password tools - Page 29

PHP: Safe way to store decryptable passwords

- by Jammer

I'm making an application in PHP and there is a requirement that it must be possible to decrypt the passwords in order to avoid problems in the future with switching user database to different system. What encryption/decryption algorithm would you suggest? Is it good idea to just store the encrypted value and then compare the future authentication attempts to that value? Are the passwords still as safe as MD5/SHA1 when the private key is not available to the attacker (Hidden in USB drive for example)? I should still use salting, right? What encryption libraries should I use for PHP?

Read the article

Necessity of the latest and best tools

- by Antony Delaney

Why would developers need the latest or best in software and hardware? When this came up in discussion in my team, I thought we need things more stable than "the latest" can provide, even if that means sacrificing some measure of "best".

Read the article

Anyone know of any good Database Diff tools?

- by Haoest

I can't find any good ones in sourceforge :( Anyone has any success with open source (or retail) database diff tool? EDIT: for sqlserver 2005

Read the article

Tools for viewing logs of unlimited size

- by jkff

It's no secret that application logs can go well beyond the limits of naive log viewers, and the desired viewer functionality (say, filtering the log based on a condition, or highlighting particular message types, or splitting it into sublogs based on a field value, or merging several logs based on a time axis, or bookmarking etc.) is beyond the abilities of large-file text viewers. I wonder: Whether decent specialized applications exist (I haven't found any) What functionality might one expect from such an application? (I'm asking because my student is writing such an application, and the functionality above has already been implemented to a certain extent of usability)

Read the article

Tools for understanding large codebase

- by 0tar0gz

Hi! My whole life I have been programming in simple plain text editor. Lately, I was contemplating about joining an open source project which is fairly large and written in C. I downloaded the sources, started to look around, read this, forget that... Then I thought to myself: this can't be true. This is 21st century there must be some tool which would help me to understand the code, perhaps some kind of IDE or "code navigator". What flows from here to where, this typedef struct is just interface to that private type, this function is just #define from above, function called in this file is defined in that file, ... you get the idea. Dear Stack Overflow, is this 21st century? Is there something like this?

Read the article

PAM Winbind Expired Password

- by kernelpanic

We've got Winbind/Kerberos setup on RHEL for AD authentication. Working fine however I noticed that when a password has expired, we get a warning but shell access is still granted. What's the proper way of handling this? Can we tell PAM to close the session once it sees the password has expired? Example: login as: ad-user [email protected]'s password: Warning: password has expired. [ad-user@server ~]$ Contents of /etc/pam.d/system-auth: auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_krb5.so use_first_pass auth sufficient pam_winbind.so use_first_pass auth required pam_deny.so account [default=2 success=ignore] pam_succeed_if.so quiet uid >= 10000000 account sufficient pam_succeed_if.so user ingroup AD_Admins debug account requisite pam_succeed_if.so user ingroup AD_Developers debug account required pam_access.so account required pam_unix.so broken_shadow account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account [default=bad success=ok user_unknown=ignore] pam_krb5.so account [default=bad success=ok user_unknown=ignore] pam_winbind.so account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password sufficient pam_krb5.so use_authtok password sufficient pam_winbind.so use_authtok password required pam_deny.so session [default=2 success=ignore] pam_succeed_if.so quiet uid >= 10000000 session sufficient pam_succeed_if.so user ingroup AD_Admins debug session requisite pam_succeed_if.so user ingroup AD_Developers debug session optional pam_mkhomedir.so umask=0077 skel=/etc/skel session optional pam_keyinit.so revoke session required pam_limits.so session optional pam_mkhomedir.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_krb5.so

Read the article

duplicity fail: not promping for password: "Running 'sftp user@host' failed"

