This is a broad question in search of a decent broad answer, but I am really curious about which key issues professional developers must account for in terms of security.
How do you make your website more hacker-proof? How do you ensure the security of your companies' databases?
I'm a real noob with security issues but I am keen to hea...
Hi,
I am trying to decrypt an MS Office 2007 document by .NET code.
I know the password to open and the encryption provider (obviously), but can not find any example on how to get the Package object from the EncryptedPackageEnvelope.
All MS examples are DRM related, but the documents only have a password to open.
Please help! Thanks!
...
We recently added the ability for clients to reset their own passwords using the security question. For new clients, this is fine, as we can set the security question and answer on account creation. For existing clients, this is an issue.
For clients who have forgotten their password, we e-mail them a temporary password, and then they ...
There are a lot of good resources on how to set a password in Active Directory using .NET - but how would I do the same thing in Open Directory? Is there a way to programatically set a password in Open Directory using .NET?
...
Hey guys,
I'm really just looking for some guidance. Here is the scenario:
A user can add an FTP account via a password protected control panel. I need to save these credentials so that the FTP account can be connected to automatically. This is easy but I want to take the most secure approach possible. I was thinking of possibly encryp...
Possible Duplicate:
Encrypting/Hashing plain text passwords in database
Recently, I discovered that major web hosting companies store their users' passwords in plaintext and even ask for the last 4 digits of the user' password when trying to verify their identity. This seems vitally wrong and full of security problems. I belie...
I've just set up a LAMP server using SuSE Server 10. I want to set the root password for MySQL, so I entered the following in the terminal:
mysqladmin -u root password MyPassword
and the output is:
mysqladmin: Can't turn off logging; error: 'Access denied; you need SUPER
privilege for this operation'
I'm not really certain what S...
I'm looking to write a custom password filter for windows using C#.Net. Any inputs on that? I have already read the programming considerations for writing a password filter. I'm not able to find any code sample in C#.
...
What are the options for secure password/credential storage on a host and propagation of changes across a fleet of hosts?
An example would be you have fleet of size N and you want to store credentials, such as AWS access keys, on those hosts. The simple approach is to store it in the source code or a config file, but this is bad beca...
Hello
I'm in the process of creating a Password Filter as described here. I can manage to write the VC++ code. My issue is that i need to update SQL Server database from that code. I dont have any past experience in VC++ Win32 project. My assumptions are
Linking an external dll (compiled
C#.net code) which will take care of
the databa...
I just got my hands on doing dynamic web programming using JSP. What is the proper way to handle the configurations?
For example, database name, host, login, and password, and indexing directory in the server, etc. My concern is mostly about the security of the passwords. Currently I hard code the data into the .java files, I don't thin...
I have a login control on my webpage along with a RecoverPassword control.
I have the following code inside of web.config
<system.net>
<mailSettings>
<smtp from="[email protected]">
<network host="smtp.gmail.com" password="XXXXXXX" port="587"
userName="[email protected]" />
</smtp>
</mailSettings> ...
How do I run validation checks on a password field in CakePHP, seeing that the password is hashed before I get a chance to run any checks on it?
...
I am using bzr-svn to chekout svn repositories using bazaar. But bzr-svn asks for passwords everytime, I searched the web to find out about authentication.conf
I put the following section authentication.conf
[something]
scheme=svn+http #tried http only or svn only
host=uuuuuu.com
path=/svn/project #tried without stating path
u...
Is there something special about characters that should be allowed/not allowed in a password?
I store the password in the db hashed/salted and use PDO to prevent against injection. Is what I'm doing enough? Recently I came across a system that disallowed a number of characters, don't remember all of them, but one was the ampersand &. W...
Hello there!
I try to set up a password in a codeigniter form...
Everything seems ok to my eyes but no matter which password I use the form is still submitted...
here is the code in the controler:
class MyBlog extends Controller{
function MyBlog(){
parent::Controller();
$this->load->helper(array('url','form','html'))...
Hi,
Is there a way to get the hashed value of Windows password for a specific local user? Which Win32 API would that be? I don't want to know what the actual password is, just the hash value of the password.
I'd like to be able to tell which workstations/servers don't have the same password for a specific user.
Please advise, thanks...
This is a two part question:
Part 1
First, dealing with calculating the entropy of a password in PHP. I have been unable to find any code examples that are empirically sound and would really like some help in finding the 'right' way to calculate a final number. A lot of folks on the net have their own home-baked weighting algorithm, ...
Can anyone recommend a Java library that contains methods that are suitable for performing server-side password strength checking in a webapp. Ideally the checker should be:
configurable, allowing the deployer to supply different dictionaries, adjust weights of different criteria, and so on
extensible allowing new criteria to be imple...
added user with perl-ldap in Open Directory but password: Crypt Password not Open Directory
some weird things happen
1) those user fall into
Workgroup Manager > Viewing directory: Search Policy.
but I expecting to see them in
Workgroup Manager > Viewing directory: /LDAPv3/127.0.0.1
2) Account Summary indicated those user
Password: C...