Does asp.net login control encrypt password field?
Warning: file_get_contents() [function.file-get-contents]: URL file-access is disabled in the server configuration in D:\Hosting\3681091\html\blog\wp-content\plugins\digg-digg\dd.class.php on line 759
Warning: file_get_contents(http://feeds.delicious.com/v2/json/urlinfo/data?url=http%3A%2F%2Fwww.devtheweb.net%2Fblog%2F2010%2F02%2F27%2Fdoes-asp-net-login-control-encrypt-password-field%2F) [function.file-get-contents]: failed to open stream: no suitable wrapper could be found in D:\Hosting\3681091\html\blog\wp-content\plugins\digg-digg\dd.class.php on line 759
The asp.net login control is often used when we build an asp.net website with asp.net authentication providers. But when we think about the security, it’s good to know that when the security is important, you cannot rely on it in the HTTP protocol. The reason is that all the fields of the asp.net login control are sent as a plain text over HTTP.
Per MSDN:
By default, the ASP.NET login controls work in plain text over HTTP. If you are concerned about security, use HTTPS with SSL encryption.
The solution is to allow login access only via HTTPS.
