Search Results

Search found 1522 results on 61 pages for 'passwords'.

Page 14/61 | < Previous Page | 10 11 12 13 14 15 16 17 18 19 20 21  | Next Page >

  • Login for webapp, needs to be available for support staff

    - by Christian W
    I know the title is a little off, but it's hard to explain the problem in a short sentence. I am the administrator of a legacy webapp that lets users create surveys and distribute them to a group of people. We have two kinds of "users". Authorized licenseholders which does all setup themselves. Clients who just want to have a survey run, but still need a user (because the webapp has "User" as the top entity in a surveyenvironment.) Sometimes users in #1 want us to do the setup for them (which we offer to do). This means that we have to login as them. This is also how we do support: we login as them and then follow them along, guiding them. Which brings me to my dilemma. Currently our security is below par. But this makes it simple for us to do support. We do want to increase our security, and one thing I have been considering is just doing the normal hashing to DB, however, we need to be able to login as a customer, and if they change their password without telling us, and the password is hashed in the db, we have no way of knowing it. So I was thinking of some kind of twoway encryption for the passwords. Either that or some kind of master password. Any suggestions? (The platform is classic ASP... I said it was legacy...)

    Read the article

  • MVC 3, View Model for user registration process. Password validation not working properly

    - by sec_goat
    I am trying to create a user registration page using MVC 3, so that I can better understand the process of how it works, what's going on behind the scenes etc. I am running into some issues when trying to use [Compare] to check to see that the user entered the same password twice. I tried adding the ComparePassword field to my user model first, and found that would not work the way I wanted as I did not have the field in the database, so the obvious answer was to create a View Model using the same information including the ComparePassword field. So I now have created a User model and a RegistrationViewModel, however it appears that the [Compare] on the password is not returning anything, for instance no matter what I put in the two boxes, when I click create it gives no error, which seems to me to mean it was successfully validated. I am not sure what I am doing or not doing to make this work properly. I have tried updating the jQuery.Validate to the newest version as there were some bugs reported in older version, this has not helped my efforts. Below is a wall of code, that is what I am working with. } public class RegistrationViewModel { [Required] [StringLength(15, MinimumLength = 3)] [Display(Name = "User Name")] [RegularExpression(@"(\S)+", ErrorMessage = " White Space is not allowed in User Names")] [ScaffoldColumn(false)] public String Username { get; set; } [Required] [StringLength(15, MinimumLength = 3)] [Display(Name = "First Name")] public String firstName { get; set; } [Required] [StringLength(15, MinimumLength = 3)] [Display(Name = "Last Name")] public String lastName { get; set; } [Required] [Display(Name = "Email")] public String email { get; set; } [Required] [Display(Name = "Password")] [DataType(DataType.Password)] public String password { get; set; } [Required] [DataType(DataType.Password)] [Display(Name = "Re-enter Password")] [Compare("Password", ErrorMessage = "Passwords do not match.")] public String comparePassword { get; set; } }

    Read the article

  • Is Storing Cookies in a Database Safe?

    - by viatropos
    If I use mechanize, I can, for instance, create a new google analytics profile for a website. I do this by programmatically filling out the login form and storing the cookies in the database. Then, for at least until the cookie expires, I can access my analytics admin panel without having to enter my username and password again. Assuming you can't create a new analytics profile any other way (with OpenAuth or any of that, I don't think it works for actually creating a new Google Analytics profile, the Analytics API is for viewing the data, but I need to create an new analytics profile), is storing the cookie in the database a bad thing? If I do store the cookie in the database, it makes it super easy to programatically login to Google Analytics without the user ever having to go to the browser (maybe the app has functionality that says "user, you can schedule a hook that creates a new anaytics profile for each new domain you create, just enter your credentials once and we'll keep you logged in and safe"). Otherwise I have to keep transferring around emails and passwords which seems worse. So is storing cookies in the database safe?

    Read the article

  • How to sync passwords one-way between windows domains without trust relationship?