- by Thr4wn

I have two linode VPS accounts and I want to back up one onto the other (the reasons are mainly for fun and to practice server administration.) the short version Duplicity isn't even asking for my password, but immediately says "invalid SSH password" (but I can ssh into the other server). why? the long version When I run duplicity /home/me scp://[email protected]//root/backup I get Invalid SSH password Running 'sftp [email protected]' failed (attempt #1) Invalid SSH password Running 'sftp [email protected]' failed (attempt #2) Invalid SSH password Running 'sftp [email protected]' failed (attempt #3) And it says Invalid SSH password immediately with no opportunity for me to actually type the password. When I type duplicity full -v9 --num-retries 4 /home/me scp://[email protected]//root/backup I get Main action: full Running 'sftp [email protected]' (attempt #1) State = sftp, Before = 'Connecting to 97.107.129.67... [email protected]'s' State = sftp, Before = '' Invalid SSH password Running 'sftp [email protected]' failed (attempt #1) I can ssh into [email protected] fine, and in fact have the ip in known_hosts before I tried any of this. serer 1 (from which I'm running the duplicity command) is Linode's default Ubuntu 8 setup with only a handful of programs installed via apt-get. server 2 (represented by x.x.x.x) is literally only Linode's default Ubuntu 8 setup I previously tried using SystemImager -- would that have changed settings in a destructive way? (I have removed and rebooted since then) Isn't Duplicity supposed to prompt for password? Am I using it wrong? are there common mistakes/dependencies I need to know about? Is there any way that x.x.x.x could be setup that could make this not work (I used Linode's default Ubuntu 8 setup and barely )?

Read the article

How long for data highlighter mark up to appear in structured data tool?

- by Max

I used the data highlighter in webmaster tools over 3 weeks ago to mark up some local business data, but there is still no structured data being detected in webmaster tools. Does any body have any experience on approx how long it takes for Google Webmaster Tools to start reporting Structured Data that has been marked up with their data highlighter? I'm asking specifically about reporting on it in Web Master Tools Structured Data section, as opposed to actually appearing in the SERPs.

Read the article

How is the "change password at next logon" requirement supposed to work with RDP using Network Level Authentication?

- by NReilingh

We have a Windows server (2008 R2) with the "Remote Desktop Services" feature installed and no Active Directory domain. Remote desktop is set up to "Allow connections only from computers running Remote Desktop with Network Level Authentication (more secure)". This means that before the remote screen is displayed, the connection is authenticated in a "Windows Security: Enter your credentials" window. The only two role services installed on this server is the RD Session Host and Licensing. When the "User must change password at next logon" checkbox is selected in the properties for a local user on this server, the following displays on a client computer after attempting to connect using the credentials that were last valid: On some other servers using RDP for admin access (but without the Remote Desktop Services role installed), the behavior is different -- the session begins and the user is given a change password prompt on the remote screen. What do I need to do to replicate this behavior on the Remote Desktop Services server?

Read the article

What are the "must " security tools for small organizations ?

- by Berkay

One of my friend has started a company, it's a small-scale company that has a 40 workers.There is two guys also responsible for the security and IT related issues.He is managing the LAN, Webpage of the company, e-mail configuration, printer hardware modification, application deployment etc. In this point, to provide the security measures including access controls, authentication, web server security etc. Which tools do you use for securing, monitoring and controlling the system ? Are you paying for these tools or are they open source? This question is due to the security administrators requests to my friend.He offers to get some tools for the company and my friend hesitates to pay that much on them (what he mentioned me.)

Read the article

How to reset Administrator password Windows Server 2003 installed on Vmware?

- by Cucumber

I want to reset administrator password on Windows Server 2003. OS installed on VMware server VMware Server version 2.0.1. And problem is this: when i try to boot from live cd, after boot disk with Windows not detected. I tried to use Windows Admin Hack - Linux Boot; Hirens.BootCD.10.4; ophcrack-xp-livecd-2.3.1.iso None of these programs did not see the hard drive! Any ideas? Thank! ADD: I want to reset LOCAL admin password, not domain. And this computer are not domain controller.

Read the article

How to disable or edit Google Chrome Developer Tools shortcut?

