Vote count:
0
I'm currently developing an intranet website for a client and I'm facing a problem according to the passwords management. The users will have to be logged in to access the website. I will manage manually the creation of new users account. For example a manager will give me the list of all employees that he wants to give access to the website. I will create each user account with a generated password (a different one for every user) that will be valid for only a couple of days. On the first login, the user will have to change his password to another. The new password will have some requirement (i.e. length, uppercase letter, have a number in it, …). This is pretty usual stuff.
My problem is that since this application will work in a network (it's an intranet),I cannot validate the password on the client side (the client can disable Javascript, or the data can change on the network (i.e. man in the middle). Also, I don't think it is safe to send a clean password via the network, so I'm using SHA-1 to hash password on the client side before sending it to the network.
My problem is that since the server gets the password hashed, it has no way to validate the length or that it match the formatting requirements.
I'm working with C# and the MVC 5 framework, but my problem is more a design problem, than a programming one.
Sorry for the long intro and thank you very much for the answers
Regards
Pierre
Ensure password format in a website
Aucun commentaire:
Enregistrer un commentaire