Search Results

Search found 1522 results on 61 pages for 'passwords'.

Page 16/61 | < Previous Page | 12 13 14 15 16 17 18 19 20 21 22 23  | Next Page >

  • How to decrypt a password from SQL server?

    - by sef
    I have this query in sql server 2000: select pwdencrypt('AAAA') which outputs an encrypted string of 'AAAA': 0x0100CF465B7B12625EF019E157120D58DD46569AC7BF4118455D12625EF019E157120D58DD46569AC7BF4118455D How can I convert (decrypt) the output from its origin (which is 'AAAA')?

    Read the article

  • Best way to store a database password in a startup script / config file?

    - by Mark Harrison
    So our web server apps need to connect to the database, and some other apps have startup scripts that execute at boot time. What's the best way to store the name/password for these applications, in terms of security, e.g. perhaps we don't want sysadmins to know the database password maintainability, e.g. making the configuration easy to change when the password changes, etc. both windows and linux solutions appreciated!

    Read the article

  • Authenticating a SOAP service in Java (password security)

    - by user1686448
    I am writing an application, in Java, which needs to log in to a remote SOAP service (JIRA) prior to calling methods on that service. I have looked at examples of how to do this, for example http://www.j-tricks.com/1/post/2010/8/jira-soap-client.html, however I am concerned that I need to put the password in memory at some point. I've read that I should store the password as a char[] but still, I'm concerned about storing the password in the clear at all. How should I store the password used by my client to log into the SOAP service? And how should I read it and pass it to JIRA?

    Read the article

  • Security benefits from a second opinion, are there flaws in my plan to hash & salt user passwords vi

    - by Tchalvak
    Here is my plan, and goals: Overall Goals: Security with a certain amount of simplicity & database-to-database transferrability, 'cause I'm no expert and could mess it up and I don't want to have to ask a lot of users to reset their passwords. Easy to wipe the passwords for publishing a "wiped" databased of test data. (e.g. I'd like to be able to use a postgresql statement to simply reset all passwords to something simple so that testers can use that testing data for themselves). Plan: Hashing the passwords Account creation records the original email that an account is created with, forever. A global salt is used, e.g. "90fb16b6901dfceb73781ba4d8585f0503ac9391". An account specific salt, the original email the account was created with, is used, e.g. "[email protected]". The users's password is used, e.g. "password123" (I'll be warning against weak passwords in the signup form) The combination of the global salt, account specific salt, and password is hashed via some hashing method in postgresql (haven't been able to find documentation for hashing functions in postgresql, but being able to use sha-2 or something like that would be nice if I could find it). The hash gets stored in the database. Recovering an account To change their password, they have to go through standard password reset (and that reset email gets sent to the original email as well as the most recent account email that they have set). Flaws? Are there any flaws with this that I need to address? And are there best practices to doing hashing fully within postgresql?

    Read the article

  • How to access website CMS with only access to database

    - by user1741615
    I have a website that uses an "in-house" cms and I don't know the login details. The platform itself doesn't have the "reset your password" functionality. I do have access to ftp and phmyadmin and I found the SQL table containing the user details, but of course the password is MD5 encryption. I tried manually creating a user in php my admin and filling in a password encrypted in MD5 (used a md service online for that), but it still doesn't work. Does anybody know other tricks I can use? Thanks.

    Read the article

  • rails 3.1 partial_updates doesn't seem to work with password

    - by user1306769
    i have a user model with a password attribute, which gets saved as password_digest. What i want to do is have the edit user page and the edit password page separated, so that the admin doesn't need to input the password everytime he needs to change something else. For this i have made an extra action / view. My problem is that when i update the user info, i get password validation errors even though i have no password field in the form. Which leads me to the conclusion that partial_updates isn't working with the password attribute (as i have already tested in the console that it is enabled, and it is) Is this me doing something wrong, or should i approach this differently?

    Read the article

  • password limitations in SQL Server and MySql

    - by asteroid
    Does MySql 5.1 and SQL Server 2008 (Web edition, Standard) have any functional password limitations other than length limits? Are metacharacters in any form a bad idea to use, like bang, pipe, hash, any slash, carrot, and so on? I know that MySql 5.1 has a password length limitation of 16 characters that is hardcoded, but I was wondering, are any metacharacters (i.e. non alphanumerics) a bad idea to use? And is this true in SQL Server 2008 Web edition, Standard? So specifically: can symbols like: /`~:}{[]^ be used successfully? I would hope it doesn't matter to the database, but I don't understand enough about password storage in enterprise database systems yet to know for sure, and I was looking for confirmation or an explanation.

    Read the article

  • iPhone / ios development - best way to check if password is secure enough?

    - by Pranoy C
    what is the best way to check the strength of a password in iOS development? I came across this post: What is the best way to check the strength of a password? but this is not iOS specific. My question is - Does Apple or third party libraries provide any libraries by default which I can use to check if the user entered a secure password? If not, then as the above post says, is using regular expressions the best way? Does Apple have any requirements which our app needs to implement to make sure user has a secure password? I am planning on using the keychain to store the password.

