On Windows machines, schtasks is a utility similar to cron for scheduling jobs to run on a regular basis. Problem is, when you define a schtask, you must specify the userid and password of the account to run the job. Then later, when the user changes his password, that schtask will no longer work. It must be deleted and rescheduled wit...
Should users be able to enter a password such as " 12345" or "12345 "--a space at the beginning or the end? Or would you trim the password to remove these spaces because it's probably just a typing error. ...
I have the following: interface IDefectRepository { /* ... */ } class MyDefectRepository : IDefectRepository { public MyDefectRepository(string url, string userName, string password) { // ... } // ... } I'm using <parameters> to pass the constructor parameters from Web.config. Is there any way that I can store...
Our web-based applications has user accounts tied down to users with the passwords specified during account creation. In the case of Java, how does one process the password securely, before persisting its hash in the database. To be more specific, how does one ensure that the string holding the password is garbage collected within a suf...
I would like to encrypt the passwords on my site using a 2-way encryption within PHP. I have come across the mcrypt library, but it seems so cumbersome. Anyone know of any other methods that are easier, but yet secure? I do have access to the Zend Framework, so a solution using it would do as well. I actually need the 2-way encryptio...
This is probably true for other languages as well. I've created several websites by now, many of which use databases (usually mySQL). I need to store the database password somewhere in the sourcecode, but this seems like a security problem, and a a bit like a hack. Is there a better way to store the password, apart from a config file whi...
hi ..... How can I protect files and directories with a password in C#? ...
I need to store my users' name/password somewhere (preferably the Registry) so my .Net application can use them to log in to some remote service on behalf of the user. I know it's possible to store values in the registry as "secrets", which means their encrypted using the Windows domain user token or something. In other words, I don't wa...
I have about had it with this tool, I check the save password box at the login dialogue but it just doesn't work. Sometimes it will for a few days, and then the password will just be gone. Nearly every time I load this thing up I have to track down the password again and type it in. Is there some password rule in the database that would ...
I've always been curious... Which is better when salting a password for hashing: prefix, or postfix? Why? Or does it matter, so long as you salt? To explain: We all (hopefully) know by now that we should salt a password before we hash it for storage in the database [Edit: So you can avoid things like what happened to Jeff Atwood recentl...
We have several UNIX machines you can wind up with when you telnet to a certain box. The passwd files are not on a shared mount (I am not sure how safe it is to mount them anyway). The end result is that if you change your password on one box that when you login to the second box it will tell you that your password is invalid. This ma...
When using web forms authentication with the ASP.NET Membership provider, we are defaulted to some decently strict password rules. I think eight characters, including one non-alpha, are required. I'm not looking to make them all willy-nill loose, but generally I do not use a non-alpha character in my own password, and feel like a hypocr...
Does anyone know of a technique to prevent someone (me!) accidentally committing a file with a public database connection string in it to Google Code. I need to run some unit tests on the database from my local machine (to update the DB schema) but I'm concerned that I'll forget that I've changed the connection to point to the public DB ...
I have an expect script that connects to a few routers through ssh. All these routers have the same password (I know, it's wrong), and the script needs to know that password in order to be able to connect to the routers. Currently, the password is passed to my script as an argument on the command line, but this means that there's a tra...
Hi, I have a customer that has an old non-existant application; he had a problem with the company that made the application and they won't disclose his database password. He realized that he signed a contract (back then) where it said that he was sort of "renting" the application and they had no right to disclose anything. This customer...
I must be missing something. I want to set up a database user account for select-only transactions but mysql is not letting me choose the hash method for a password on creating a user account. this fails: GRANT SELECT ON myDB.* TO 'selectuser'@'localhost' IDENTIFIED BY hash('sha256', 'salted-myfakelongrandompasswordstring'); ERROR ...
As much as I understand it is a good idea to keep passwords secret from the site administrator himself because he could try to take a user's email and log into his mailbox using the same password (since many users use the same password everywhere). Beyond that I do not see the point. I know it makes more difficult the dictionary attack ...
re question non-random-salt-for-password-hashes Mr Potato Head states that the use of md5 instead of SHA-512 makes generating rainbow tables easier? I'd have thought that once your rainbow table is generated that the algorithm used is irrelevant? It would make no difference to how you use the rainbow table to check for known hashs? An...
We have a signon script that requires a Windows password in order to access and validate against the SAS metadata server. The problem is that if the windows password is changed, and the script is run a few without being updated, then the user gets locked out and has to call IT support for a password reset. What is the simplest way of u...
I have a Perl script that requires the user to enter a password. How can I echo only '*' in place of the character that the user types, as they type it? I'm using Windows XP/Vista. ...