Search Results

Search found 9715 results on 389 pages for 'bad passwords'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 30/389 | < Previous Page | 26 27 28 29 30 31 32 33 34 35 36 37  | Next Page >

  • Getting Bad file descriptor when running Tornado AsyncHTTPTestCase

    - by Will
    When running a test using the Tornado AsyncHTTPTestCase I'm getting a stack trace that isn't related to the test. The test is passing so this is probably happening on the test clean up? I'm using Python 2.7.2, Tornado 2.2. The test code is: class AllServersHandlerTest(AsyncHTTPTestCase): endpoint = AllServersHandler.endpoint # '/rest/test/' def test_server_status_with_advertiser(self): on_new_host(None, '127.0.0.1') response = self.fetch(self.endpoint, method='GET') result = json.loads(response.body, 'utf8').get('data') self.assertEquals(['127.0.0.1'], result) The test passes ok, but I get the following stack trace from the Tornado server. OSError: [Errno 9] Bad file descriptor INFO:root:200 POST /rest/serverStatuses (127.0.0.1) 0.00ms DEBUG:root:error closing fd 688 Traceback (most recent call last): File "C:\Python27\Lib\site-packages\tornado-2.2-py2.7.egg\tornado\ioloop.py", line 173, in close os.close(fd) OSError: [Errno 9] Bad file descriptor Any ideas how to cleanly shutdown the test case?

    Read the article

  • How does the "Remember my password" checkbox work?

    - by Veera
    There are numerous login forms with the little check box "Remember my password" so that the next time you visit the website, the browser automatically fills up the password field for you. But I have noticed a behavior in modern browsers, such as Chrome/Firefox, which shows up a notification bar to save the user name/passoword even though that particular web page does not have any "remember password" check box. so my questions are: If I have to put the "remember password" check box in a login form, what do I have to do when the user checks it? I mean, do I have to store the password in browser cookies (or Local Storage)? If so, should the password be encrypted or plain text? The "Save password" notification bar is a browser's functionality or is there any way to invoke it from the web page?

    Read the article

  • Is is possible to determine a password input string as plaintext or hashed?

    - by Godders
    I have a RESTful API containing a URI of /UserService/Register. /UserService/Register takes an XML request such as: <UserRegistrationRequest> <Password>password</Password> <Profile> <User> <UserName>username</UserName> </User> </Profile> </UserRegistrationRequest> I have the following questions given the above scenario: Is there a way (using C# and .Net 3.5+) of enforcing/validating that clients calling Register are passing a hashed password rather than plaintext? Is leaving the choice of hashing algorithm to be used to the client a good idea? We could provide a second URI of /UserService/ComputePasswordHash which the client would call before calling /UserService/Register. This has the benefit of ensuring that each password is hashed using the same algorithm. Is there a mechanism within REST to ensure that a client has called one URI before calling another? Hope I've explained myself ok. Many thanks in advance for any help.

    Read the article

  • How to encrypt/decrypt a file in Java?

    - by Petike
    Hello, I am writing a Java application which can "encrypt" and consequently "decrypt" whatever binary file. I am just a beginner in the "cryptography" area so I would like to write a very simple application for the beginning. For reading the original file, I would probably use the java.io.FileInputStream class to get the "array of bytes" byte originalBytes[] of the file. Then I would probably use some very simple cipher, for example "shift up every byte by 1" and then I would get the "encrypted" bytes byte encryptedBytes[] and let's say that I would also set a "password" for it, for example "123456789". Next, when somebody wants to "decrypt" that file, he has to enter the password ("123456789") first and after that the file could be decrypted (thus "shift down every byte by 1") and consequently saved to the output file via java.io.FileOutputStream I am just wondering how to "store" the password information to the encrypted file so that the decrypting application knows if the entered password and the "real" password equals? Probably it would be silly to add the password (for example the ASCII ordinal numbers of the password letters) to the beginning of the file (before the encrypted data). So my main question is how to store the password information to the encrypted file?

    Read the article

  • What algorithm should I use for encrypting and embedding a password for an application?

    - by vfclists
    What algorithm should I use for encrypting and embedding a password for an application? It obviously is not bullet proof, but it should be good enough to thwart someone scanning the database with a hex editor, or make it hard for someone who has the skills to use a debugger to trace the code to work out, either by scanning for the encrypted password, or using a debugger to run through the decryption code. Object Pascal would be nice. /vfclists

    Read the article

  • [PHP] md5(uniqid) makes sense for random unique tokens?

