Looking at Gmail's cookies it's easy to see what's stored in the "remember me" cookie. The username/one-time-access-token. It could be implemented differently in cases where the username is secret, as well. But whatever... the thing is not very high security: you steal the cookie and you're ready to go. My question is on the functional ...
This may just be my misunderstanding of the subject, but I would hope to find a simple answer. I run a web server for my own use, among many reasons just so I have a domain name to reference my network at home. I just deployed Sever 2008 Enterprise thanks to acquiring a MS charity license. It's so much better than the IIS 5 on XP setup...
I have been trying to make a secure login for my site that I am developing. I just cant get it to work, I use MySQL databases with PHP. I can make the form to add the user and their info to the database but I can't seem to make it work with the login. What type of encryption is used with HTML <input type="password">? How do I keep t...
Situation 1 - Connecting the server to the database: Its always said that passwords should not be stored in plain text, however to connect to the mysql database requires the password, in plain text it seems... I'm guessing the best solution to this is to store it in an encrypted form, decrypt it in my app as needed and then erase it from...
So, you build some applications for your clients but they are password-protected of course, and the data therein is sensitive, containing names, addresses, etc. You don't want to give your prospective employer access to use these applications of course. How do you go off showing your work without getting anyone into any kinds of sticky ...
I'm creating a walkup create account page for our website. I've always cleared out the default value="" for a type="password" input out of paranoia, after a user has submitted a form, even if the two passwords match and are valid. I started to think on this after our designer asked me if there was any real point to doing that. I can cert...
I need to read a password from standard input and wanted std::cin not to echo the characters typed by the user... How can I disable the echo from std::cin? here is the code that I'm currently using: string passwd; cout << "Enter the password: "; getline( cin, passwd ); Edit: I'm looking for a OS agnostic way to do this. Here there a...
I've been reading up on the benefits of salting and hashing passwords, but one thing still eludes me... When I provide a random salt for each user, how do I then know what the salt was when I try to authenticate them to login? so if I do.. HASHPW = PW.RANDOMNUMBER I could store the random number in the database, but that seems to k...
I have password protected my entire website using .htaccess but I would like to expose one of the sub directories so that it can be viewed without a password. How can I disable htaccess password protection for a sub directory? Specifically what is the .htaccess syntax. Here is my .htaccess file that is placed in the root of my ftp Au...
What strategy do you use to avoid storing passwords in version control? Currently, I have development/test/production passwords saved in three different files and the appropriate file gets used during deployment. All this is committed to version control, but I'm not too happy with that since not all developers need to know those passwor...
I am creating a PHP script for my website that would allow my clients to login to their client account and view a list of files I've uploaded for them. Then they can download them without having to relogin or re enter a password. I want to keep it secure so anyone cant come in and download the files if they know the clients name. I've ...
What method does Office 2007 use for encryption (when choosing Encrypt and setting a password from Office menu)? My C# app needs to create and read encrypted Excel 2007 files (.xlsx). It is important that these files remain accessible from Excel, so I must use Microsoft's encryption method, can't brew my own. Normal Excel 2007 file is ...
Hi, Suppose there is a String variable that holds a plain text password. Is there any possibility of reading this password using a memory dump. (Suppose using cheat engine.) I am puzzled with this JVM thing. Does JVM provide some sort of protection against this. If no what are the practices that I need to use to avoid such "stealing". ...
I'm transferring users from my old database to a vBulletin database. I want a script to do this as it'll take forever otherwise. I have all the user's passwords stored just like md5(password) But of course, this doesn't work with vBulletin due to salts etc. So my code is this: <?Php mydatabase_connect(); $select=mysql_query("SELECT ...
Hello, I need to export DataSet result to Excel file (using dataset, XSLT transformation and XML generation => XML spreadsheet). That's work, but I'd like to protect this sheet. The reader can only make change in some dropdown, in some cell but other change are not allowed. The only changes allowed are some specific cells (value or drop...
I've been asked to implement some changes/updates to an intranet-site; make it 'future proof' as they call it. We found that the passwords are hashed using the MD5 algorithm. (the system has been around since 2001 so it was adequate at time). We would now like to upgrade the hashing-algorithm to a stronger one (BCrypt-hash or SHA-256)...
I have an applet which connects to a SFTP server to download file. The login credentials need to be included within the applet so that user will only select the download location and the download process will start. Login credentials are dynamic based on some business logic. Now I need to decide the approach to pass the dynamic login ...
I was looking for an effective algorithm that can give me a righteous idea of how strong a password is. I found that several different websites use several different algorithms as I get different password strength ratings on different websites. ...
I need to add basic password protection to an Open XML Wordprocessing document. I can either use the COM interface, which is very slow when I have a large number of documents to process; or I can put the data directly in the docx file under <w:settings> <w:documentProtection> which is very fast. However, looking at the requirements to en...
We don't have BES deployed to set the IT policy and turn on content protection on the device. So, it has to be done programatically. I can see that such permissions can be requested by using ApplicationPermissions and ApplicationPermissionsManager. But after such permissions are given by the user, how to actually change the setting. I k...