- by HoLyVieR

There is a shortcut in the Google Chrome Developer Tools which happen to trigger every times I try to type the [ or ] character in the console. The shortcut in question probably is Alt+[, Alt+^ or [ and it moves the tabs (of the Chrome Developer Tools) to the last selected one. This shortcut is simply blocking me from typing the [ or ] in the console and I want to either disable it or edit it to something else. How can I edit or disable that shortcut ? Note : I'm not really using the shortcut in the developers tools, so if it's only possible to disable all shortcut it would be a viable solution.

Read the article

OpenLDAP Password Expiration with pwdReset=TRUE?

- by jsight

I have configured the ppolicy overlay for OpenLDAP to enable password policies. These things work: Password lockouts on too many failed attempts Password Change required once pwdReset=TRUE added to user entry Password Expirations If the account is locked out due to intrusion attempts (too many bad passwords) or time (expiration time hit), the account must be reset by an administrator. However, when the administrator sets pwdReset=TRUE in the profile, this seems to also override the expiration policy. So, the password that the administrator sent out (which should be a temporary password) ends up being valid permanently. Is there a way in OpenLDAP to have a password that must be changed, but also MUST expire?

Read the article

OpenLDAP Password Expiration with pwdReset=TRUE?

- by jsight

I have configured the ppolicy overlay for OpenLDAP to enable password policies. These things work: Password lockouts on too many failed attempts Password Change required once pwdReset=TRUE added to user entry Password Expirations If the account is locked out due to intrusion attempts (too many bad passwords) or time (expiration time hit), the account must be reset by an administrator. However, when the administrator sets pwdReset=TRUE in the profile, this seems to also override the expiration policy. So, the password that the administrator sent out (which should be a temporary password) ends up being valid permanently. Is there a way in OpenLDAP to have a password that must be changed, but also MUST expire?

Read the article

Blackberry Gmail password change

- by Highstead

I've updated my gmail password and so i must update my blackberry password. I tried updating the email password to which i got the following message. Invalid email address or password. Please verify your email address and password. The information you provided is incorrect. If the error persists contact gmail.com (Your email provider). Please try again. I tried again, with what i know the password to be, with password show on. I've also deleted the account and tried to create it. I've tried going to the "Last account activity: XXXX details" menu and signing out all devices. I'm continually getting the above error, but the account activities don't seem to show any sign of a mobile attempt to access my mail account. Has anyone had this issue before and how did you sign it. Thanks in advance.

Read the article

Update saved password for basic authentication using a script

- by Kalamane

I have a website that uses basic authentication as described on this webpage. Each of the computers I manage have the password saved in their browser. There is only one username and password for this. After someone logs in to the site this way, they are presented with their individual username and password prompt as part of the web page. The purpose of the initial username/password is to discourage non-technical employees that aren't supposed to be using the page from even viewing it. So far, when we've had to change this password, I've manually gone to each computer and updated the saved password. I'm writing a startup script to configure other aspects of these systems so that I can maintain them easier. I'd like to be able to update the saved password via this script. The operating system running on these machines is Windows XP SP3 and the browsers they're using to access this site are IE8 and IE9. How can I update the saved basic authentication information for a website via a script?

Read the article

How to allow password protected start-stop-daemon functionality?

- by Mahmoud Abdelkader

I would like to use Ubuntu's start-stop-daemon to start my application, but the application protects some sensitive information, so I have a mechanism where the application prompts for a password that's then used to generate a hashkey, which is used as the secret key for a symmetric encryption (AES) to encrypt and decrypt things from a database. I'd like to daemonize this application and have it run from start-stop-daemon, so that sudo service appname stop and sudo service appname start would work, but, I'm not sure how to go about doing this with the added complexity of a password prompt. Is there something that supports this or do I have to program it from scratch? I figured I should ask first before re-inventing the wheel. Thanks in advance.