    - by Franco C.
    We're migrating from Windows 2003 to 2008 SBS. We will run concurrently for a short period of time. I cannot establish a trust relationship between Server 2003 & Server 2008 SBS and I would like to know if there is a way to sync the passwords between 2003-2008? For example, I would like to dump the pre-encrypted passswords to a file in 2003 and then use this to update the passwords for the correspoding usernames in 2008 SBS. Is this possible? I have no need to ever see the clear text version of the passwords. I see one commercial product, but it hardly seems worth it given the temporary nature of my project... Thanks, Franco

    Read the article

  • dtexec with password

    - by user1602996
    I have added a new step in my job activity monitor which runs ssis package(encrepted with password). dtexec /f "\\sw-conf-dev-01\projects\dtsx\Email.dtsx" /de "ssispassword" error message: Description: The package is encrypted with a password. The password was not specified, or is not correct. End Error Could not load package "\sw-conf-dev-01\projects\dtsx\Email.dtsx" because of error 0xC0014037. Description: Failed to remove package protection with error 0xC0014037 "The package is encrypted with a password. The password was not specified, or is not correct.". This occurs in the CPackage::LoadFromXML method I have used the same password in the package as well, but i don't know why I'm still getting an error message. Any ideas?

    Read the article

  • SHA512 vs. Blowfish and Bcrypt

    - by Chris
    I'm looking at hashing algorithms, but couldn't find an answer. Bcrypt uses Blowfish Blowfish is better than MD5 Q: but is Blowfish better than SHA512? Thanks.. Update: I want to clarify that I understand the difference between hashing and encryption. What prompted me to ask the question this way is this article, where the author refers to bcrypt as "adaptive hashing" http://chargen.matasano.com/chargen/2007/9/7/enough-with-the-rainbow-tables-what-you-need-to-know-about-s.html Since bcrypt is based on Blowfish, I was led to think that Blowfish is a hashing algorithm. If it's encryption as answers have pointed out, then seems to me like it shouldn't have a place in this article. What's worse is that he's concluding that bcrypt is the best. What's also confusing me now is that the phpass class (used for password hashing I believe) uses bcrypt (i.e. blowfish, i.e. encryption). Based on this new info you guys are telling me (blowfish is encryption), this class sounds wrong. Am I missing something?

    Read the article

  • Implement password recovery best practice

    - by Enrique
    Hello I want to to implement password recovery in my web application. I'd like to avoid using secret questions. I could just send the password by e-mail but I think it would be risky. Maybe I could generate a new temporary random password and send it by e-mail but I think it is as risky as the above point. Can I send a url by e-mail for example http://mysite.com/token=xxxx where xxxx is a random token associated with the user. So when the user navigates to that url he/she can reset the password. Any ideas?

    Read the article

  • International keyboard and UITextField secure option

    - by Chonch
    Hey, I have a UITextField in a .xib file with the secure option marked as YES. I have several international keyboards on my device. When the secure option is set to NO, I have no problem using all of the international keyboards on my device, but when it is set to YES, I am only able to use the English keyboard. Is there a way to an option I can use to enable this feature, or would I have to do this manually (don't mark the secure option and replace the text the user enters with *'s)? Thanks,

    Read the article

  • How safe am I singing into Google Spreadsheets with yeroon.net/ggplot2

    - by Farrel
    I am impressed by what I have seen of yeroon.net/ggplot2 which is a web interface for Hadley Wickham's R package ggplot2. I want to try it out on my own data. The part that has me very excited is that one can use data stored in one's own Google spreadsheet as the data. One just signs into their Google Account so that yeroon.net/ggplot2 can access the spreadsheet list. I have been hesitant to do it. If I sign in whilst on yeroon.net am I handing over my username and password to a third party? It would not be wise of me to divulge my google password to third parties since Google is fast becoming my repository of everything. How do I know if Jeroon's application is using ClientLogin or OAuth? My understanding is very basic and may be wrong but nevertheless here it is. OAuth would be better since it does not actually pass the password onto the third party application.

    Read the article

  • .NET Active Directory Password Expiration on Windows 2008

    - by Brent Pabst
    Searched SO and Everywhere else, including the .net developers guide to directory services programming book - no luck. I am trying to create a simple password reset web page that allows the user to change their password. The change password portion of the code is working fine. For the users I would also like to display when their current password will expire next. Using the sample code from the book mentioned above I was able to get all of the code setup however, the attribute that is returned is always equal to Long.MinValue and hence cannot be inverted to a positive number, plus this means it did not find the proper domain setting. Does anyone have sample code or references for getting the password expiration in a Windows 2008 or R2 domain environment where password policies can be different for each user?

