i have a signup form on my website for user registeration ....... so i want to make it secure , by secure i mean , Password should be encrypted etc etc.....or any other precautions for security
i already used hash functions of MS SQL on password field through queries but ppl always suggested to use something more advance .
so any way to make it resistent to injection etc
thanks !!!

I'm sure no matter what, "Injection" will still be a problem. Here are some tips to get arround it.

  1. First use MD5 encryption because once something has been encrypted it can't be decrypted.

  2. Use Google reCAPTCHA to stop web bots.

  3. If you are using PHP if your going to use $_GET to interact with your database try using only numbers to be sure there are only numbers in the $_GET use:

EXAMPLE

if (is_numeric($_GET['ID'])) {
}

Or if you have the money you could use https (Hypertext Transfer Protocol Secure).
But only use https if your dealing with private user information.

But remember that with Injection there is always a way it get in, scary isn't it.

Thanks mate !!!@ joshl

i m using asp.net 3.5
but wt about sign in, mean a password will b matched to password field in db, so would it be comparable ? after encryption

If the password in the database is MD5 encrypted then when the user signs in just MD5 the password they typed in then match it with the password in the database to see if they match.

Hope this helped.

By the way what's your website?

@joshl: tnx dude..it helped
my project is abt HR, ONLINE RECRUITMENT SYSTEM for Institutions !!!

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.