Read the article

SSH only works after intentionally failed password

- by pyraz

So, I'm having a rather weird problem. I have a server, that when I try to SSH into, immediately closes the connection if I type in the correct password on the first attempt. However, if I purposefully enter a wrong password on the first attempt, and then enter a correct password at the second or third prompt, it successfully logs me into the computer. Similarly, when I try to use public key authentication, I get an immediate closed connection. If, however, I enter a wrong password for my key file, followed by another wrong password once it reverts to password authentication, I can successfully log in as long as I provide the correct password at the second or third prompt. The machine is running Red Hat Enterprise Linux Server release 6.2 (Santiago), and is using LDAP and PAM for authentication. Any ideas on where to start debugging this one? Let me know what config files I need to provide and I'll be happy to do so.

Read the article

iPhone 3G backup encryption? I've never entered a password?

- by Lewis

I can't unclick or access my backup iPhone encrypted file. For the life of me I can not remember ever entering a password for the encrypted iPhone backups. I've tried every password I've used or use and nothing is working. I'm not getting anywhere with long searches online. Can anyone here help? iPhone 3.1.2 iTunes 9.1.1 Mac OSX 10.5.8 Please help, how do I get my iPhone backed up from my 'locked' file I've never locked?

Read the article

How to set a password on a folder in Windows XP?

- by karthik

How do I to set a password for a folder in Windows XP?

Read the article

BDD (Behavior-Driven Development) tools for .Net

- by tikrimi

For several years, I use TDD (Test-Driven Development) to produce code. I no longer plans to work without using TDD. The use of TDD significantly increases code quality, but does not guarantee that the code is the code that corresponds to the requirements specifications (write the "right code" with BDD as opposed to the write "code right" with BDD). Dan North has described in an article in published in 2006 the foundations of the BDD (Behavior-Driven Development). In this article, he introduces the formalism "When Given Then". This formalism is used in all tools dedicated to BDD. This is a short list of open source BDD tools that you can use with .Net : SpecFlow: Here you can find an article in MSDN Magazine and 2 webcasts (http://channel9.msdn.com/posts/ASPNET-MVC-With-Community-Tools-Part-2-Spec-Flow-and-WatiN and http://channel9.msdn.com/posts/ASPNET-MVC-With-Community-Tools-Part-3-More-Spec-Flow-and-WatiN) published on Chanel9. NSpec: This is certainly the most used project. There are many examples on the web. StoryQ: This project is hosted on Codeplex. This small project is very simple to implement and very useful.

Read the article

Documenting your database with Visual Studio 2012 SSDT tools

- by krislankford

The title of this post is interesting and something I am wishing you and your colleagues had a better way to do. I understand as I am asked this question frequently. I couple of weeks ago I was asked the same question by a customer who documents their database using the ApexSQL Doc tools which uses the extended properties on objects to create automated documentation. I thought that was super interesting and went down the path to see how we could could support the creation of this documentation while leveraging the Visual Studio 2012 SSDT Tools. What I found is was rather intriguing. There is a property called “Description” on all objects in the SSDT tools. This property is rather subtle and I am betting overlooked. To be honest, this property has probably been there for a while and I just never discovered it. Adding text to this '”Description” property it allows Visual Studio to create the commands for the extended properties directly to your schema which should be version controlled. As I did more digging there seemed to be extended properties at every level in the SQL database objects. This fills some rather challenging gaps and allows organizations to manage SQL Schema using the Visual Studio SQL database tools while allowing a way to automatically document the database. This will also work in the automation of the creation and alter scripts that can be generated as part f an automated build system. Now we essentially get a way to store, build and document the database in a nice little ALM package. Happy Coding!

Read the article

How to Use a PIN Instead of a Password in Windows 8

- by Taylor Gibb

Entering your full password on a touch screen device can really become a pain in the neck, luckily for us we can link a short 4 digit PIN to our user account and log in with that instead. Note: PIN codes are nowhere near as safe as using an alphanumeric password, however, they do still have a purpose when you don’t want to enter your 15 character password on a touch screen device. Creating a PIN Press the Win + I keyboard combination to bring up the Settings Charm, then click on the Change PC settings link. This will open up the Modern UI PC Settings app, where you can click on the Users section. On the right hand side you will see a Create a PIN button, click on it. Now you will need to verify that you are the owner of this user account by entering your password. Then you can choose a PIN, remember that it can only contain digits. Now when you get to the login screen you will have the option to use a PIN. How To Boot Your Android Phone or Tablet Into Safe Mode HTG Explains: Does Your Android Phone Need an Antivirus? How To Use USB Drives With the Nexus 7 and Other Android Devices

