IIS7 : In SSL we receive password as Clear Text is it correct?

mitra111...

SOLVED CLOSED ACTIVE ANSWERED
User: mitra11112003
Posted: on Aug 21, 2014 04:25 AM
Forum: ASP.Net Web Forms
Answer: 1
Views: 2226

I implemented SSL on my web application.

below is my code through which i am getting login.

MD5CryptoServiceProvider md5Hasher = new MD5CryptoServiceProvider();
byte[] hashedDataBytes;
UTF8Encoding encoder = new UTF8Encoding();
hashedDataBytes = md5Hasher.ComputeHash(encoder.GetBytes(txtPassword.Text));

#endregion

SqlCommand com11 = new SqlCommand("For_Login", con);
com11.CommandType = CommandType.StoredProcedure;
com11.Parameters.AddWithValue("@User_Id", ddl.SelectedItem.Text);
com11.Parameters.AddWithValue("@Password", hashedDataBytes);
SqlDataAdapter sda = new SqlDataAdapter(com11);
DataTable dtcheck = new DataTable();
sda.Fill(dtcheck);
if (dtcheck.Rows.Count > 0)
{

    // logged in
}

but when I run the application on server n start fiddler, it shows password in clear text

see the image below

why this is happening? what to do?

Download FREE API for Word, Excel and PDF in ASP.Net

Mudassar

0 3

Reply
ANSWER
User: Mudassar
Replied: on Aug 22, 2014 01:51 AM
Modified: on Aug 24, 2014 07:06 AM
Report

No. I am asking who suggested you to use decryption as the using SSL it is automatically performed as far as I know and in code we do receive clear text.

Though between Client - Server communication it is encrypted to avoid hacks and attacks.

I agree, here is the link: https://www.e-iceblue.com/Introduce/spire-office-for-net-free.html

IIS7 : In SSL we receive password as Clear Text is it correct?

Company

Explore

Follow us

Contact Us