} failed due to the following error: 8007007e by TeenAutoInsurance

TeenAutoInsurance — Mon, 08 Mar 2010 15:13:47 +0000

Your webpage is definitely full of great tips and also is actually extremely fun to take a look at.

Nicely carried out.

Comment on Authentication account Joomla on ASP.NET applications by Paco

Paco — Sat, 06 Mar 2010 23:15:40 +0000

1. The salt is not enough. The salt is also stored in the database, it makes brute forcing slower, but not slow enough to prevent it. Unless when you use a very large salt. Try the tools hackers use to test your own security. You can try the backtrack md5 tools, or rainbowtables.com
2. A random class without seeds can return the same value multiple times under certain conditions (example: iis app pool recycle). That makes the value predictable and useful for hackers. You can prevent this by using a seed, like new Random(DateTime.Now.Milliseconds). A better way is to call a security specific cryptography algorithm to create the salt, like: public string CreateSalt()
{
var rng = new RNGCryptoServiceProvider();
var buff = new byte[saltSize];
rng.GetBytes(buff);
return Convert.ToBase64String(buff);
}

3. I guess it makes dataaccess more complicated because you have to write code to combine the value and split the value. It’s less code and more readable code when just have separate fields in the database for the separate fields in your class.
4. When you just want to integrate with Joomla, please ignore my comments! I could better post them on the Joomla forum…

A site I created had better security than you describe, and it was hacked 3 years ago. The current version is much harder to hack

Comment on Authentication account Joomla on ASP.NET applications by Mr.AD

Mr.AD — Sat, 06 Mar 2010 03:34:44 +0000

Hi,

Thanks for your comment !

1. Yes! So they add SALT to restrict exploration password.
2. That’s not my algorithm! It belongs to Joomla!
3. I am not sure but I guess it helps to access data is convenient.

My article just help someone who want to integrate a ASP.NET web application with Joomla !

Comment on Authentication account Joomla on ASP.NET applications by Paco

Paco — Fri, 05 Mar 2010 15:04:11 +0000

1. MD5 is too easy to bruteforce now.
2. The random algorithm you use without seed is predictable.
3. What is the benefit of storing the password and salt in one field?

Comment on 3 Free Natty Wordpress Themes To Download by Mr.AD

Mr.AD — Wed, 03 Mar 2010 15:00:37 +0000

Hi,

That ’s a good idea

Comment on 10 Plugins To Securing Your Wordpress Blog by Mr.AD

Mr.AD — Wed, 03 Mar 2010 15:00:01 +0000

Hi,

Thanks for your comment ! I know a little Russian, mean “I would like to see inscription”, right ?