Hey guys, I am making a personal website with a blog. I'd like to have certain entries password protected like I've seen on at least one wordpress. That's no biggie. But I was wondering if there was something really flexible which will allow hidden text to be revealed after a post? For example, the public post may say, "I met my friend B...
Hai guys,
Thus far i am using the following statements for encrypting a password variable in sql server 2005
OPEN SYMMETRIC KEY SecureSymmetricKey1
DECRYPTION BY PASSWORD = N'StrongPassword';
DECLARE @encrypted_str VARBINARY(MAX)
select @encrypted_str=EncryptByKey(Key_GUID('SecureSymmetricKey1'),@Password)
Is this a good practice o...
Hai guys,
I came to know that storing hash value of a password is a safe one from Preferred Method of Storing Passwords In Database...
How to salt and hash a password value using c#?
How to compare both the values stored in DB and the one given by the user?
...
My code works fine using plain text code, but fails when I use an encrypted password
filename File email emailsys = VIM emailid= "&pa_usr" emailpw= "{sasenc}39AAD23E148A9555508AC84447181DFF" ;
Anyone know what I should do?
...
I'm planning to make the database of a Rails project available for download publicly. This database contains an Authlogic users table, with crypted_password and password_salt fields. How securely are these passwords stored... is it safe to make them available publicly this way? Or should I look at implementing another authentication syst...
The issue
I have a site that's a few weeks away from launch, so I've put a htaccess Require directive on it, to keep nosy people out until launch.
But now I need to open up (i.e. not require a password) for 2 specific URLs, because a payment-processing service needs access to them. And for some reason I just can't get it to work!
The ...
Does MySql 5.1 and SQL Server 2008 (Web edition, Standard) have any functional password limitations other than length limits? Are metacharacters in any form a bad idea to use, like bang, pipe, hash, any slash, carrot, and so on?
I know that MySql 5.1 has a password length limitation of 16 characters that is hardcoded, but I was wonderin...
Hello everyone,
I am trying to write some code to check the AD password age during a user login and notify them of the 15 remaining days. I am using the ASP.Net code that I found on the Microsoft MSDN site and I managed to add a function that checks the if the account is set to change password at next login. The login and the change pas...
Hi,
I'm trying to sanitize any data that's inputted by making sure the data is valid for a particular field (e.g. a name can't contain special characters/numbers etc..) However, I'm not sure what to do when it comes to a password field. Would I even need to bother with any sanitization as the password is simply hashed? If the user was ...
I have a personal learning project that I shelved for awhile but recently decided to get back into. After hearing so much about Git, I decided to give it a try. Thus far I've been able to initialize an empty Git repository but then it prompts me for a password of which I've misplaced. My first question, where is the password being prompt...
Using md5 on a string always produces an alpha-numeric encrypted result, ie: no symbols.
However, when I using the php crypt() function, specifically the CRYPT_MD5 (and it is on, I've checked) with a salt, the supposed md5 hash it returns does not look like an md5 hash.
For example:
if I md5 the string 'password', I get:
$pass = md5(...
I'm thinking of hashing user passwords with two different salt strings, one stored in the code which is the same for all users and another stored in the database for which each user has their own unique value.
Would this be more effective than simply storing the values in the database?
Any advice, opinions appreiated.
Thanks
...
I have tried different types of Password Strength Meters or Password checkers, but all give me different results when I test the same Password, because each implements its own algorithm.
Is there some official standard or guideline that can follow me to build my own Password Strength Meter.
If there was no official standard, what featu...
Hi,
I'm writing an ASP.NET MVC application which will provide user registration functionality but i am not sure which part of the application (e.g. User Domain model object, Controller, ViewModelMappers) should be responsible for hashing the user's password. I have a registration page that uses a strongly typed ViewModel and a Register...
Is there an easy way in Java to generate password hashes in same form as generated by "openssl passwd -1".
Example:
# openssl passwd -1 test
$1$Gt24/BL6$E4ZsrluohHFxtcdqCH7jo.
I'm looking for a pure java solution that does not call openssl or any other external program.
Thanks
Raffael
...
Hello guys,
today there was a big problem i got wile programming on my newest project.
I have to save the Users Email-passwords in my system ( php + mysql ).
I do it now this way:
Is this secure? And when not what is a better way to do it?
greetz from white Vienna
Dom
...
Edit/clarification: I mean password generation as in "deterministically generate passwords for your own use (e.g. to sign up for web services), based on some secret and on some site-specific data"
I take the MD5 digest of the concatenation of my master password and a (non-secret) site-specific string. Then I take the first 16 digits of ...
what is the most secure way to password protect admin files/folders?
im on apache/php
...
Hey Everyone,
I am working on an ASP.NET MVC app, and I have some views which I want to password protect. Not in a username/password forms auth type of way. When a user tries to go to one of these protected pages, I want them to have to put in a password. I came up with a way to do this, I just want to get some validation that it is a g...
I seen this question http://stackoverflow.com/questions/287517/encrypting-hashing-plain-text-passwords-in-database
and i am aware i shouldnt do md5("salt" + password); and i see an implementation in python for a solution.
Is there a .NET built in function with params i can use instead of writing my own?
...