I am writing an iPhone app which will start with asking the user to register with a login/passwd. These should be :
Saved securely locally
Send securely to a remote web-server
What do I need to achieve the above? Say, for local storage, shall I save them in a file or database? Shall I encrypt it? For sending it over, is HTTPS suffici...
What algorithm should I use for encrypting and embedding a password for an application?
It obviously is not bullet proof, but it should be good enough to thwart someone scanning the database with a hex editor, or make it hard for someone who has the skills to use a debugger to trace the code to work out, either by scanning for the encry...
User System and Passwords: I was looking through MD5 stuff, and I am wondering what is the normal/good practice for passwords. Right now, I think people super encrypt the passwords and store the hashes. If so, how does password checking work? I just have the input password go through the encryption process again and then check the hash w...
Rather than distribute a password to employees, I would like to protect an excel workbook so that only users on the company domain can open the workbook. Is there a feasible way to do this?
The workbook should be encrypted, but transparently decrypted for users who are logged into the company domain. That way, a file that strays from ...
I am trying to store a username and password to hash against for future offline logging in. What is the best way to do this in objective c?
I will need the password to be stored securely.
...
We have software that have some features that are so sensitive that we want to verify the identity of the user. Instead of using a own user/password scheme we would really like to either test the password against the user password in XP, or even make Windows self reauthenticate the user so we can make sure that it is an authorized person...
Is there any way of retreaving a SQL Server Authenticatiion password. I am running Server 2005 with admin rights.
...
I'm using a Linq-to-SQL class called Scans.dbml.
In that class I've dragged a table called Users (username, password, role) onto the graphic area and now I can access User object via a UserRepository class:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
namespace Scanner.Classes
{
public clas...
How can I easily salt a password from a Textbox.Text?
Are there some built in wizardry in the .NET framework?
...
Most of the online sites on registration do send a link to activate the site and on any further correspondence with the end user they provide information about the site and also provide the login credentials with password in clear text (as given below)
Username - [email protected]
Password - mysecretpassword
What would you do in such a ...
Hi !
I'm currently working on a Rails app which stores plain clear passwords (...). So I'm migrating to Authlogic authentication with a 'standard' SHA512 encryption.
I did that which works fine :
#file /models/user.rb
class User < ActiveRecord::Base
acts_as_authentic { |c|
c.transition_from_crypto_providers = [MyOwnNoCrypto, Au...
In a sentence, I want to configure JBoss 4.2.2 to use DatabaseServerLoginModule as the login-module for a Web application that is secured via Digest Authentication. The problem I am having is that the passwords fail to validate. I suspect the issue is either in how I've defined the application policy or in how the passwords are stored ...
I would like a way to update my password on a remote Ubuntu 10.4 box with fabric.
I would expect my fabfile.py would look something like this:
def update_password(old_pw, new_pw):
# Connects over ssh with a public key authentication
run("some_passwd_cmd --old %s --new %s" % (old_pw, new_pd))
Unfortunately the only command I k...
I came across this statement
Do not use "forgotten password"
functionality. But if you must, ensure
that you are only providing
information to the actual user, e.g.
by using an email address or challenge
question that the legitimate user
already provided in the past; do not
allow the current user to change this
identi...
Hey all,
Tried posting this before but it did not go through (i think) so if this is a repost please disregard. However, I asked a question yesterday and figured it out with the wonderful help from here. I have a user account page where a user can edit their account information. Now, they don't always change their password. So, I made t...
Ok so from my previous post I got a lot of good feedback. I am starting this one so that I can start a new question and add the full code I have. i know something is messing up, but here is my method and implementation.
jquery.validator.addMethod("passwordRules", function(input) {
var reg = /^{^%\s]{6,}$/;
var reg2 = /[a-zA-Z]/;...
Hi,
I am a bit of a newbie around Security nitty gritties and especially around Cryptography.
In the application we are building(ASP.net application built on .NET 3.5), we are currently using Databases to save our users authentication information (AD etc is not an option at this point).
The intention is to do a one way salted hash of t...
I am new to web development. Am I allowed to store users' original passwords? I know good practice is to store the hashed password using a salt, but why don't we store the original password?
Is it because the database is easily hacked, so hashing protects passwords? Are there any other reasons? If not, I would like to store the origi...
I use httplib.HTTPSConnection with private key:
h = httplib.HTTPSConnection(url, key_file='../cert/priv.pem', cert_file='../cert/srv_test.crt')
Then I am asked to enter the password to that private key. Is there any option to enter such password not from user input (console) but from other source (code, environment)? Maybe something l...
Scenario:
Web-service producer have only SHA-1 hash of passwords stored in database. We need to authenticate Web-service users using User Name/Password combination.
Web Services Security UsernameToken Profile allows us to add soap headers for this purpose:
The element is
introduced in the WSS: SOAP Message
Security document...