When registering at a site the other day, one of their password requirements was that it couldn't contain any special characters, such as ' " = : ; < > ( ) While this alone doesn't indicate they don't hash their passwords, is it a strong indicator? If the password is hashed, these special characters will be translated into something e...
I've just signed up to a site to purchase some goods, and when I tried to enter my (reasonably secure) password I was informed it was too long, and that I should enter a password between 5 & 10 characters! What is the point in that? Who makes decisions like this? Surely the ideal password would be a really long and complicated one? Why d...
Hi guys I need to be able to allow users to change their expired password using \iisadmpwd utility inside IIS It looks as though if your password is expired, you can't authenticate into AD and therefore can not change your password. What are my options? ...
Is there any way to obtain (not change) the password of the ASPNET account on a Windows Server 2003 server? I need to snyc my workstation's ASPNET account password with the one on the server I am trying to connect to. I am trying to trouble shoot the following issue with my ASP.NET application. ...
This question has always troubled me. On Linux, when asked for a password, if your input is the correct one, it checks right away, with almost no delay. But, on the other hand, if you type the wrong password, it takes longer to check. Why is that? I observed this in all Linux distributions I've ever tried. ...
This is not a technical question. How do small organizations keep sensitive information that must be shared among several individuals safe, such as root passwords to production servers? Not all people that need to have access work in the same location.. new passwords can be distributed by phone, but what rules should be enforced for team...
Duplicate: why do i get a parser error when trying to access the asp password recovery page When i try to access the page where my asp password recovery form is i am getting this error: Description: An error occurred during the parsing of a resource required to service this request. Please review the following specific parse error deta...
I am working on an automated backup script. This script needs to download an HTTP resource using a username and password. At the moment, the auth credentials are in cleartext, which is obviously not ideal from a security point of view. I recently discovered the security utility on OS X after reading this blog post. security gives you key...
How do you store a password entered by the user in memory and erase it securely after it is no longer need? To elaborate, currently we have the following code: username = raw_input('User name: ') password = getpass.getpass() mail = imaplib.IMAP4(MAIL_HOST) mail.login(username, password) After calling the login method, what do we need...
I want to get the various user account passwords which are stored in my computer programatically using Visual C++. Are there any APIs to help me do this? ...
I'm using this function to generate a hash for a password and then store it in the database (SQL Server). The code looks like this: byte[] saltBytes = new byte[16]; new RNGCryptoServiceProvider ().GetBytes (saltBytes); string salt = Convert.ToBase64String (saltBytes); string saltedPasswordHash = FormsAuthentication.HashPasswordForStori...
A bit complementary to, but no way the same as, this question. How to create a password protected file? ...
How can I password protect my website during development with htaccess in Cakephp? which htaccess file do I have to change? what do I have to write in the htaccess where do I put the .htpasswd? I searched google for that but couldn't find anything useful, I hope you could help me! Thanks Till that helped me solve the problem! For...
I was wondering if it was a common practice to salt and hash a password like E(padding || hash(salt || password)) where || is concatenation and E uses RSA for example. I'm primarily asking this question for transport of a password database (not online storage where the server would have the private key to decrypt the encrypted pas...
Hi, My scenario is I have a asp.net 2.0 application web application which had the AspNetSqlMembershipProvider properties as: enablePasswordRetrieval="false" and passwordFormat="Hashed" But now the need has risen to store user's passwords unencrypted as clear text and display them to Superusers. I have done this by changing the AspNetSq...
I need to store passwords in NSString objects; however, I would like some way to obfuscate them, so they cannot be read directly from memory. This is a Mac OS X (10.5) application, but a solution that also works on iPhone would be much appreciated. ...
I'm running a VirtualPC 2007 VM with Windows2003 as the OS. Inside of this I am using a web based VPN to connect to my client's network. I cannot use this VPN from my host machine because it does not work with Vista (still!). Inside the VM I'm connecting to a Terminal Server at the client site which I'm logging into using their domain...
Hello :) I'm working on the signup process and want to check if the two passwords (password + re-entered password) are equal. These are my validation rules in the User Model: var $validate = array( 'username' => array( 'notEmpty' => array( 'rule' => array('minLength', 5), 'required' => true, ...
What do you web developers think? Should we disable pasting in masked password boxes in our web applications or not. Could this be a security hole or cause confusion or unwanted results? This is probably a question about user experience and not so much about programming. ...
I have a recent unfortunate event. I host a business partner's SQLServer 2005 server, and the "sa" password was mysteriously changed (nobody wants to take responsibility on it). So I was wondering, is there a way I can configure SQL Server 2005 to log all password changes? I know that could be achieved with Windows Server 2003, Windows ...