I want to call "storing a password in plain text in a Database" a bad pratice... but our customer did this in his Application. They want me to renew that Application.
My point: I want to change this...but since it is not a need for our Customer it is still unclear.
How do you handle such issues regarding security? From my point of view...
I could use getpass() to get a password. However, the man page says:
This function is obsolete. Do not use
it.
What is the current way to get a password from the user's terminal without echoing it, in a POSIX-compliant way? [Originally I said "portably", but my intention was to avoid using an obsolete function.]
...
I've always been of the impression that storing passwords in a database as plain text is (as someone else here put it) a Very Bad Thing™.
Historically, most of our server-side coding needs have been contracted out to a group of programmers. They store passwords in MySQL databases in plain text.
As the resident code monkey (incidentall...
I have a database of hashed passwords that had no salt added before they were hashed. I want to add salt to new passwords. Obviously I can't re-hash the existing ones.
How would you migrate to a new hashing system?
...
I have a little java prog that uses a webservice which needs authorization. So the java prog (which is to be run using windows task scheduler) needs to have a user/password argument. How can I store these somewhere without having them laying around in a file as plaintext?
So far I've tried using runtime.getRuntime and CACLS to have a ...
Hi, in my web site (c# & sql server) i am trying to enable non ascii username and passwords,
(username and password columns are set to NvarChar )
what would be the best aproach to achive this?
...
Possible Duplicate:
Ways around putting a password in code
If you create an application that for example connects to a database or an ftp server it needs a username and a password.
How do you recommend storing this?
First and easiest option is of course as plain text in the application, but then I guess it would be quite clear...
Just like the title says. I was hoping someone could direct me to documents/resources that show how to encrypt a zip file such that most (if not all) 3rd-party apps can open it.
I'm more interested in the security aspect rather than how to do it - any knowledge is welcome.
This is to casually protect files on my work computer (and net...
I've got an app that generates a hash off of a user password, which I then use to encrypt data with. I want to extend this to the case where any 2 out of 5 users need to authenticate the app before it has enough data to generate that hash.
The problem I've got is I need to generate the exact same hash no matter which 2 of the 5 users au...
Hi,
I have a development server running IIS 7.0 with an ASP.NET MVC Web Application, that authenticates using Forms Authentication/Membership.
I need to be able to prevent unauthorized users from viewing this site. Our customers however should be able to enter a simple username/password to gain access.
After they do so, they should ...
When going through registration, a lot of sites will disallow the use of symbols in passwords. This drives me up the wall from a usability perspective since I include multiple symbols in all my passwords, and as a programmer that deals with web authentication from time to time, I can't figure out why it wouldn't be allowed. Am I missing ...
i have two fields
1)password
2)confirm password
and want to perform validation that both fields are the same............and want client side validation
plz help
...
Hi everyone, here's my problem:
User inputs a password in the Options section of the program.
The password is hashed (MD5) and stored in the registry.
The program is ran, an Excel spreadsheet is created, and password protected using the hashed value that is stored in the registry.
The user opens the spreadsheet, and is prompted to ente...
For an internal Tomcat/Java/Struts application, we're converting custom-written authentication code to use JDBCRealm. The database is MySQL 5.0, and the passwords are stored as PASSWORD()-encrypted strings. In our version of MySQL, the PASSWORD() function is a non-standard (proprietary?) 41-byte hash. (I know now that we shouldn't be ...
We have a number of network services and web-apps authenticating users differently, some with different password requirements for very bad technical reasons. For example, one system refused $ signs until someone "fixed" the string handling in some Perl scripts. Another system appears to parse @ signs in passwords. Another system issues u...
I've always wondered why websites don't offer a "variable password" option, in which a user's password is constantly changing based on the day of the week or time of the day. e.g. "my password is 'foo' followed by the current hour of the day, always expressed as two digits".
I understand basic security 101, the need for trapdoor functi...
I need to store hashes of passwords on disk. I am not entirely sure which hash function to use (they all seem somewhat troubled at the moment), but I am leaning towards SHA-256.
My plan is to take the user's password and combine it with their user ID, a random user-specific salt, and a universal site-wide salt. Should I concatenate thes...
I have this macro that is password protected and shows a form. Recently I added code to import data from excel and every time I close it asks me for a password - I can cancel through it but I'd like to make it go away, I see no plausible reason why it would come.
I've separated out the few lines that causes this problem
Sub a()
U...
I have MD5 hashes of passwords in a database that I want to use against HTTP AUTH DIGEST. But in reading the docs, it looks like the digest hash contains a hash of the username,realm and plaintext password. Is there any way to use the MD5 hash of the password in this situation?
...
We receive Excel workbook files every day which are password protected with the same password. We know this password. Is there a utility or method to remove password protection on these workbook files without invoking Excel.exe or the Excel object. Our goal is to take Excel out of the process and utilize SpreadsheetGear in VB.net. Ho...