    - by Exception e
    I want to create a token generator that generates tokens that cannot be guessed by the user and that are still unique (to be used for password resets and confirmation codes). I often see this code; does it make sense? md5(uniqid(rand(), true)); According to a comment uniqid($prefix, $moreEntopy = true) yields first 8 hex chars = Unixtime, last 5 hex chars = microseconds. I don't know how the $prefix-parameter is handled.. So if you don't set the $moreEntopy flag to true, it gives a predictable outcome. QUESTION: But if we use uniqid with $moreEntopy, what does hashing it with md5 buy us? Is it better than: md5(mt_rand())

    Read the article

  • Rainbow Tables: How to improve upon them??

    - by CVS-2600Hertz-wordpress-com
    I recently obtained the l0pht-CD for windows and tried it out on my PC and It WORKS!! http://2600hertz.wordpress.com/2009/12/22/100-windows-xp-vista-7-password-recovery/ I have also read http://kestas.kuliukas.com/RainbowTables/ I'm designing a "Login-Simulator" that stores pwd-s in a similar manner. The current implementation will be vulnerable to the above attack. Plz could anyone illustrate (in as simple terms as possible), how to strengthen the rainbow tables against such an attack. MY GOAL : Build "Login-Simulator" to be as secure as possible. (Read Hacking Competition ;-) ) Thank You.

    Read the article

  • SHA1 Password returns as cleartext after DB query

    - by Code Sherpa
    Hi. I have a SHA1 password and PasswordSalt in my aspnet_Membership table. but, when I run a query from the server (a Sql Query), the reader reveals that the pass has returned as its cleartext equivalent. I am wondering if my web.config configuration is causing this? <membership defaultProvider="CustomMembershipProvider" userIsOnlineTimeWindow="20" hashAlgorithmType="SHA1"> <providers> <clear/> <add name="CustomMembershipProvider" type="Custom.Utility.CustomMembershipProvider" connectionStringName="MembershipDB" enablePasswordRetrieval="false" enablePasswordReset="true" requiresUniqueEmail="false" requiresQuestionAndAnswer="false" passwordStrengthRegularExpression="" minRequiredPasswordLength="1" minRequiredNonalphanumericCharacters="0" passwordFormat="Hashed" thanks in advance...

    Read the article

  • Symfony 1.4 - Don't save a blank password on a executeUpdate action.

    - by Twelve47
    I have a form to edit a UserProfile which is stored in mysql db. Which includes the following custom configuration: public function configure() { $this->widgetSchema['password']=new sfWidgetFormInputPassword(); $this->validatorSchema['password']->setOption('required', false); // you don't need to specify a new password if you are editing a user. } When the user tries to save the executeUpdate method is called to commit the changes. If the password is left blank, the password field is set to '', but I want it to retain the old password instead of overwriting it. What is the best (/most in the symfony ethos) way of doing this? My solution was to override the setter method on the model (which i had done anyway for password encryption), and ignore blank values. public function setPassword( $password ) { if ($password=='') return false; // if password is blank don't save it. return $this->_set('password', UserProfile ::encryptPassword( $password )); } It seems to work fine like this, but is there a better way? If you're wondering I cannot use sfDoctrineGuard for this project as I am dealing with a legacy database, and cannot change the schema.

    Read the article

  • jQuery password strength plugin callback validation method

    - by jmorhardt
    I'm using a a jQuery plugin to evaluate password strength. It gives a graphical representation for the user to see how secure the password is. I'd like to use it to validate the field as well. The plugin works by assessing the password and giving it a score. I want to be able to verify that the user has entered a password of at least a certain score. The code is hosted on jQuery's site here: http://plugins.jquery.com/project/pstrength. The documentation states that there is a way to add a rule and do custom validation. I'm not sure where to start. The inline documentation states: * === Changelog === * Version 2.1 (18/05/2008) * Added a jQuery method to add a new rule: jQuery('input[@type=password]').pstrength.addRule(name, method, score, active) And later in the code there's this method: jQuery.extend(jQuery.fn.pstrength, { 'addRule': function (name, method, score, active) { digitalspaghetti.password.addRule(name, method, score, active); return true; }, 'changeScore': function (rule, score) { digitalspaghetti.password.ruleScores[rule] = score; return true; }, 'ruleActive': function (rule, active) { digitalspaghetti.password.rules[rule] = active; return true; } }); If anybody has seen an example of how to do this I'd appreciate a pointer in the right direction. Thanks!

    Read the article

  • Secure password transmission over unencrypted tcp/ip

    - by academicRobot
    I'm in the designing stages of a custom tcp/ip protocol for mobile client-server communication. When not required (data is not sensitive), I'd like to avoid using SSL for overhead reasons (both in handshake latency and conserving cycles). My question is, what is the best practices way of transmitting authentication information over an unencrypted connection? Currently, I'm liking SRP or J-PAKE (they generate secure session tokens, are hash/salt friendly, and allow kicking into TLS when necessary), which I believe are both implemented in OpenSSL. However, I am a bit wary since I don't see many people using these algorithms for this purpose. Would also appreciate pointers to any materials discussing this topic in general, since I had trouble finding any.

