passwords

Resetting passwords without emailing the user

We need to provide a way to reset password for users who are using our website. The typical way is to send email to the user and ask to click on the link to reset. The issue is that we don't want to run a mail server just for the purpose of resetting password. Is there other clever way of reseting password without having to mail the us...

How to make bash script ask for a password ?

I want to secure execution of a program with a password. How do i do that in bash ? Thank you ...

How safe am I signing into Google Spreadsheets with yeroon.net/ggplot2

I am impressed by what I have seen of yeroon.net/ggplot2 which is a web interface for Hadley Wickham's R package ggplot2. I want to try it out on my own data. The part that has me very excited is that one can use data stored in one's own Google spreadsheet as the data. One just signs into their Google Account so that yeroon.net/ggplot2 c...

How to compute digital signature using A1 and A3 certificates without password or something similar

Hi! I'm developing a software using A1 and A3 certificates to sign documents. My customers have a lots of certificates in their repositories and always need to send signed documents using a specific certificate, but the problem is that they always need to put a password. I would like to know if its possible to sign files using stored p...

Javascript Linksys router-style log pop-up.

I am wondering how to do a simple Javascript log in for my web pages on my dev server. I want it to be very simple, like the ones that pop up when you go to 192.168.1.1 to adjust the settings on your Linksys router. Any suggestions? ...

How do API Keys and Secret Keys work?

I am just starting to think about how api keys and secret keys work. Just 2 days ago I signed up for Amazon S3 and installed the S3Fox Plugin. They asked me for both my Access Key and Secret Access Key, both of which require me to login to access. So I'm wondering, if they're asking me for my secret key, they must be storing it somewh...

Secure Way of storing Passwords to APIs without OpenID?

I asked a similar question here a while back but all the answers were offering OpenID which is nice but it doesn't work with services that require authentication that don't use it (such as EventBrite). Say I want to create an app that lists your events from event brite, and their analytics (which eventbrite includes). Any person can si...

Rainbow Tables: How to defend against them??

I recently obtained the l0pht-CD for windows and tried it out on my PC and It WORKS!! http://2600hertz.wordpress.com/2009/12/22/100-windows-xp-vista-7-password-recovery/ I have also read http://kestas.kuliukas.com/RainbowTables/ I'm designing a "Login-Simulator" that stores pwd-s in a similar manner. The current implementation w...

Is Storing Cookies in a Database Safe?

If I use mechanize, I can, for instance, create a new google analytics profile for a website. I do this by programmatically filling out the login form and storing the cookies in the database. Then, for at least until the cookie expires, I can access my analytics admin panel without having to enter my username and password again. Assum...

Opening a password encrypted access database using DAO VB.NET

I create a database like this: Sub Main() Dim wrkDefault As Workspace Dim dbE As DBEngine Dim dbs As Database 'Get default Workspace. dbE = New DBEngine wrkDefault = dbE.Workspaces(0) 'Set the database filename Dim DBFilename As String DBFilename = "c:\mydb.mdb" ...

membership change password

how can i change password manual directly in table membership? passwordformat=1, so how can i crypt password before insert into table? ...

Clearing a form field when page goes back (html / javascript)

Do you know when you use in a form the password field, like this: <input type="password" name="pass"> And you do a GET or POST submit to the same page who have the form and if the user hit back in the browser the password field gets blank. Well thats good, but i need to get blank another form field when the user hit back. Thats because...

Do similar passwords have similar hashes?

Our computer system at work requires users to change their password every few weeks, and you cannot have the same password as you had previously. It remembers something like 20 of your last passwords. I discovered most people simply increment a digit at the end of their password, so "thisismypassword1" becomes "thisismypassword2" then 3,...

Symfony 1.4 - Don't save a blank password on a executeUpdate action.

I have a form to edit a UserProfile which is stored in mysql db. Which includes the following custom configuration: public function configure() { $this->widgetSchema['password']=new sfWidgetFormInputPassword(); $this->validatorSchema['password']->setOption('required', false); // you don't need to specify a new password if you ...

NHibernate MySQL Password Function

I am trying to create a custom application that allows for adding and removing and changing passwords of users. How would I create the hash that MySQL uses to stored password in? I know MySQL has a Password() function but I can't figure out how to use this function in NHibernate. Anyone know how to do this? ...

Application passwords and SQLite security

I have been searching on google for information regarding application passwords and SQLite security for some time, and nothing that I have found has really answered my questions. Here is what I am trying to figure out: 1) My application is going to have an optional password activity that will be called when the application is first ope...

Should default passwords always be empty?

I'm currently designing a system that requires an admin to log in using a password. For certain reasons, it is difficult to set this password during installation, but it can be changed later. My idea is this: If I leave the default password empty, it is so horridly insecure that every admin is going to fix this as soon as possible. If I...

Section of website to be protected by a login

I have a section of my website where I will have forms. I only want people who have registered with the site to be able to use these forms so that I only have serious customers using them. So what i want to have is a way that people can register on the site and once registered the area with the forms will be available to them and I will...

How to find out the username and password for mysql database

Hi, I ve forgot what i set as username and password for mysql database. How could I be able to find it out.I am using wamp server. I am a newbie in mysql and its time to get started for my first project.Please help. ...

ASP.NET Hide Length of Password During Entry

I have to hide the length of the password being entered during login of my asp.net web application. I know the asp.net textbox server control has the textmode of password but I can't even show the that. Any suggestions on how to hide the user input? ...