Storing user name and password in same database with other transaction data is good idea from application architecture point of view?Where do you store your salt strings?How should I ethically approach user password storage for later plaintext retrieval?Storing user and password in a databaseHow can bcrypt have built-in salts?Storing database passwords of users on a database. Is using the application user password as a salt for encryption a good approach?SPA best practices for authentication and session managementJWT (JSON Web Token) automatic prolongation of expirationToken Based Authentication in ASP.NET CoreIs it safe to store a hashed password in the same database with the rest of the dataWhat could be a decent workflow to a user registration application to store password?
What is the meaning of "of trouble" in the following sentence?
What would happen to a modern skyscraper if it rains micro blackholes?
How is the claim "I am in New York only if I am in America" the same as "If I am in New York, then I am in America?
How can I fix this gap between bookcases I made?
Banach space and Hilbert space topology
New order #4: World
Infinite past with a beginning?
How does one intimidate enemies without having the capacity for violence?
How to make payment on the internet without leaving a money trail?
Is there a familial term for apples and pears?
Chess with symmetric move-square
Copycat chess is back
I’m planning on buying a laser printer but concerned about the life cycle of toner in the machine
XeLaTeX and pdfLaTeX ignore hyphenation
Can Medicine checks be used, with decent rolls, to completely mitigate the risk of death from ongoing damage?
Circuitry of TV splitters
Prevent a directory in /tmp from being deleted
Is there really no realistic way for a skeleton monster to move around without magic?
DOS, create pipe for stdin/stdout of command.com(or 4dos.com) in C or Batch?
How do I create uniquely male characters?
Why is the design of haulage companies so “special”?
Why has Russell's definition of numbers using equivalence classes been finally abandoned? ( If it has actually been abandoned).
How did the USSR manage to innovate in an environment characterized by government censorship and high bureaucracy?
Do airline pilots ever risk not hearing communication directed to them specifically, from traffic controllers?
Storing user name and password in same database with other transaction data is good idea from application architecture point of view?
Where do you store your salt strings?How should I ethically approach user password storage for later plaintext retrieval?Storing user and password in a databaseHow can bcrypt have built-in salts?Storing database passwords of users on a database. Is using the application user password as a salt for encryption a good approach?SPA best practices for authentication and session managementJWT (JSON Web Token) automatic prolongation of expirationToken Based Authentication in ASP.NET CoreIs it safe to store a hashed password in the same database with the rest of the dataWhat could be a decent workflow to a user registration application to store password?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
I am working on the ASP.NET Web API Core 2.2 application which is already developed. We are using SQL Server 2017 as a data base.
Front end is Angular6.
My WEB API application is linked with Entity Framework for storing and retrieving data.
When I am debugging the application even after giving wrong password for the application, I can read data from all tables in the database. Even if I give correct password then also before generating token I can see data from all the tables.
I would like to know if it is glitch in the application?
Also is it good idea to store User ID and passwords along with other
application related data in the same database?
If user id and passwords are in same database the how can we restrict
accessing other tables before user is getting authenticated as the
application should be able to know the difference between user table
and other transaction tables
entity-framework security authentication asp.net-web-api2
sql-server-2017 asked Jan 10 at 15:21
ShardulShardul
709
add a comment |
I am working on the ASP.NET Web API Core 2.2 application which is already developed. We are using SQL Server 2017 as a data base.
Front end is Angular6.
My WEB API application is linked with Entity Framework for storing and retrieving data.
When I am debugging the application even after giving wrong password for the application, I can read data from all tables in the database. Even if I give correct password then also before generating token I can see data from all the tables.
I would like to know if it is glitch in the application?
Also is it good idea to store User ID and passwords along with other
application related data in the same database?
If user id and passwords are in same database the how can we restrict
accessing other tables before user is getting authenticated as the
application should be able to know the difference between user table
and other transaction tables
entity-framework security authentication asp.net-web-api2
sql-server-2017 asked Jan 10 at 15:21
ShardulShardul
709
Can any one help me in this?
– Shardul
Mar 8 at 5:58
add a comment |
I am working on the ASP.NET Web API Core 2.2 application which is already developed. We are using SQL Server 2017 as a data base.
Front end is Angular6.
My WEB API application is linked with Entity Framework for storing and retrieving data.
When I am debugging the application even after giving wrong password for the application, I can read data from all tables in the database. Even if I give correct password then also before generating token I can see data from all the tables.
I would like to know if it is glitch in the application?
Also is it good idea to store User ID and passwords along with other
application related data in the same database?
If user id and passwords are in same database the how can we restrict
accessing other tables before user is getting authenticated as the
application should be able to know the difference between user table
and other transaction tables
entity-framework security authentication asp.net-web-api2
sql-server-2017 asked Jan 10 at 15:21
ShardulShardul
709
I am working on the ASP.NET Web API Core 2.2 application which is already developed. We are using SQL Server 2017 as a data base.
Front end is Angular6.
My WEB API application is linked with Entity Framework for storing and retrieving data.
When I am debugging the application even after giving wrong password for the application, I can read data from all tables in the database. Even if I give correct password then also before generating token I can see data from all the tables.
I would like to know if it is glitch in the application?
Also is it good idea to store User ID and passwords along with other
application related data in the same database?
If user id and passwords are in same database the how can we restrict
accessing other tables before user is getting authenticated as the
application should be able to know the difference between user table
and other transaction tables
entity-framework security authentication asp.net-web-api2
sql-server-2017 entity-framework security authentication asp.net-web-api2
sql-server-2017 asked Jan 10 at 15:21
ShardulShardul
709
asked Jan 10 at 15:21
ShardulShardul
709
edited Mar 8 at 5:59
Shardul
asked Jan 10 at 15:21
ShardulShardul
709
asked Jan 10 at 15:21
ShardulShardul
709
asked Jan 10 at 15:21
ShardulShardul
709
709
Can any one help me in this?
– Shardul
Mar 8 at 5:58
add a comment |
Can any one help me in this?
– Shardul
Mar 8 at 5:58
Can any one help me in this?
– Shardul
Mar 8 at 5:58
Can any one help me in this?
– Shardul
Mar 8 at 5:58
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54131799%2fstoring-user-name-and-password-in-same-database-with-other-transaction-data-is-g%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54131799%2fstoring-user-name-and-password-in-same-database-with-other-transaction-data-is-g%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Can any one help me in this?
– Shardul
Mar 8 at 5:58