I have been doing some searching around trying to find some software, preferably for ubuntu, that can provide a secure store for the various logins and passwords that our team has for our servers and services. I have found a lot of personal password managers, but I am looking more for something that members of our team can log into, usi...
I have an HTML page with a login form and a registration form inside of an overlay. When the user submits either of these forms, an AJAX request is made back to the server. If the registration or login is successful, then the user is logged in and certain parts of the page are updated. If there is an issue with the login/registration ...
By default, the Django database host/user/password are stored in the project settings.py file in plain text. I can't seem to think of a better way at the moment, but this seems to be against best practices for password storage. Granted, if an attacker has access to the settings file, then all is probably already lost. Even if the the fi...
Hi, I am working on a server application which will have quite a fair number of client devices accessing it. The problem is we cannot guarantee that the client devices will always have access to the server. It is perfectly possible for a device to be outside the network for 1 week or more. In the meantime, we still want the device to wo...
Hi, I need to improve security in a website built on grails. The requirement is that when a user changes its password, it shouldn't be able to choose from any of the previous N passwords. Does anyone know a module for this? Should I roll my own? Any thoughts / tips will be appreciated. Thanks in advance ...
I am contributing to a relatively mature open-source PHP project. Recently, I discovered that it stores passwords as plain MD5 hashes, which is quite bothersome to me. I figured that if I was going to fix it, I might as well Do It Right(tm), so I wanted to use bcrypt. First, what I have found for other languages: bcrypt-ruby appears t...
I am building a project, which has a pretty basic login system. There will NO REGISTRATION system available, the users will be added manually. Also i protected the databases data input gates very well. So after all, do i still need to hash and even salt the users passwords? And if your answer is yes, the next question is why? ...
I have a quetion which may be simple/dumb or not :). In other words I have no idea if is fair enough or a completely foolish idea. Just some free thoughts. What if I make my login via JavaScript with pass in it (yes I know), but pass will be hased by Secure Hash Algorithm. For instance: I generate a pass with SHA which looks like var...
Could someone please help me understand how salting works? So far I understand the following: Validate password Generate a random string Hash the password and the random string and concat them, then store them in the password field... How do we store the salt, or know what it is when a user logs in? Do we store it in its own field? ...
Where should I start looking for a online payment system where once a user pays their account is given full access to the game? Basically exactly like the payment system in minecraft.net . I post in r/programming, because I don't know if I should be using sql database or what. I don't even have the username/password system set up. ...
I followed the Authlogic example tutorial at github and have everything set up and running. But I would like to make a change concerning password confirmation. Following the tutorial, you must enter a password confirmation when registering. I don't want that to be necessary, so I put c.require_password_confirmation = false in the acts_a...
My desktop application asks a user for proxy-server credentials to use it later. But what is the best way to store this secure information for further usage? ...
We have some error reporting code that, when an unhandled exception occurs, we send everything over in an email to our groups. This is great except if an unhandled exception occurs on a page with a password field then it's sent over as plain text. Is there a way to iterate through Request.Form and figure out which item(s) are passwords?...
Hello all I've been trying to synchronize the profile passwords of a third party system with AD. The third party system has its user profiles stored in a database. I initially tried of writing a password filter to get the password in clear text and updating it in the database. Later i learnt that it is extremely risky to mess with the ...
Hi guys, I use mercurial in my project, and every time I push new changesets to the server by ssh, it ask me for a password. Then how to config the mercurial to push with out asking password? I works on Ubuntu 9.10 ...
I'm writing a game which requires users to log in to their accounts in order to be able to play. What's the best way of transmitting passwords from client to server and storing them? I'm using Python and Twisted, if that's of any relevance. ...
A client has a huge userbase and I'm required to encrypt/hash passwords in a secure manner. The problem is I can't ask every user to change their password and the passwords are already hashed with md5() without a salt. One way of doing this is to encrypt the current passwords with a salt and when a user changes or resets the password i j...
i am trying to do the login form i have created two uitextfields for username ,password and one uibutton for login. when i enter password in password textfield i want to display all the text as '*' or any special characters like in the following images is there any default ways in sdk to do this or we have to do it logically if any ...
Possible Duplicate: Read a password from std::cin I want to cin>>input but when they input something i don't want it to be visible to them. Like when you use passwd in unix to change your password where it doesn't show what you typed. i hope it is clear what i am asking. Thank you in advance. ...
I followed this password_reset tutorial and was able to get it working. But there are a few things I don't like about it that I want to change. I'd like it to say password_reset rather than reset_passwords in the url. Which I've managed to accomplish by renaming the controller and routing it in config/routes.rb as map.resources :reset_...