I don't want be be a pain, but I hope that encrypted password will be an option, a default option maybe, but still an option.
I don’t like the clear text passwords in the database from a security point; I hope we all can agree on that.
I suggest adding this function to the Security class; it is the same function used in the Portals Starter Kit which was the successor to IBS Portal.
public static string Encrypt(string cleanString)
Byte ClearBytes = new UnicodeEncoding().GetBytes(cleanString);
Byte HashedBytes = ((HashAlgorithm) CryptoConfig.CreateFromName("MD5")).ComputeHash(ClearBytes);
} // end Encrypt
string EncrptedPassword = Encrypt(password);
Such that password will return something like D0-09-1A-0F-E2-B2-09-34-D8-8B-46-06-84-F5-97-89
Much more secure since you can’t take this value and log on with it since it is the original password that produces this hash code.
Somewhere in the code
Add it to the code
app_code -> Security -> Security.cs
Around line 441
public static string SignOn(string user, string password, bool persistent, string redirectPage)
which in turn gets executed in
app_code -> Rainbow -> DAL -> UsersDb.cs
Around line 994
public Rainbow.Security.User Login(int uid, string password, int portalID)
I do realize that we’ll have to do a reset password instead of a “I forgot my password” option.