I have a site that is password-protected using a .htaccess and .htpasswd file. I'd like for users to bypass the login prompt ONLY if they come from a certain domain. Can this be done by embedding the .htaccess credentials as parameters in the link somehow? Edit: I do manage the domain I'd like to whitelist, so how can I pass GET parame...
Here is the web.config; <?xml version="1.0" encoding="UTF-8"?> <configuration> <system.web> <customErrors mode="Off"> </customErrors> <authentication mode="Forms"> <forms name=".ASPXAUTH" loginUrl="login.aspx" protection="All" timeout="999999"> <credentials passwordFormat="MD5"> <user name="admin" p...
What is the most secure way to handle forgotten passwords/password resets? Should I email the password to the user? If so do you then force them to reset it? Or do you let them reset it immediately (without sending an email) and require some other information to verify that it is them? Or is there a better method? ...
I have a potential client that set up their website and membership system in ASP.NET 3.5. When their developer set up the system, it seems he turned off the security/hashing aspect of password storage and everything is stored in the clear. Is there a process to reinstall/change the secure password storage of ASP.NET membership without c...
I'm using html2fpdf for creating PDF documents. Now once I have created that, I want to make sure that the PDF file is password protected. How can this be done in PHP? ...
I'm using a website as a frontend and all users are authenticated with the standard ASP.NET Membership-Provider. Passwords are saved "hashed" within a SQL-Database. Now I want to write a desktop-client with administrative functions. Among other things there should be a method to reset a users password. I can access the database with the...
Looking to store usernames and passwords in a database, and am wondering what the safest way to do so is. I know I have to use a salt somewhere, but am not sure how to generate it securely or how to apply it to encrypt the password. Some sample Python code would be greatly appreciated. Thanks. ...
I have shell script calling Sql*loader utility which inturn uses username/password as arguments. This details cannot be stored on server in any form due to security related policies. i got 2 approaches to handle this situation, 1. create hidden parameter file with login details and limit the access to owner. again the implication is i ...
Let's say that you have a standalone application (a Java application in my case) and that this application has a configuration file (a XML file in my case) where you store the credentials (user and password) for a bunch of databases you need to connect. Everything works great, but now you discover (or your are given a new requirement li...
Hi there, I'm in the process of designing a web application that will require the storage of GPG keys in an encrypted format in a database. I'm planning on storing the user's password in a bCrypt hash in the database. What I would like to be able to do is to use that bCrypt to authenticate the user then use the combination of the stored...
I'm not exactly positive how to word this for the sake of the title so please forgive me. Also I can't seem to figure out how to even google this question, so I'm hoping that I can get a lead in the right direction. Part of my software(VB.NET App) requires the ability to access/read/write a shared network folder. I have an option for th...
I created/edited a .htaccess file and I got my site password protected fine. Question though: Is there such thing as a URL key? Maybe I'm wording that incorrectly, but I would like to keep my site hidden, but be able to send out a specific URL that can view the site. What's the best way to accomplish this? Thanks in advance. ...
Hello, I want a simple layer of protection for my content (resource) files in my application. For example, I have various sound and image files used in my application. I think, I can wrap them in a SFX archive (Probably packed with WinRAR), then in my application, start the SFX exe with some parameters, like, -silent. But this may not b...
What Java library should I be using to Hash passwords for storage in a database? I was hoping to just take the plain text password, add a random salt, then store the salt and the hashed password in the database. Then when a user wanted to log in, I could just take their submitted password, add the random salt from their account informa...
First time trying to use the password protected visibility option on a Wordpress page, and it seems to do nothing. After adding a password, if I view the page it never asks for a password. Different browsers, clearing out all temporary files, logging out of wordpress admin, nothing makes a difference. Even logged into a remote computer t...
How do I programmatically open a password protected PDF. I want to use ruby to open a password protected PDF and read its content. I would like to know whether its possible and if it is possible guidance on the right way to do it ...
I'm starting a new app, and I'd like to know how to require a password to open it. I've been researching on Google and the Apple Dev Forums and haven't found anything. I was considering a UIActionSheet in the application didFinishLaunchingWithOptions method of the app delegate implementation file, but am unsure how to go about doing so....
We're migrating one of our sites to ASP.Net. We do not want to use integrated security, which uses the windows account to connect to sql server (not going to get into why, its just out of the question). We created a username and password to connect to SQL Server, and would like to use that username and password, however, we also do not w...
Hi, Based on the user requirements, he wants to use our android application via pin code access like login whenever he starts to use this application. In Android or any mobile, most of the applications start again the last using layout. so which event should i call this login alertdialog to access each time users start to use it? Or let...
Where does Internet Explorer store saved passwords? And since this is a programming site, i'm not literally asking for the location where IE stores passwords, but which API ie uses to save passwords. At first i assumed that Microsoft was using the standard api: CredRead CredWrite which is used to save domain and generic program/web...