Search Results

Search found 1522 results on 61 pages for 'passwords'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 15/61 | < Previous Page | 11 12 13 14 15 16 17 18 19 20 21 22  | Next Page >

  • Why do browsers use my saved password for all forms in the one site?

    - by user313272
    Is there a way to limit the url of saved credentials in browsers? For example, if I save a username and password for http://www.website.com/login can I make it so that the rest of the forms in the site don't use these details? http://www.website.com/members, http://www.website.com/admin etc... I'm aware of the autocomplete attribute but I don't want to turn off autocomplete entirely. I would like it if the browser remembered the login details per form or url.

    Read the article

  • Password Confirmation in zend framework

    - by Behrang
    I add this class to library/My/Validate/PasswordConfirmation.php <?php require_once 'Zend/Validate/Abstract.php'; class My_Validate_PasswordConfirmation extends Zend_Validate_Abstract { const NOT_MATCH = 'notMatch'; protected $_messageTemplates = array( self::NOT_MATCH => 'Password confirmation does not match' ); public function isValid($value, $context = null) { $value = (string) $value; $this->_setValue($value); if (is_array($context)) { if (isset($context['password']) && ($value == $context['password'])) { return true; } } elseif (is_string($context) && ($value == $context)) { return true; } $this->_error(self::NOT_MATCH); return false; } } ?> then I create two field in my form like this : $userPassword = $this->createElement('password', 'user_password'); $userPassword->setLabel('Password: '); $userPassword->setRequired('true'); $this->addElement($userPassword); //create the form elements user_password repeat $userPasswordRepeat = $this->createElement('password', 'password_confirm'); $userPasswordRepeat->setLabel('Password repeat: '); $userPasswordRepeat->setRequired('true'); $userPasswordRepeat->addPrefixPath('My_Validate','My/Validate','validate'); $userPasswordRepeat->addValidator('PasswordConfirmation'); $this->addElement($userPasswordRepeat) everything is good but when i submit form always I get the 'Password confirmation does not match' message ? What's Wrong in my code

    Read the article

  • What is the best way to password protect folder/page using php without a db or username

    - by Salt Packets
    What is the best way to password protect folder using php without a database or user name but using. Basically I have a page that will list contacts for organization and need to password protect that folder without having account for every user . Just one password that gets changes every so often and distributed to the group. I understand that it is not very secure but never the less I would like to know how to do this. In the best way. It would be nice if the password is remembered for a while once user entered it correctly.

    Read the article

  • Implementing password hashing/salting algorithm from crackstation.net

    - by Mason240
    I am trying to implement a password hashing/salting algorithm from crackstation.net, but I am unsure how implement it. Storing the password upon user registration seems to be as simple as passing the password into create_hash(). $password = create_hash($_POST['Password']; I'm not following how to validate upon user login. validate_password($password, $good_hash) returns either true or false, and takes $password as parameter, so it seems like a no brainer except for the second parameter $good_hash. Where does this param come from? It is my understanding that password is turned into a hash value every time its used, and that the hash value is what is stored and compared. So why would I have both the $password and $good_hash values? Quick overview of the functions: function create_hash($password){ calls pbkdf2() } function validate_password($password, $good_hash){ calls pbkdf2() calls slow_equals() } function slow_equals($a, $b){ } function pbkdf2($algorithm, $password, $salt, $count, $key_length, $raw_output = false){ } Of course a different, better method for this would also be just as helpful. Thank you

    Read the article

  • How do API Keys and Secret Keys work?

    - by viatropos
    I am just starting to think about how api keys and secret keys work. Just 2 days ago I signed up for Amazon S3 and installed the S3Fox Plugin. They asked me for both my Access Key and Secret Access Key, both of which require me to login to access. So I'm wondering, if they're asking me for my secret key, they must be storing it somewhere right? Isn't that basically the same thing as asking me for my credit card numbers or password and storing that in their own database? How are secret keys and api keys supposed to work? How secret do they need to be? Are these applications that use the secret keys storing it somehow? Thanks for the insight.