    Read the article

  • sql server 2005 databse password recovery

    - by air
    i have one database in ms sql server 2005. i create this long time back, now want to modify it but i lost the password, i remember the user name for that database, is there any way to recover the password for that database or change its password ? Thanks

    Read the article

  • change password code error.......

    - by shimaTun
    I've created a code to change a password. Now it seem contain an error. When before I fill in the form to change password.the error is: Warning: Cannot modify header information - headers already sent by (output started at C:\Program Files\xampp\htdocs\e-Complaint(FYP)\userChangePass.php:7) in C:\Program Files\xampp\htdocs\e-Complaint(FYP)\userChangePass.php on line 126 the code: <?php # userChangePass.php //this page allows logged in user to change their password. $page_title='Change Your Password'; //if no first_name variable exists, redirect the user if(!isset($_SESSION['userid'])){ header("Location: http://" .$_SERVER['HTTP_HOST']. dirname($_SERVER['PHP_SELF'])."/index.php"); ob_end_clean(); exit(); }else{ if(isset($_POST['submit'])) {//handle form. require_once('connectioncomplaint.php'); //connec to the database //check for a new password and match againts the confirmed password. if(eregi ("^[[:alnum:]]{4,20}$", stripslashes(trim($_POST['password1'])))){ if($_POST['password1'] == $_POST['password2']){ $p =escape_data($_POST['password1']); }else{ $p=FALSE; echo'<p><font color="red" size="+1"> Your password did not match the confirmed password!</font></p>'; } }else{ $p=FALSE; echo'<p><font color="red" size="+1"> Please Enter a valid password!</font></p>'; } if($p){ //if everything OK. //make the query $query="UPDATE access SET password=PASSWORD('$p') WHERE userid={$_SESSION['userid']}"; $result=@mysql_query($query);//run the query. if(mysql_affected_rows() == 1) {//if it run ok. //send an email,if desired. echo '<p><b>your password has been changed.</b></p>'; //include('templates/footer.inc');//include the HTML footer. exit(); }else{//if it did not run ok $message= '<p>Your password could not be change due to a system error.We apolpgize for any inconvenience.</p><p>' .mysql_error() .'</p>'; } mysql_close();//close the database connection. }else{//failed the validation test. echo '<p><font color="red" size="+1"> Please try again.</font></p>'; } }//end of the main Submit conditional. } ?> the error at this line:- header("Location: http://" .$_SERVER['HTTP_HOST']. dirname($_SERVER['PHP_SELF'])."/index.php"); please help me guy...

    Read the article

  • Enter Password in C

    - by Mohit Deshpande
    I am aware that it is not possible to echo the * while you type in standard ANSI C. But is there a way to display nothing while someone is typing their password in the console. What I mean is like the sudo prompts in a Unix/Linux terminal. Like if you type in the command: sudo cp /etc/somefile ~/somedir. You are usually prompted for the root password. And while you type it in, the terminal displays nothing. Is this effect possible in C? If it is, how?

    Read the article

  • How safe am I signing into Google Spreadsheets with yeroon.net/ggplot2

    - by Farrel
    I am impressed by what I have seen of yeroon.net/ggplot2 which is a web interface for Hadley Wickham's R package ggplot2. I want to try it out on my own data. The part that has me very excited is that one can use data stored in one's own Google spreadsheet as the data. One just signs into their Google Account so that yeroon.net/ggplot2 can access the spreadsheet list. I have been hesitant to do it. If I sign in whilst on yeroon.net am I handing over my username and password to a third party? It would not be wise of me to divulge my google password to third parties since Google is fast becoming my repository of everything. How do I know if Jeroon's application is using ClientLogin or OAuth? My understanding is very basic and may be wrong but nevertheless here it is. OAuth would be better since it does not actually pass the password onto the third party application.

    Read the article

  • How does one decrypt a PDF with an owner password, but no user password?

