passwords

Can I configure the ResetPassword in Asp.Net's MembershipProvider?

I have an C# asp.net app using the default Sql MembershipProvider. My web.config has a few settings that control how I'm using this Provider: enablePasswordRetrieval="false" enablePasswordReset="true" requiresUniqueEmail="true" passwordFormat="Hashed" minRequiredPasswordLength="5" The problem I'm running into is that when people r...

Problems executing P4 commands from NAnt via web app on IIS 6.

I'm encountering strange permission issues with Perforce when running it from a NAnt script - but only if that NAnt script is kicked off from a PHP script. Hopefully someone can enlighten me as to what's going on! I've got a PHP script running in an application pool that is set up to use the "build.user" user account. The script curre...

help with making a password checker in java

Hello, I am trying to make a program in Java that checks for three specific inputs. It has to be 1. At least 7 characters. 2. Contain both upper and lower case alphabetic characters. 3. Contain at least 1 digit. So far I have been able to make it check if there is 7 characters, but I am having trouble with the last two. What should I put...

Python's safest method to store and retrieve passwords from a database.

Looking to store usernames and passwords in a database, and am wondering what the safest way to do so is. I know I have to use a salt somewhere, but am not sure how to generate it securely or how to apply it to encrypt the password. Some sample Python code would be greatly appreciated. Thanks. ...

How to store a user's password to another web application

I'm building a web application that shows users interesting visualizations of their Gmail activity (who they're emailing the most, etc). Obviously the user needs to give me his Gmail password to use the application, and I'm wondering how I should store it: Store the Gmail password in plaintext. Risky! Don't store the Gmail password at ...

How to transform phrases and words into MD5 hash?

Can anyone, please, explain to me how to transform a phrase like "I want to buy some milk" into MD5? I read Wikipedia article on MD5, but the explanation given there is beyond my comprehension: "MD5 processes a variable-length message into a fixed-length output of 128 bits. The input message is broken up into chunks of 512-bi...

Why isnt the browser asking to remember the password?

What do you need to do on a login form so that the browser prompts to remember the login information? I have a input named "username" and one named "password". on my browser i have it set to ask if it should remember the password, and it does on most sites, but on the site that i am testing it doesnt, so i am wondering what can be chang...

Brute force characters into a textbox in c#

I want to make a program that "test passwords" to see how long they would take to break with a basic brute force attack. So what I did was make 2 text boxes. (textbox1 and textbox2) and wrote the program so if the text boxes had the input, a "correct password" label would appear, but i want to write the program so that textbox2 will run...

Help with password complexity regex

I'm using the following regex to validate password complexity: /^.*(?=.{6,12})(?=.*[0-9]{2})(?=.*[A-Z]{2})(?=.*[a-z]{2}).*$/ In a nutshell: 2 lowercase, 2 uppercase, 2 numbers, min length is 6 and max length is 12. It works perfectly, except for the maximum length, when I'm using a minimum length as well. For example: /^.*(?=.{6,})...

Salt, passwords and security

I've read through many of the questions on SO about this, but many answers contradict each other or I don't understand. You should always store a password as a hash, never as plain text. But should you store the salt (unique for each user) next to the hashed password+salt in the database. This doesn't seem very clever to me as couldn't ...

SHA1 Password returns as cleartext after DB query

Hi. I have a SHA1 password and PasswordSalt in my aspnet_Membership table. but, when I run a query from the server (a Sql Query), the reader reveals that the pass has returned as its cleartext equivalent. I am wondering if my web.config configuration is causing this? <membership defaultProvider="CustomMembershipProvider" ...

[PHP] md5(uniqid) makes sense for random unique tokens?

I want to create a token generator that generates tokens that cannot be guessed by the user and that are still unique (to be used for password resets and confirmation codes). I often see this code; does it make sense? md5(uniqid(rand(), true)); According to a comment uniqid($prefix, $moreEntopy = true) yields first 8 hex chars = ...

Why do browsers use my saved password for all forms in the one site?

Is there a way to limit the url of saved credentials in browsers? For example, if I save a username and password for http://www.website.com/login can I make it so that the rest of the forms in the site don't use these details? http://www.website.com/members, http://www.website.com/admin etc... I'm aware of the autocomplete attribute bu...

Password protection by .htaccess file not working after deployment on a new server

Hello, I migrated my application to a new server (from a VPS to a dedicated) yesterday and the password protection which was working correctly on the previous server (using .htaccess file - asking username/pass) doesn't work anymore : anyone can access the website without being asked to enter a username pass. I don't really have a clue ...

Weird .htaccess password request that I didn't make...

Okay. So I went on a trip, came back, and suddenly, a website that I was working on is now asking for a username and password á la .htaccess. Thing is, I never made this happen and there is no .htaccess file anywhere to be found. Here is the site: link I didn't buy the template from omegathemes.com, whatever that is. And when you go the...

Div click and AUTOCOMPLETE password dialog problem

And what if you want to autocomplete passwords? I am using similar thing here... I am using Div (id=loginButton) and it has some image - I don't want button control in MVC application (), neither image button. I have hidden input control which is hidden button actually (id=submit_btn). So, on div's (id=loginButton) click, I want to call...

Enter Password in C

I am aware that it is not possible to echo the * while you type in standard ANSI C. But is there a way to display nothing while someone is typing their password in the console. What I mean is like the sudo prompts in a Unix/Linux terminal. Like if you type in the command: sudo cp /etc/somefile ~/somedir. You are usually prompted for the ...

php regex for strong password validation

Hello, I've seen around the web the following regex (?=^.{8,}$)((?=.*\d)|(?=.*\W+))(?![.\n])(?=.*[A-Z])(?=.*[a-z]).*$ which validates only if the string: * contain at least (1) upper case letter * contain at least (1) lower case letter * contain at least (1) number or special character * contain at least (8) characters ...

Security benefits from a second opinion, are there flaws in my plan to hash & salt user passwords via postgresql?

Here is my plan, and goals: Overall Goals: Security with a certain amount of simplicity & database-to-database transferrability, 'cause I'm no expert and could mess it up and I don't want to have to ask a lot of users to reset their passwords. Easy to wipe the passwords for publishing a "wiped" databased of test data. (e.g. I'd like t...

how to deal with a CP-1252 encoded password under linux?

Hi, I have the following problem. I need to create a zip file under linux with a password provided by another party that is encoded with CP-1252. What I have tried is changing the encoding of this password to UTF-8. Then I made a zipfile protected with this utf-8 encoded password. However the file can not be unzipped in windows with the...