Read the article

SSH asks for password

- by user1435470

I have already : Installed the server Generated the pub/pri keys with -P "" Copied the id_rsa.pub to authorized_keys ssh localhost answered "yes", copied to known_hosts tried ssh localhost still asks for password Output: hduser@hduser1-desktop:~$ ssh -v localhost OpenSSH_5.3p1 Debian-3ubuntu7, OpenSSL 0.9.8k 25 Mar 2009 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to localhost [127.0.0.1] port 22. debug1: Connection established. debug1: identity file /home/hduser/.ssh/identity type -1 debug1: identity file /home/hduser/.ssh/id_rsa type 1 debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048 debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048 debug1: identity file /home/hduser/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3p1 Debian- 3ubuntu7 debug1: match: OpenSSH_5.3p1 Debian-3ubuntu7 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu7 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'localhost' is known and matches the RSA host key. debug1: Found key in /home/hduser/.ssh/known_hosts:3 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Offering public key: /home/hduser/.ssh/id_rsa debug1: Authentications that can continue: publickey,password debug1: Trying private key: /home/hduser/.ssh/identity debug1: Trying private key: /home/hduser/.ssh/id_dsa debug1: Next authentication method: password Any suggestions ? Cheers

Read the article

Password Cracking in 2010 and Beyond

- by mttr

I have looked a bit into cryptography and related matters during the last couple of days and am pretty confused by now. I have a question about password strength and am hoping that someone can clear up my confusion by sharing how they think through the following questions. I am becoming obsessed about these things, but need to spend my time otherwise :-) Let's assume we have an eight-digit password that consists of upper and lower-case alphabetic characters, numbers and common symbols. This means we have 8^96 ~= 7.2 quadrillion different possible passwords. As I understand there are at least two approaches to breaking this password. One is to try a brute-force attack where we try to guess each possible combination of characters. How many passwords can modern processors (in 2010, Core i7 Extreme for eg) guess per second (how many instructions does a single password guess take and why)? My guess would be that it takes a modern processor in the order of years to break such a password. Another approach would consist of obtaining a hash of my password as stored by operating systems and then search for collisions. Depending on the type of hash used, we might get the password a lot quicker than by the bruteforce attack. A number of questions about this: Is the assertion in the above sentence correct? How do I think about the time it takes to find collisions for MD4, MD5, etc. hashes? Where does my Snow Leopard store my password hash and what hashing algorithm does it use? And finally, regardless of the strength of file encryption using AES-128/256, the weak link is still my en/decryption password used. Even if breaking the ciphered text would take longer than the lifetime of the universe, a brute-force attack on my de/encryption password (guess password, then try to decrypt file, try next password...), might succeed a lot earlier than the end of the universe. Is that correct? I would be very grateful, if people could have mercy on me and help me think through these probably simple questions, so that I can get back to work.

Search Results

Search found 22714 results on 909 pages for 'password tools'.

Page 29/909 | < Previous Page | 25 26 27 28 29 30 31 32 33 34 35 36 | Next Page >

- by Jammer

- by Antony Delaney

- by Haoest

- by jkff

- by 0tar0gz

- by kernelpanic

- by Thr4wn

- by Max

- by NReilingh

- by Berkay

- by Cucumber

- by HoLyVieR

- by jsight

- by jsight

- by Highstead

- by Kalamane

- by Mahmoud Abdelkader

- by pyraz

- by Lewis

- by karthik

- by tikrimi

- by krislankford

- by Taylor Gibb

- by user1435470

- by mttr

< Previous Page | 25 26 27 28 29 30 31 32 33 34 35 36 | Next Page >