    - by Tony Meyer
    Although the PDF specification is available from Adobe, it's not exactly the simplest document to read through. PDF allows documents to be encrypted so that either a user password and/or an owner password is required to do various things with the document (display, print, etc). A common use is to lock a PDF so that end users can read it without entering any password, but a password is required to do anything else. I'm trying to parse PDFs that are locked in this way (to get the same privileges as you would get opening them in any reader). Using an empty string as the user password doesn't work, but it seems (section 3.5.2 of the spec) that there has to be a user password to create the hash for the admin password. What I would like is either an explanation of how to do this, or any code that I can read (ideally Python, C, or C++, but anything readable will do) that does this so that I can understand what I'm meant to be doing. Standalone code, rather than reading through (e.g.) the gsview source, would be best.

    Read the article

  • jQuery Validate plugin - password check - minimum requirements - Regex

    - by QviXx
    I've got a little problem with my password-checker. There's got a registration form with some fields. I use jQuery Validate plugin to validate user-inputs. It all works except the password-validation: The password should meet some minimum requirements: minimum length: 8 - I just use 'minlength: 8' at least one lower-case character at least one digit Allowed Characters: A-Z a-z 0-9 @ * _ - . ! At the moment I use this code to validate the password: $.validator.addMethod("pwcheck", function(value, element) { return /^[A-Za-z0-9\d=!\-@._*]+$/.test(value); }); This Code works for the allowed characters but not for minimum requirements. I know that you can use for example (?=.*[a-z]) for a lower-case-requirement. But I just don't get it to work. If I add (?=.*[a-z]) the whole code doesn't work anymore. I need to know how to properly add the code to the existing one. Thank you for your answers! This is the complete code <script> $(function() { $("#regform").validate({ rules: { forename: { required: true }, surname: { required: true }, username: { required: true }, password: { required: true, pwcheck: true, minlength: 8 }, password2: { required: true, equalTo: "#password" }, mail1: { required: true, email: true }, mail2: { required: true, equalTo: "#mail1" } }, messages: { forename: { required: "Vornamen angeben" }, surname: { required: "Nachnamen angeben" }, username: { required: "Usernamen angeben" }, password: { required: "Passwort angeben", pwcheck: "Das Passwort entspricht nicht den Kriterien!", minlength: "Das Passwort entspricht nicht den Kriterien!" }, password2: { required: "Passwort wiederholen", equalTo: "Die Passwörter stimmen nicht überein" }, mail1: { required: "Mail-Adresse angeben", email: "ungültiges Mail-Format" }, mail2: { required: "Mail-Adresse wiederholen", equalTo: "Die Mail-Adressen stimmen nicht überein" } } }); $.validator.addMethod("pwcheck", function(value, element) { return /^[A-Za-z0-9\d=!\-@._*]+$/.test(value); }); }); </script>

    Read the article

  • AJAX Password Change without Refresh

    - by Richard
    I'm trying to implement password change functionality into my website. I've got all the password changing script, validation, etc done. But now I need to prevent the page from going to the script page or refreshing. When the user clicks the submit button, I want nothing to change except a message displaying successfully changed or error. So here's my html: <form id="change_Pass" action="" method="post"> Current Password<input type="password" id="change_password" name="change_password"><br> New Password<input type="password" id="new_password" name="new_password"><br> Verify Password<input type="password" id="verify_password" name="verify_password"><br> <input type="submit" value="Submit" id="change_pass_submit"> </form> And my jquery: $('#change_pass_submit').click(function(){ var $this = $(this); $.ajax({ data: $this.serialize(), // get the form data type: "POST", // GET or POST url: "/Private/change_password.php", // the file to call success: function() { // on success.. //$('#success_div).html(response); // update the DIV alert("good"); }, error: function() { // on error.. //$('#error_div).html(e); // update the DIV alert("bad"); } }); return false; //so it doesn't refresh when submitting the page }); And my php: <?php session_start(); require_once '../classes/Bcrypt.php'; ini_set('display_errors', 'On'); error_reporting(E_ALL | E_STRICT); $usr = $_SESSION["username"]; $old_pwd = $_POST["change_password"]; $new_pwd = $_POST["new_password"]; $new_pwd = Bcrypt::hash($new_pwd); try { $link = new PDO('mysql:host=*;dbname=*;charset=UTF-8','*','*'); $query = "SELECT * FROM Conference WHERE Username = :un"; $stmt = $link->prepare($query); $stmt->bindParam(':un', $usr); $stmt->execute(); $row = $stmt->fetchAll(); $hash = $row[0]["Password"]; $is_correct = Bcrypt::check($old_pwd, $hash); if($is_correct) { $query = "UPDATE Conference SET `Password`=:new_pwd WHERE Username = :usr"; $stmt = $link->prepare($query); $stmt->bindParam(':new_pwd', $new_pwd); $stmt->bindParam(':usr', $usr); $stmt->execute(); return true; } else return false; } catch(PDOException $e) { print "Error!: " . $e->getMessage() . "<br/>"; die(); } But for some reason, when I hit the submit button, the page STILL goes to change_password.php. I have no idea why, i've looked at so many tutorials and my code matches theirs but for some reason mine won't stay on the same page. Where did I go wrong?

