passwords

Triggering the Change Saved Password dialog in firefox

I am implementing a change password ui, but when I change the password, the dialog that firefox's password manager displays to change the saved password doesn't appear. I can't find the documentation on what is required for the form fields to trigger this behavior. If anyone has the resource that goes through how firefox decides when t...

What is the correct way to store a database connection string in a config file for production environment?

Often in example code for software, I see a connection string eg. mysql://user@localhost in the configuration file for the software to get access to the database. This seems fine for a test/development server but for production, this seems very insecure. What is the correct way to do this in a production environment? ...

How to start Mac OS X password screen

I am building an application in Mac OS X which should bring up the password screen in Mac OS X once when a button on a QT WIndow is clicked. Which API I should use for this? Also, how will my application get notified whether system is locked or not? Thanks in advance. ...

How to check login credentials in linux when not running as root?

I have written a cgi-bin application in C that runs in a browser and allows the user to open an interactive shell and view & edit files on a Linux machine. It runs as the standard apache "www-data" user. I just added a login screen to it where the user types in their name and password (in a form) but I cannot authenticate the user using ...

iis7 can not access site if site folder owner changes the password

Had to switch to "Application user" (pass-through authentication) to see the site again (site advanced settings). If I set "Specific user" (the one the site folder belongs to), iis7 shows the error. I've changed the user password as I've lost the old one. It seems that the OLD password is stored (encrypted) in some configuration file (...

Is there any widget for password entry?

I was tryin to find any class to define a password field? How can we do that? Do we have a class for that or some method to edittext? ...

Storing AES keys

Hi. Is there a good way to ship AES keys together with the application, but still make them safe enough? I don't quite fond regarding the idea of hard-coding the keys (as the app can be de-compiled), but other alternative, saving them on remote server, looks quite dangerous to me in case the server goes down or the network cuts off. I...

Help me decode this javascript which generates a passsword based on a master password and a website's name

Hi all! There's a website that generates a password by joining a master password with the website's name (e.g. master password=abc and site=google) then hashing that with SHA1 and then coding the resulting hash with Base64. I've been trying to implement that in Bash, but I can't. I mean I can but my results are extremely different from t...

Should I even hash passwords in this situation?

My website doesn't contain too sensitive data. I'm thinking about storing passwords as is because if a user wanted to receive their password by email (if they'd lost it) then I'd be able to send it to them rather than doing anything cumbersome and grueling to users like sending them a new password I created (it's also ineffective). Shou...

What is the C# analog of this VBScript code that checks the Active Directory password expiration?

I have the following VBScript script that checks the password expiration of an Active Directory user account. Could someone please help me convert this code to C#? Thanks a lot. Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000 Const E_ADS_PROPERTY_NOT_FOUND = &h8000500D Const ONE_HUNDRED_NANOSECOND = .000000100 Const SECONDS_IN_DAY ...

Longest username and password accepted for SOCKS5 authentication?

As seen here http://tools.ietf.org/html/rfc1929 , I would assume that it is either 255, or unlimited in length. What is the longest possible username and/or password you can use for authenticating a SOCKS 5 proxy? ...

Generate temporary URL to reset password

I am looking to implement a Forgot Password feature on my website. I like the option where an email containing a temporary one-time use URL that expires after some time is sent to the user. I have looked at the following pages to get these ideas but I am not sure how to implement this using ASP.NET and C#. As one of the users indicate...

Hide Password Content in Source Code

Does anyone know how to hide the password contents in the source code of a j2me program? i.e. so people cannot see "DBT" as password who read the source code. public void validateUser(String user, String Password) { if (user.equals("N0203251") && Password.equals("DBT")) { switchDisplayable(null, getContinue()); } ...

Excel VBA: Secure way to get user's database login/password for connection string?

I have an Excel VBA tool which needs to query Oracle. I am using ADO. When building the connection string, I get the database, username, and password out of cells in the spreadsheet. What is a more secure way to handle the login? The spreadsheet will probably be emailed and saved on public drives. Assume an ordinary Office Professional ...

Best way of doing code for "Forgotten Password"

Hi In my asp.net website, i would like to implement forget password. I am using following steps Form having input box for login Id and email Id and CAPTCHA when user enter details and submit, at backend after validation new password is generated and replaced old password at database. New passowrd is send to user at email. Please hel...

GAE authenticate to a 3rd party site

I need to authenticate securely to a third party site for a SSL REST api call. I have the API call part working but I want to save the third party credentials in my app engine datastore, or maybe somewhere else? I have no idea how im supposed to do this. The SSL call looks like: credentials = base64.encodestring('%s:%s' % (username, pa...

i *must* store third party credentials in my database. best way?

My app must read an SSL url from a third party. How do I best store the third party credentials in my own database, which protects the third party credentials from being compromised? Consider both absolute security and practicality. One-way hashing the credentials is not useful as I must restore credentials to plaintext for the SSL call....

is my google app engine deployed source code secure?

I'm thinking about good ways to store third party credentials, which basically means there needs to be a secret somewhere, either in code or data. I'm deploying on google app engine. If the 'secret' was something like pw_passphrase = sha2(username + 'global-password') pw_plaintext = aes_decrypt(pw_passphrase, pw_ciphertext) can I dep...

how to read a password protected zip file in c#

hi suggest me to read password protected zip file using c# ...

Is Md5 Encryption Symmetric or Asymmetric?

For my iPhone application, Apple wants to know if my password encryption (md5) is greater then 64-bit symmetric or greater then 1024-bit symmetric. I have not been able to find it online, so I am wondering if anyone knows the answer. In addition, is this considered an appropriate encryption technology for passwords, or should I use som...