    Read the article

  • How to change a Linux user password from python

    - by Vaulor
    I'm having problems with changing a Linux user's password from python. I've tried so many things, but I couldn't manage to solve the issue, here is the sample of things I've already tried: sudo_password is the password for sudo, sudo_command is the command I want the system to run, user is get from a List and is the user who I want to change the password for, and newpass is the pass I want to assign to 'user' user = list.get(ANCHOR) sudo_command = 'passwd' f = open("passwordusu.tmp", "w") f.write("%s\n%s" % (newpass, newpass)) f.close() A=os.system('echo -e %s|sudo -S %s < %s %s' % (sudo_password, sudo_command,'passwordusu.tmp', user)) print A windowpass.destroy() 'A' is the return value for the execution of os.system, in this case 256. I tried also A=os.system('echo %s|sudo -S %s < %s %s' % (sudo_password, sudo_command,'passwordusu.tmp', user)) but it returns the same error code. I tried several other ways with 'passwd' command, but whithout succes. With 'chpasswd' command I 've tried this: user = list.get(ANCHOR) sudo_command = 'chpasswd' f = open("passwordusu.tmp", "w") f.write("%s:%s" % (user, newpass)) f.close() A=os.system('echo %s|sudo -S %s < %s %s' % (sudo_password, sudo_command,'passwordusu.tmp', user)) print A windowpass.destroy() also with: A=os.system('echo %s|sudo -S %s:%s|%s' % (sudo_password, user, newpass, sudo_command)) @;which returns 32512 A=os.system("echo %s | sudo -S %s < \"%s\"" % (sudo_password, sudo_command, "passwordusu.tmp")) @;which returns 256 I tried 'mkpasswd' and 'usermod' too like this: user = list.get(ANCHOR) sudo_command = 'mkpasswd -m sha-512' os.system("echo %s | sudo -S %s %s > passwd.tmp" % (sudo_password,sudo_command, newpass)) sudo_command="usermod -p" f = open('passwd.tmp', 'r') for line in f.readlines(): newpassencryp=line f.close() A=os.system("echo %s | sudo -S %s %s %s" % (sudo_password, sudo_command, newpassencryp, user)) @;which returns 32512 but, if you go to https://www.mkpasswd.net , hash the 'newpass' and substitute for 'newpassencryp', it returns 0 which theoretically means it has gone right, but so far it doesn't changes the password. I've searched on internet and stackoverflow for this issue or similar and tried what solutions exposed, but again,without success. I would really apreciate any help, and of course, if you need more info i'll be glad to supply it! Thanks in advance.

    Read the article

  • How does the "Remember my password" checkbox work?

    - by Veera
    There are numerous login forms with the little check box "Remember my password" so that the next time you visit the website, the browser automatically fills up the password field for you. But I have noticed a behavior in modern browsers, such as Chrome/Firefox, which shows up a notification bar to save the user name/passoword even though that particular web page does not have any "remember password" check box. so my questions are: If I have to put the "remember password" check box in a login form, what do I have to do when the user checks it? I mean, do I have to store the password in browser cookies (or Local Storage)? If so, should the password be encrypted or plain text? The "Save password" notification bar is a browser's functionality or is there any way to invoke it from the web page?

    Read the article

  • How to encrypt/decrypt a file in Java?

    - by Petike
    Hello, I am writing a Java application which can "encrypt" and consequently "decrypt" whatever binary file. I am just a beginner in the "cryptography" area so I would like to write a very simple application for the beginning. For reading the original file, I would probably use the java.io.FileInputStream class to get the "array of bytes" byte originalBytes[] of the file. Then I would probably use some very simple cipher, for example "shift up every byte by 1" and then I would get the "encrypted" bytes byte encryptedBytes[] and let's say that I would also set a "password" for it, for example "123456789". Next, when somebody wants to "decrypt" that file, he has to enter the password ("123456789") first and after that the file could be decrypted (thus "shift down every byte by 1") and consequently saved to the output file via java.io.FileOutputStream I am just wondering how to "store" the password information to the encrypted file so that the decrypting application knows if the entered password and the "real" password equals? Probably it would be silly to add the password (for example the ASCII ordinal numbers of the password letters) to the beginning of the file (before the encrypted data). So my main question is how to store the password information to the encrypted file?

