passwords

What are the typical potential security risks developers should account for?

This is a broad question in search of a decent broad answer, but I am really curious about which key issues professional developers must account for in terms of security. How do you make your website more hacker-proof? How do you ensure the security of your companies' databases? I'm a real noob with security issues but I am keen to hea...

EncryptedPackageEnvelope Document Decryption

Hi, I am trying to decrypt an MS Office 2007 document by .NET code. I know the password to open and the encryption provider (obviously), but can not find any example on how to get the Package object from the EncryptedPackageEnvelope. All MS examples are DRM related, but the documents only have a password to open. Please help! Thanks! ...

Can I force in a temporary password answer to asp.net membership?

We recently added the ability for clients to reset their own passwords using the security question. For new clients, this is fine, as we can set the security question and answer on account creation. For existing clients, this is an issue. For clients who have forgotten their password, we e-mail them a temporary password, and then they ...

Set Password in Open Directory from .NET

There are a lot of good resources on how to set a password in Active Directory using .NET - but how would I do the same thing in Open Directory? Is there a way to programatically set a password in Open Directory using .NET? ...

How should I store ftp log on credentials in a MySQL database?

Hey guys, I'm really just looking for some guidance. Here is the scenario: A user can add an FTP account via a password protected control panel. I need to save these credentials so that the FTP account can be connected to automatically. This is easy but I want to take the most secure approach possible. I was thinking of possibly encryp...

How should passwords be securely stored for web hosting?

Possible Duplicate: Encrypting/Hashing plain text passwords in database Recently, I discovered that major web hosting companies store their users' passwords in plaintext and even ask for the last 4 digits of the user' password when trying to verify their identity. This seems vitally wrong and full of security problems. I belie...

I can't set the root password for MySQL

I've just set up a LAMP server using SuSE Server 10. I want to set the root password for MySQL, so I entered the following in the terminal: mysqladmin -u root password MyPassword and the output is: mysqladmin: Can't turn off logging; error: 'Access denied; you need SUPER privilege for this operation' I'm not really certain what S...

Writing a Password Filter for Windows in C# and registering the dll

I'm looking to write a custom password filter for windows using C#.Net. Any inputs on that? I have already read the programming considerations for writing a password filter. I'm not able to find any code sample in C#. ...

Credential distribution/storage across fleets

What are the options for secure password/credential storage on a host and propagation of changes across a fleet of hosts? An example would be you have fleet of size N and you want to store credentials, such as AWS access keys, on those hosts. The simple approach is to store it in the source code or a config file, but this is bad beca...

Ways to update a sql server database from a VC++ win32 project?

Hello I'm in the process of creating a Password Filter as described here. I can manage to write the VC++ code. My issue is that i need to update SQL Server database from that code. I dont have any past experience in VC++ Win32 project. My assumptions are Linking an external dll (compiled C#.net code) which will take care of the databa...

What is the proper way of handling configurations (database login and passwords, etc.) in a dynamic web project?

I just got my hands on doing dynamic web programming using JSP. What is the proper way to handle the configurations? For example, database name, host, login, and password, and indexing directory in the server, etc. My concern is mostly about the security of the passwords. Currently I hard code the data into the .java files, I don't thin...

ASP.NET - Password Recovery using SMPT.Gmail.Com

I have a login control on my webpage along with a RecoverPassword control. I have the following code inside of web.config <system.net> <mailSettings> <smtp from="[email protected]"> <network host="smtp.gmail.com" password="XXXXXXX" port="587" userName="[email protected]" /> </smtp> </mailSettings> ...

Validate passwords with CakePHP 1.3

How do I run validation checks on a password field in CakePHP, seeing that the password is hashed before I get a chance to run any checks on it? ...

How to save subversion password with bzr-svn

I am using bzr-svn to chekout svn repositories using bazaar. But bzr-svn asks for passwords everytime, I searched the web to find out about authentication.conf I put the following section authentication.conf [something] scheme=svn+http #tried http only or svn only host=uuuuuu.com path=/svn/project #tried without stating path u...

Disallowing characters in a password?

Is there something special about characters that should be allowed/not allowed in a password? I store the password in the db hashed/salted and use PDO to prevent against injection. Is what I'm doing enough? Recently I came across a system that disallowed a number of characters, don't remember all of them, but one was the ampersand &. W...

codeigniter setting up a password!

Hello there! I try to set up a password in a codeigniter form... Everything seems ok to my eyes but no matter which password I use the form is still submitted... here is the code in the controler: class MyBlog extends Controller{ function MyBlog(){ parent::Controller(); $this->load->helper(array('url','form','html'))...

Windows Hashed Password

Hi, Is there a way to get the hashed value of Windows password for a specific local user? Which Win32 API would that be? I don't want to know what the actual password is, just the hash value of the password. I'd like to be able to tell which workstations/servers don't have the same password for a specific user. Please advise, thanks...

Help with the calculation (and usefulness) of password entropy

This is a two part question: Part 1 First, dealing with calculating the entropy of a password in PHP. I have been unable to find any code examples that are empirically sound and would really like some help in finding the 'right' way to calculate a final number. A lot of folks on the net have their own home-baked weighting algorithm, ...

Password strength checking library

Can anyone recommend a Java library that contains methods that are suitable for performing server-side password strength checking in a webapp. Ideally the checker should be: configurable, allowing the deployer to supply different dictionaries, adjust weights of different criteria, and so on extensible allowing new criteria to be imple...

added user with perl-ldap in Open Directory but password: Crypt Password not Open Directory

added user with perl-ldap in Open Directory but password: Crypt Password not Open Directory some weird things happen 1) those user fall into Workgroup Manager > Viewing directory: Search Policy. but I expecting to see them in Workgroup Manager > Viewing directory: /LDAPv3/127.0.0.1 2) Account Summary indicated those user Password: C...