Security « Broken Thoughts

.Net Dojo: Forgot Your Password Workflow

As an experienced web developer, I have seen all kinds of crazy login workflows. The security question workflow, however, is the absolute dumbest workflow ever. Not only are most questions geared at public domain information, but how many people are actually going to remember what they typed in for their answer? Also, depending on how good (or bad) the programmers are, if the answer is case senstive, or miss-spelled, you are hosed. I can’t stand sites who use this workflow when there are much better, and more secure ways to allow users to regain control of their account.
Read more »

January 29, 2008 Posted by Broken Bokken | .Net | .Net, .Net 2.0, ASP.NET, C#, Forgot Password, Internet, Login Workflow, Programming, Security, Security Question, Technology, Web Development, Workflow | No Comments

.Net Dojo: Data Encryption

Encryption is a vital part to any web application. It is important that all variables, both in cookies and in the query string are encrypted for protection. By exposing your variables such as http://www.mysite.com/?x=10000 you leave it open for people to experiment with putting in different Id’s. While your code should make sure that anyone requesting content with the specified Id, it is a good practice to encrypt all your values to make sure no one can guess through your website.

Also, if you do not encrypt a cookie, you leave the contents open to anyone who would use an XSS attack to pull the cookie across domains. Leaving the cookie open just leaves hackers another back door into your site. To be fair, if a hacker was able to steal a cookie set on your domain, they would therefore be able to set the same cookie for them self. While encryption can’t stop an attacker from mimicking a user via their cookie, it could hinder them from learning what information you are storing.

In current cryptography, there are currently 3 major algorithms used. The first algorithm is Data Encryption Standard (DES). In .NET, DES uses 64 bit encryption. The next step up is Triple DES which uses 3 separate DES keys to provide 128 bit encryption. The most secure algorithm and the current standard used by the Department of Defense is AES or Rijndael. In .Net, Rijndael provides 256 bit encryption.

January 14, 2008 Posted by Broken Bokken | .Net | .Net, .Net Dojo, AES, ASP.NET, C#, Cryptography, CryptoProvider, CryptoStream, CryptoStreamMode, DES, Encryption, Programming, Rijndael, Security, System.Security.Cryptography, Technology, Triple DES | 2 Comments

.Net Dojo: Windows Cardspace

Several months ago I was looking at the new .NET 3.0 features and decided to play around with them. Windows Presentation Foundation (WPF) and Windows Communication Foundation (WCF) are fairly straight-forward. I really wanted to check out Cardspace, or Infocard.

November 1, 2007 Posted by Broken Bokken | .Net | .Net, .Net 3.0, .Net Dojo, ASP.NET, C#, Cardspace, Infocard, Information Card, Internet, Login, Microsoft, NetFx, NetFX3, Programming, Security, Technology, Web Development, Web Login | No Comments

Search for:
Categories
- .Net (12)
- Anime (3)
- Japanese (9)
- Life (4)
- Martial Arts (4)
- Personal (11)
- Recipes (2)
- Shinkendo (2)
Archived Articles
Tags
.Net .Net 2.0 .Net Dojo Animation Anime ASP.NET C# Cookies Credit Cards csharp Development Dojo dotnet Fantasy feudal japan Fiction Generics Humor Information Technology Internet Japan Japanese language Life Martial Arts Microsoft Movies Musings Nihongo People Personal Programming rant Recipe Revenge Reviews Samurai Security Server Shinkendo Spam Swords Technology Thoughts Web Development

Broken Thoughts

Techknowledge

.Net Dojo: Forgot Your Password Workflow

.Net Dojo: Data Encryption

.Net Dojo: Windows Cardspace

Categories

Archived Articles

Tags

Favorites

Friends

Resources

Digg News

Site info