    Read the article

  • Is is possible to determine a password input string as plaintext or hashed?

    - by Godders
    I have a RESTful API containing a URI of /UserService/Register. /UserService/Register takes an XML request such as: <UserRegistrationRequest> <Password>password</Password> <Profile> <User> <UserName>username</UserName> </User> </Profile> </UserRegistrationRequest> I have the following questions given the above scenario: Is there a way (using C# and .Net 3.5+) of enforcing/validating that clients calling Register are passing a hashed password rather than plaintext? Is leaving the choice of hashing algorithm to be used to the client a good idea? We could provide a second URI of /UserService/ComputePasswordHash which the client would call before calling /UserService/Register. This has the benefit of ensuring that each password is hashed using the same algorithm. Is there a mechanism within REST to ensure that a client has called one URI before calling another? Hope I've explained myself ok. Many thanks in advance for any help.

    Read the article

  • Android: i need password example

    - by user1475122
    I have long been looking for a functioning example of a password, but I have not found. can someone help me? Explained more clearly: I have a TextField named password and I want that when it is written in 123 and press the button it goes to another activity if it is written in 123 if not it would inform the "wrong password!" and that the password is found file, which is / sdcard / Android / password.txt if you understood :) SORRY FOR MY BAD ENGLISH! I'm Finnish, and a young coder :) ( I hope someone may be understood :D )

    Read the article

  • What algorithm should I use for encrypting and embedding a password for an application?

    - by vfclists
    What algorithm should I use for encrypting and embedding a password for an application? It obviously is not bullet proof, but it should be good enough to thwart someone scanning the database with a hex editor, or make it hard for someone who has the skills to use a debugger to trace the code to work out, either by scanning for the encrypted password, or using a debugger to run through the decryption code. Object Pascal would be nice. /vfclists

    Read the article

  • [PHP] md5(uniqid) makes sense for random unique tokens?

    - by Exception e
    I want to create a token generator that generates tokens that cannot be guessed by the user and that are still unique (to be used for password resets and confirmation codes). I often see this code; does it make sense? md5(uniqid(rand(), true)); According to a comment uniqid($prefix, $moreEntopy = true) yields first 8 hex chars = Unixtime, last 5 hex chars = microseconds. I don't know how the $prefix-parameter is handled.. So if you don't set the $moreEntopy flag to true, it gives a predictable outcome. QUESTION: But if we use uniqid with $moreEntopy, what does hashing it with md5 buy us? Is it better than: md5(mt_rand())

    Read the article

  • Rainbow Tables: How to improve upon them??

    - by CVS-2600Hertz-wordpress-com
    I recently obtained the l0pht-CD for windows and tried it out on my PC and It WORKS!! http://2600hertz.wordpress.com/2009/12/22/100-windows-xp-vista-7-password-recovery/ I have also read http://kestas.kuliukas.com/RainbowTables/ I'm designing a "Login-Simulator" that stores pwd-s in a similar manner. The current implementation will be vulnerable to the above attack. Plz could anyone illustrate (in as simple terms as possible), how to strengthen the rainbow tables against such an attack. MY GOAL : Build "Login-Simulator" to be as secure as possible. (Read Hacking Competition ;-) ) Thank You.

    Read the article

  • SHA1 Password returns as cleartext after DB query

    - by Code Sherpa
    Hi. I have a SHA1 password and PasswordSalt in my aspnet_Membership table. but, when I run a query from the server (a Sql Query), the reader reveals that the pass has returned as its cleartext equivalent. I am wondering if my web.config configuration is causing this? <membership defaultProvider="CustomMembershipProvider" userIsOnlineTimeWindow="20" hashAlgorithmType="SHA1"> <providers> <clear/> <add name="CustomMembershipProvider" type="Custom.Utility.CustomMembershipProvider" connectionStringName="MembershipDB" enablePasswordRetrieval="false" enablePasswordReset="true" requiresUniqueEmail="false" requiresQuestionAndAnswer="false" passwordStrengthRegularExpression="" minRequiredPasswordLength="1" minRequiredNonalphanumericCharacters="0" passwordFormat="Hashed" thanks in advance...

