I have an C# asp.net app using the default Sql MembershipProvider. My web.config has a few settings that control how I'm using this Provider:
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresUniqueEmail="true"
passwordFormat="Hashed"
minRequiredPasswordLength="5"
The problem I'm running into is that when people r...
I'm encountering strange permission issues with Perforce when running it from a NAnt script - but only if that NAnt script is kicked off from a PHP script. Hopefully someone can enlighten me as to what's going on!
I've got a PHP script running in an application pool that is set up to use the "build.user" user account. The script curre...
Hello, I am trying to make a program in Java that checks for three specific inputs. It has to be 1. At least 7 characters. 2. Contain both upper and lower case alphabetic characters.
3. Contain at least 1 digit.
So far I have been able to make it check if there is 7 characters, but I am having trouble with the last two. What should I put...
Looking to store usernames and passwords in a database, and am wondering what the safest way to do so is. I know I have to use a salt somewhere, but am not sure how to generate it securely or how to apply it to encrypt the password. Some sample Python code would be greatly appreciated. Thanks.
...
I'm building a web application that shows users interesting visualizations of their Gmail activity (who they're emailing the most, etc). Obviously the user needs to give me his Gmail password to use the application, and I'm wondering how I should store it:
Store the Gmail password in plaintext. Risky!
Don't store the Gmail password at ...
Can anyone, please, explain to me how to transform a phrase like "I want to buy some milk" into MD5? I read Wikipedia article on MD5, but the explanation given there is beyond my comprehension:
"MD5 processes a variable-length
message into a fixed-length output of
128 bits. The input message is broken
up into chunks of 512-bi...
What do you need to do on a login form so that the browser prompts to remember the login information? I have a input named "username" and one named "password".
on my browser i have it set to ask if it should remember the password, and it does on most sites, but on the site that i am testing it doesnt, so i am wondering what can be chang...
I want to make a program that "test passwords" to see how long they would take to break with a basic brute force attack. So what I did was make 2 text boxes.
(textbox1 and textbox2) and wrote the program so if the text boxes had the input, a "correct password" label would appear, but i want to write the program so that textbox2 will run...
I'm using the following regex to validate password complexity:
/^.*(?=.{6,12})(?=.*[0-9]{2})(?=.*[A-Z]{2})(?=.*[a-z]{2}).*$/
In a nutshell: 2 lowercase, 2 uppercase, 2 numbers, min length is 6 and max length is 12.
It works perfectly, except for the maximum length, when I'm using a minimum length as well.
For example:
/^.*(?=.{6,})...
I've read through many of the questions on SO about this, but many answers contradict each other or I don't understand.
You should always store a password as a hash, never as plain text.
But should you store the salt (unique for each user) next to the hashed password+salt in the database. This doesn't seem very clever to me as couldn't ...
Hi.
I have a SHA1 password and PasswordSalt in my aspnet_Membership table.
but, when I run a query from the server (a Sql Query), the reader reveals
that the pass has returned as its cleartext equivalent.
I am wondering if my web.config configuration is causing this?
<membership defaultProvider="CustomMembershipProvider"
...
I want to create a token generator that generates tokens that cannot be guessed by the user and that are still unique (to be used for password resets and confirmation codes).
I often see this code; does it make sense?
md5(uniqid(rand(), true));
According to a comment uniqid($prefix, $moreEntopy = true) yields
first 8 hex chars = ...
Is there a way to limit the url of saved credentials in browsers?
For example, if I save a username and password for http://www.website.com/login can I make it so that the rest of the forms in the site don't use these details? http://www.website.com/members, http://www.website.com/admin etc...
I'm aware of the autocomplete attribute bu...
Hello,
I migrated my application to a new server (from a VPS to a dedicated) yesterday and the password protection which was working correctly on the previous server (using .htaccess file - asking username/pass) doesn't work anymore : anyone can access the website without being asked to enter a username pass. I don't really have a clue ...
Okay. So I went on a trip, came back, and suddenly, a website that I was working on is now asking for a username and password á la .htaccess. Thing is, I never made this happen and there is no .htaccess file anywhere to be found. Here is the site: link
I didn't buy the template from omegathemes.com, whatever that is. And when you go the...
And what if you want to autocomplete passwords? I am using similar thing here... I am using Div (id=loginButton) and it has some image - I don't want button control in MVC application (), neither image button. I have hidden input control which is hidden button actually (id=submit_btn).
So, on div's (id=loginButton) click, I want to call...
I am aware that it is not possible to echo the * while you type in standard ANSI C. But is there a way to display nothing while someone is typing their password in the console. What I mean is like the sudo prompts in a Unix/Linux terminal. Like if you type in the command: sudo cp /etc/somefile ~/somedir. You are usually prompted for the ...
Hello,
I've seen around the web the following regex
(?=^.{8,}$)((?=.*\d)|(?=.*\W+))(?![.\n])(?=.*[A-Z])(?=.*[a-z]).*$
which validates only if the string:
* contain at least (1) upper case letter
* contain at least (1) lower case letter
* contain at least (1) number or special character
* contain at least (8) characters ...
Here is my plan, and goals:
Overall Goals:
Security with a certain amount of simplicity & database-to-database transferrability, 'cause I'm no expert and could mess it up and I don't want to have to ask a lot of users to reset their passwords.
Easy to wipe the passwords for publishing a "wiped" databased of test data. (e.g. I'd like t...
Hi,
I have the following problem. I need to create a zip file under linux with a password provided by another party that is encoded with CP-1252. What I have tried is changing the encoding of this password to UTF-8. Then I made a zipfile protected with this utf-8 encoded password. However the file can not be unzipped in windows with the...