    Read the article

  • Help needed in grokking password hashes and salts

    - by javafueled
    I've read a number of SO questions on this topic, but grokking the applied practice of storing a salted hash of a password eludes me. Let's start with some ground rules: a password, "foobar12" (we are not discussing the strength of the password). a language, Java 1.6 for this discussion a database, postgreSQL, MySQL, SQL Server, Oracle Several options are available to storing the password, but I want to think about one (1): Store the password hashed with random salt in the DB, one column Found on SO and elsewhere is the automatic fail of plaintext, MD5/SHA1, and dual-columns. The latter have pros and cons MD5/SHA1 is simple. MessageDigest in Java provides MD5, SHA1 (through SHA512 in modern implementations, certainly 1.6). Additionally, most RDBMSs listed provide methods for MD5 encryption functions on inserts, updates, etc. The problems become evident once one groks "rainbow tables" and MD5 collisions (and I've grokked these concepts). Dual-column solutions rest on the idea that the salt does not need to be secret (grok it). However, a second column introduces a complexity that might not be a luxury if you have a legacy system with one (1) column for the password and the cost of updating the table and the code could be too high. But it is storing the password hashed with a random salt in single DB column that I need to understand better, with practical application. I like this solution for a couple of reasons: a salt is expected and considers legacy boundaries. Here's where I get lost: if the salt is random and hashed with the password, how can the system ever match the password? I have theory on this, and as I type I might be grokking the concept: Given a random salt of 128 bytes and a password of 8 bytes ('foobar12'), it could be programmatically possible to remove the part of the hash that was the salt, by hashing a random 128 byte salt and getting the substring of the original hash that is the hashed password. Then re hashing to match using the hash algorithm...??? So... any takers on helping. :) Am I close?

    Read the article

  • Reset password for renamed Administrator account

    - by Mark
    I need to create a .VBS script to reset the Windows local administrator password on a large group of computers. My problem is that some of our sites have renamed the administrator account for security reasons. Does anyone have a script which changes the password of the administrator account based on the SID of the original Administrator account?

    Read the article

  • How do I make an HTTP Post with HTTP Basic Authentication, using POCO?

    - by Alyoshak
    I'm trying to make an HTTP Post with HTTP Basic Authentication (cleartext username and password), using POCO. I found an example of a Get and have tried to modify it, but being a rookie I think I've mangled it beyond usefulness. Anyone know how to do this? Yes, I've already seen the other SO question on this: POCO C++ - NET SSL - how to POST HTTPS request, but I can't make sense of how it is trying to implement the username and password part. I also don't understand the use of "x-www-form-urlencoded". Is this required for a Post? I don't have a form. Just want to POST to the server with username and password parameters.

    Read the article

  • MySQL - ERROR 1045 - Access denied

    - by Abs
    In some way I have managed to get this error when I try to access into MySQL via the command line: [root@localhost ~]# mysql -u root -p Enter password: ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES) I have tried resetting the password without any luck using this HowTo. I have uninstalled mysql completley and reinstalled but I still get asked for a password. I have no idea why this is the case! Can someone please help me get a default install of MySQL. Environment Fedora Core 10, Full Root Access, Apache and PHP installed Thank you for any help!! EDIT To all those that would like to save themselves a few hours of "blood coughing" - when you uninstall MySQl completely delete everything that is left behind. If you don't do this, it will never be a FRESH install.

    Read the article

< Previous Page | 10 11 12 13 14 15 16 17 18 19 20 21  | Next Page >