    Read the article

  • Symfony 1.4 - Don't save a blank password on a executeUpdate action.

    - by Twelve47
    I have a form to edit a UserProfile which is stored in mysql db. Which includes the following custom configuration: public function configure() { $this->widgetSchema['password']=new sfWidgetFormInputPassword(); $this->validatorSchema['password']->setOption('required', false); // you don't need to specify a new password if you are editing a user. } When the user tries to save the executeUpdate method is called to commit the changes. If the password is left blank, the password field is set to '', but I want it to retain the old password instead of overwriting it. What is the best (/most in the symfony ethos) way of doing this? My solution was to override the setter method on the model (which i had done anyway for password encryption), and ignore blank values. public function setPassword( $password ) { if ($password=='') return false; // if password is blank don't save it. return $this->_set('password', UserProfile ::encryptPassword( $password )); } It seems to work fine like this, but is there a better way? If you're wondering I cannot use sfDoctrineGuard for this project as I am dealing with a legacy database, and cannot change the schema.

    Read the article

  • jQuery password strength plugin callback validation method

    - by jmorhardt
    I'm using a a jQuery plugin to evaluate password strength. It gives a graphical representation for the user to see how secure the password is. I'd like to use it to validate the field as well. The plugin works by assessing the password and giving it a score. I want to be able to verify that the user has entered a password of at least a certain score. The code is hosted on jQuery's site here: http://plugins.jquery.com/project/pstrength. The documentation states that there is a way to add a rule and do custom validation. I'm not sure where to start. The inline documentation states: * === Changelog === * Version 2.1 (18/05/2008) * Added a jQuery method to add a new rule: jQuery('input[@type=password]').pstrength.addRule(name, method, score, active) And later in the code there's this method: jQuery.extend(jQuery.fn.pstrength, { 'addRule': function (name, method, score, active) { digitalspaghetti.password.addRule(name, method, score, active); return true; }, 'changeScore': function (rule, score) { digitalspaghetti.password.ruleScores[rule] = score; return true; }, 'ruleActive': function (rule, active) { digitalspaghetti.password.rules[rule] = active; return true; } }); If anybody has seen an example of how to do this I'd appreciate a pointer in the right direction. Thanks!

    Read the article

  • Secure password transmission over unencrypted tcp/ip

    - by academicRobot
    I'm in the designing stages of a custom tcp/ip protocol for mobile client-server communication. When not required (data is not sensitive), I'd like to avoid using SSL for overhead reasons (both in handshake latency and conserving cycles). My question is, what is the best practices way of transmitting authentication information over an unencrypted connection? Currently, I'm liking SRP or J-PAKE (they generate secure session tokens, are hash/salt friendly, and allow kicking into TLS when necessary), which I believe are both implemented in OpenSSL. However, I am a bit wary since I don't see many people using these algorithms for this purpose. Would also appreciate pointers to any materials discussing this topic in general, since I had trouble finding any.

    Read the article

  • MD5 and Hibernate Query

    - by theJava
    public Login authenticate(Login login) { String query = "SELECT L FROM Login AS L WHERE L.email=? AND L.password=?"; Object[] parameters = { login.getEmail(), login.getPassword() }; List<Login> resultsList = (getHibernateTemplate().find(query,parameters)); if (resultsList.isEmpty()) { //error dude } else if (resultsList.size() > 1) { //throw expections } else { Login login1 = (Login) resultsList.get(0); return login1; } return null; } I have my DB tables password col set as MD5, now how to retrieve it back here.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 11 12 13 14 15 16 17 18 19 20 21 22  | Next Page >