    Read the article

  • Setting the mysql root user password on mac

    - by madaura
    I just Install MySQL on Mac OS X. The next step was setting the root user password, do I did the next: 1-Launch the terminal app to access the unix command line. 2-Under the unix prompt I executed the next commands: madaura$ cd /usr/local/mysql/bin madaura$ ./mysqladmin -u root password 'password' But, when I execute the command madaura$ ./mysql -u root, this is the answer: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 224 Server version: 5.5.13 MySQL Community Server (GPL) Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> I can get in to the mysql command line without password! Any ideas? Thanks a lot!

    Read the article

  • can this code be shortened or improved?

    - by user2816683
    Can this be shortened/improved? I'm trying to make a password checker in python. Could the if's be put into a for loop? And if so, how? pw = input("Enter password to test: ") caps = sum(1 for c in pw if c.isupper()) lower = sum(1 for c in pw if c.islower()) nums = sum(1 for c in pw if c.isnumeric()) scr = ['weak', 'medium', 'strong'] r = [caps, lower, nums] if len(pw) < 6: print("too short") elif len(pw) > 12: print("too long") if caps >= 1: if lower >= 1: if nums >= 1: print(scr[2]) elif nums < 1: print("your password is " + scr[1]) elif lower < 1: print("your password strength is " + scr[0]) elif caps < 1: print("your password strength is " + scr[1]) Thanks for any suggestions :D

    Read the article

  • How can I prevent Virtualmin from storing passwords in cleartext?

    - by Josh
    I am really surprised at this behavior. In Virtualmin, I can see the password for any SSH user by clicking the "(Show..)" link next to the "Password ( ) Leave unchanged" option in a variety of locations. I have found that the passwords for all users including users with SSH access are stored in cleartext files in /etc/webmin/... This seems like an unnecessary risk! How can I prevent Virtualmin from storing passwords in this manner?

    Read the article

  • Firefox 4 stores passwords, but suddenly forgot that it did?

    - by Roland Taylor
    I am using firefox 4 as my default browser, but this is probably file system related. I will describe the problem and hopefully someone can point me in the right direction? Today I was using the browser as normal, all sign ins worked as usual, everything was normal. Then when I got back home tonight and opened it, none of my saved usernames/passwords would autofill/auto-signin anymore. I am guessing this must be something filesystem related, and it only happened this one time seemingly at random, so I don't think it is a firefox 4 bug. In fact, I think it might be something to do with suspending the system before I left? Anyone have any idea?

    Read the article

  • Is there an app/script I can deploy to enable my users to change their own LDAP passwords?

    - by Tom Wright
    I've recently enabled LDAP based authentication on my domain. This has allowed us to use a single set of credentials to administer the blog, the forum and the wiki. Unfortunately, this has come at the cost of users being able to change their own passwords. Ideally, users would be able to visit a page (i.e. mydomain.com/account), authenticate and then change their password. Does anyone know of a script or app that will allow me to do this quickly and easily? I guess it wouldn't be hard to write in PHP, but I'd prefer not to have the hassle.

    Read the article

  • How To Check If Your Account Passwords Have Been Leaked Online and Protect Yourself From Future Leaks

    - by Chris Hoffman
    Security breaches and password leaks happen constantly on today’s Internet. LinkedIn, Yahoo, Last.fm, eHarmony – the list of compromised websites is long. If you want to know whether your account information was leaked, there are some tools you can use. These leaks often lead to many compromised accounts on other websites. However, you can protect yourself by using unique passwords everywhere – if you do, password leaks won’t be a threat to you. Image Credit: Johan Larsson on Flickr 8 Deadly Commands You Should Never Run on Linux 14 Special Google Searches That Show Instant Answers How To Create a Customized Windows 7 Installation Disc With Integrated Updates

    Read the article

  • Active Directory: how to be SURE users can change their own passwords?

    - by Latro
    Working on some project where a tool we have has to authenticate against AD connecting via LDAPS and perform password changes if required or requested. IN THEORY, the tool does that, and we have seen it work in other projects. IN PRACTICE, against this particular directory, it fails. Been driving me crazy. The particulars of the situation: Windows 2003 AD Defined a "technical user" for the LDAP connection with rights to change users passwords When password change is required - in this case, because pwdLastSet is 0 - the tool uses the technical account to go, bind to the controller and change the user password. If password change is not required but the user request it, then the bind is done with the user account. That last condition is the one that doesnt work. With the technical user the password change is possible, but with the user itself, it isnt. We get an error like this: LDAP access failed: javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 19 - 0000052D: AtrErr: DSID-03190F00, #1: 0: 0000052D: DSID-03190F00, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd) no idea what DSID-03190F00 means cause it doesnt seem to be anywhere in google :-/ Been looking at several MS documentation pages and frankly, I'm not understanding one bit of it. There is some "control access right" called User-Change-Password that may, or may not, control what objects have the right to change their own password, which may, or may not, have to do with ACE and ACLs... There is GPO. There is maybe the password policy but it is only set to ask for passwords of 6 chars or more... Can anybody explain to me in easy-to-check steps how can I go and tell the AD admin guy (who is as lost as me) what to do to ensure that users in the AD directory (objectClass top,person,organizationalPerson and user) are able to change their own passwords by themselves? Thanks in advance

    Read the article

  • Can I set up samba so it automatically allows all the local usernames and passwords?

