You are designing an ASP.NET Web application.
You are implementing the ASP.NET membership and profile providers to do the following:
– Support retrieval of user passwords within the ASP.NET Web application.
– Access profile data that is stored in two or moreMicrosoft SQL Server tables.
You need to ensure that the Web application is properly configured to interact with the providers.
Which approach should you recommend?
A.
Use encrypted passwords, and develop a custom profile provider.
B.
Use encrypted passwords and the built-in SqlProfileProvider provider.
C.
Use hashed passwords, and develop a custom profile provider.
D. Use hashed passwords and the built-in SqlProfileProvider provider.
Explanation:
Correct: If you must be able to retrieve original passwords,encryption provides the best protection possible.
Because the built-in SQL membership provider does not support retrieving users’ original passwords, you must
create a custom membership provider.
Incorrect: Hashed passwords are more secure than encrypted passwords. However, you cannot easily reverse
hashed passwords.