Dear frens,
I have created a login page with two textboxes for users to key in their username n password. I have also a submit button with the following codes:
Dim myConnection As SqlConnection
myConnection = New SqlConnection(encryptConn.DecryptConnectionString())
myConnection.Open()
Dim user As String
Dim pswd As String
Dim result As Integer
Dim pswdHashed As String
user = Replace(txtUsername.Text, "'", "''")
pswd = Replace(txtPassword.Text, "'", "''")
pswdHashed = createHash(pswd)
Dim sqlComm As New SqlCommand
sqlComm.Connection = myConnection
sqlComm.CommandText = "SELECT UserID FROM WSUser WHERE Username = '" & user & "' and Pswd = '" & pswdHashed & "'"
result = CInt(sqlComm.ExecuteScalar())
If result > 0 Then
Session("uid") = result
Response.Redirect("AddService.aspx")
Else
lbMs.Text = "Login attempt failed."
End If
myConnection.Close()
End Sub
Public Function createHash(ByVal pass As String) As String
'HASH THE PASSWORD ENTERED BY USER
Dim bytHash As Byte()
Dim uEncode As New UnicodeEncoding
Dim bytSource As Byte() = uEncode.GetBytes(pass)
Dim shal As New SHA1CryptoServiceProvider
bytHash = shal.ComputeHash(bytSource)
Return Convert.ToBase64String(bytHash)
End Function
But my problem is when i used a sniffer program i can still see the password keyin by user in the textbox. Wht codes should i type at the textbox to hide the password input by users?
Please help. thnx
I have created a login page with two textboxes for users to key in their username n password. I have also a submit button with the following codes:
Dim myConnection As SqlConnection
myConnection = New SqlConnection(encryptConn.DecryptConnectionString())
myConnection.Open()
Dim user As String
Dim pswd As String
Dim result As Integer
Dim pswdHashed As String
user = Replace(txtUsername.Text, "'", "''")
pswd = Replace(txtPassword.Text, "'", "''")
pswdHashed = createHash(pswd)
Dim sqlComm As New SqlCommand
sqlComm.Connection = myConnection
sqlComm.CommandText = "SELECT UserID FROM WSUser WHERE Username = '" & user & "' and Pswd = '" & pswdHashed & "'"
result = CInt(sqlComm.ExecuteScalar())
If result > 0 Then
Session("uid") = result
Response.Redirect("AddService.aspx")
Else
lbMs.Text = "Login attempt failed."
End If
myConnection.Close()
End Sub
Public Function createHash(ByVal pass As String) As String
'HASH THE PASSWORD ENTERED BY USER
Dim bytHash As Byte()
Dim uEncode As New UnicodeEncoding
Dim bytSource As Byte() = uEncode.GetBytes(pass)
Dim shal As New SHA1CryptoServiceProvider
bytHash = shal.ComputeHash(bytSource)
Return Convert.ToBase64String(bytHash)
End Function
But my problem is when i used a sniffer program i can still see the password keyin by user in the textbox. Wht codes should i type at the textbox to hide the password input by users?
Please help. thnx