    - by dialer
    I have set up samba like this (this is the complete smb.conf): [global] log file = /var/log/samba/log log level = 2 security = user [homes] browsable = false read only = no valid users = %S I'd like to enable every user on server to access their home directories, but for some unknown reason only my 'administrator' account can do so. (I have done that with ftp before, but now smb is also needed). When I try to smbclient -L localhost -U [user], I get NT_STATUS_LOGON_FAILURE, except with the administrator (which is the user created during the ubuntu installation, not root). The samba log file says NT_STATUS_NO_SUCH_USER: [2012/04/04 20:26:02.081454, 2] smbd/reply.c:554(reply_special) netbios connect: name1=LOCALHOST 0x20 name2=DIALER-X 0x0 [2012/04/04 20:26:02.081733, 2] smbd/reply.c:565(reply_special) netbios connect: local=localhost remote=dialer-x, name type = 0 [2012/04/04 20:26:02.087200, 2] auth/auth.c:314(check_ntlm_password) check_ntlm_password: Authentication for user [public] - [public] FAILED with error NT_STATUS_NO_SUCH_USER I suspect that I have to manually create samba users, but the man pages state that If the client has passed a username/password pair and that username/password pair is validated by the UNIX system's password programs, the connection is made as that username. To me that sounds like as long as the provided username/password is a valid login on the server, it should work. Am I missing something totally obvious? I don't want / can't afford to manually update the samba users and passwords to match the server's. 11.10

    Read the article

  • Mac OSX Server: svn via ssh command line and encrypted passwords.

    - by Ben Clayton
    Hi all. When I log into our mac mini server running OSX 10.6 via ssh and use svn I get the message: ATTENTION! Your password for authentication realm: can only be stored to disk unencrypted! You are advised to configure your system so that Subversion can store passwords encrypted, if possible. See the documentation for details. You can avoid future appearances of this warning by setting the value of the 'store-plaintext-passwords' option to either 'yes' or 'no' in '/Users/xxxxxxxx/.subversion/servers'. I dont' want to store the password unencrypted though. I've found some details on how to use GNOME keychain in linux to sort this, but nothing on how to use macosx's keychain. Anyone got any ideas? Thanks a lot!

    Read the article

  • Can I automatically login to ssh using passwords from OS X keychain?

    - by Chaitanya Gupta
    I need to login to an ssh server which doesn't support key based authentication. And I don't want to type the passwords every time. I am using OS X Lion (10.7.2). I have added the passwords to the OS X keychain[1]. Now I can retrieve the password automatically from the keychain using /usr/bin/security, however I can't find a way to send this password to the ssh prompt. I also tried sshpass. However when I try to run it ssh exits with the following error: ssh_askpass: exec(/usr/libexec/ssh-askpass): No such file or directory Permission denied, please try again. ssh_askpass: exec(/usr/libexec/ssh-askpass): No such file or directory Permission denied, please try again. ssh_askpass: exec(/usr/libexec/ssh-askpass): No such file or directory Permission denied (publickey,password). Is there anyway I can login to this server without having to enter the password every time? Notes The scheme I use in keychain looks like this Kind: Internet password Account: username Where: ssh://server-name

    Read the article

  • Secret Server 7.3 released – store your team’s passwords securely.

    - by thycotic
    The Thycotic team just recently released 7.3 of our enterprise password management system.  The main improvement was the UI – we used lots of jQuery to make a Dashboard-like interface that allows you to create tabs, drag widgets, add/remove widgets etc.  This was a great face lift for a tool that is already the cornerstone for password management in many IT departments. Check out a few videos that show off the new stuff.   Jonathan Cogley is the CEO of Thycotic Software, an agile software services and product development company based in Washington DC.  Secret Server is our flagship enterprise password manager.

    Read the article

  • Can PPP CHAP authentication use Cisco "Type 5" MD5 passwords?

    - by romandas
    Looking over Cisco's documentation, and RFC 1994 (PPP CHAP authentication), my initial guess is "no", because CHAP requires a cleartext password to rehash every time it sends a challenge. Is this true? If so, is there another way to configure CHAP so it doesn't use the easily-decoded type 7 passwords? The Cisco device in question uses local authentication, not a TACACS+ or RADIUS server. Would using RADIUS eliminate the problem or just move it to the RADIUS server?

    Read the article

  • Why am I losing cached network passwords after a restart of Vista?

    - by Nauman
    The passwords cached for Network shares on other computers and applications like MSN Live, MS Outlook, Sharepoint portal, Outlook Webmail, etc are lost when I reboot my computer, which runs on Vista. I always check the Remember password checkbox in applications/login dialogs where ever prompted. I cannot imagine of a third party program that may clean up this on system restart/shutdown. Any idea, as to what is going wrong?

    Read the article

< Previous Page | 12 13 14 15 16 17 18 19 20 21 22 23  | Next Page >