    Read the article

  • MD5 and Hibernate Query

    - by theJava
    public Login authenticate(Login login) { String query = "SELECT L FROM Login AS L WHERE L.email=? AND L.password=?"; Object[] parameters = { login.getEmail(), login.getPassword() }; List<Login> resultsList = (getHibernateTemplate().find(query,parameters)); if (resultsList.isEmpty()) { //error dude } else if (resultsList.size() > 1) { //throw expections } else { Login login1 = (Login) resultsList.get(0); return login1; } return null; } I have my DB tables password col set as MD5, now how to retrieve it back here.

    Read the article

  • How to decrypt a password from SQL server?

    - by sef
    I have this query in sql server 2000: select pwdencrypt('AAAA') which outputs an encrypted string of 'AAAA': 0x0100CF465B7B12625EF019E157120D58DD46569AC7BF4118455D12625EF019E157120D58DD46569AC7BF4118455D How can I convert (decrypt) the output from its origin (which is 'AAAA')?

    Read the article

  • Best way to store a database password in a startup script / config file?

    - by Mark Harrison
    So our web server apps need to connect to the database, and some other apps have startup scripts that execute at boot time. What's the best way to store the name/password for these applications, in terms of security, e.g. perhaps we don't want sysadmins to know the database password maintainability, e.g. making the configuration easy to change when the password changes, etc. both windows and linux solutions appreciated!

    Read the article

  • Authenticating a SOAP service in Java (password security)

    - by user1686448
    I am writing an application, in Java, which needs to log in to a remote SOAP service (JIRA) prior to calling methods on that service. I have looked at examples of how to do this, for example http://www.j-tricks.com/1/post/2010/8/jira-soap-client.html, however I am concerned that I need to put the password in memory at some point. I've read that I should store the password as a char[] but still, I'm concerned about storing the password in the clear at all. How should I store the password used by my client to log into the SOAP service? And how should I read it and pass it to JIRA?

    Read the article

  • Security benefits from a second opinion, are there flaws in my plan to hash & salt user passwords vi

    - by Tchalvak
    Here is my plan, and goals: Overall Goals: Security with a certain amount of simplicity & database-to-database transferrability, 'cause I'm no expert and could mess it up and I don't want to have to ask a lot of users to reset their passwords. Easy to wipe the passwords for publishing a "wiped" databased of test data. (e.g. I'd like to be able to use a postgresql statement to simply reset all passwords to something simple so that testers can use that testing data for themselves). Plan: Hashing the passwords Account creation records the original email that an account is created with, forever. A global salt is used, e.g. "90fb16b6901dfceb73781ba4d8585f0503ac9391". An account specific salt, the original email the account was created with, is used, e.g. "[email protected]". The users's password is used, e.g. "password123" (I'll be warning against weak passwords in the signup form) The combination of the global salt, account specific salt, and password is hashed via some hashing method in postgresql (haven't been able to find documentation for hashing functions in postgresql, but being able to use sha-2 or something like that would be nice if I could find it). The hash gets stored in the database. Recovering an account To change their password, they have to go through standard password reset (and that reset email gets sent to the original email as well as the most recent account email that they have set). Flaws? Are there any flaws with this that I need to address? And are there best practices to doing hashing fully within postgresql?

    Read the article

  • How to prevent bad formatted data input in DataGridViewCell

    - by JuanNunez
    I have an automatically binded DataGridView that obtains data and update data directly from a Strongly Typed Dataset and its TableAdapter. the DataGridView allows data editing but I'm having issues dealing with bad formatted data input. For example, one of the columns is a date, formatted in the database as datetime, 11/05/2010. You can edit the date and the DataGridView opens a TextBox in wich you can enter letters, simbols and other unauthorised characters. When you finish editing the cell if has such bad data it throws a System.FormatException How can I prevent some data to be entered? Is there a way to "filter" that data before it is sent back to the DataGridView?

    Read the article

  • How to access website CMS with only access to database

    - by user1741615
    I have a website that uses an "in-house" cms and I don't know the login details. The platform itself doesn't have the "reset your password" functionality. I do have access to ftp and phmyadmin and I found the SQL table containing the user details, but of course the password is MD5 encryption. I tried manually creating a user in php my admin and filling in a password encrypted in MD5 (used a md service online for that), but it still doesn't work. Does anybody know other tricks I can use? Thanks.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 26 27 28 29 30 31 32 33 34 35 36 37  | Next Page >