Search Results

Search found 1522 results on 61 pages for 'passwords'.

Page 44/61 | < Previous Page | 40 41 42 43 44 45 46 47 48 49 50 51 | Next Page >

How to create a asp.net membership provider hashed password manually?

- by Anheledir

I'm using a website as a frontend and all users are authenticated with the standard ASP.NET Membership-Provider. Passwords are saved "hashed" within a SQL-Database. Now I want to write a desktop-client with administrative functions. Among other things there should be a method to reset a users password. I can access the database with the saved membership-data, but how can I manually create the password-salt and -hash? Using the System.Web.Membership Namespace seems to be inappropriate so I need to know how to create the salt and hash of the new password manually. Experts step up! :)

Read the article
dreamweaver sites

- by ngreenwood6

Hello, We have over 500 sites that we host. All of there ftp information is in a database. Whenever one of our programmers have to add a site they have to get all the info and set it up. However, I found that you can export them and it has all the info except for one problem. The password is encrypted. I am not trying to hack anything, I want to know how to encrypt our passwords so that we can import them using dreamweavers import feature. Can anyone tell me what encryption they use or a link on how to encrypt. I am not interested in decrypting at all because we already have all of them so it would not do me any good. Thanks for any help

Read the article
How do I use NTLM authentication with Active Directory

- by Jon Works

I am trying to implement NTLM authentication on one of our internal sites and everything is working. The one piece of the puzzle I do not have is how to take the information from NTLM and authenticate with Active Directory. There is a good description of NTLM and the encryption used for the passwords, which I used to implement this, but I am not sure of how to verify if the user's password is valid. I am using Coldfusion but a solution to this problem can be in any language (Java, Python, PHP, etc). Edit: I am using Coldfusion on Redhat Enterprise Linux. Unfortunately we cannot use IIS to manage this and instead have to write or use a 3rd party tool for this.

Read the article
Safety of Amazon Community AMIs

- by Koran

Hi, I am working for a scientific project and would like to use the Amazon EC2 to host the same. Now, I was going through the existing AMIs to create my own, but I found one AMI in the community list of AMIs - which fits perfectly. My question is the following - are the community AMIs safe? Is it possible for a malicious user to create an AMI in such a way that say the usernames/passwords etc can be sent to a remote server or something? Does Amazon do any sort of checking to make sure it cannot happen? I couldnt find the answers to these in Amazon site. I am pretty sure that you guys would have felt the same issues - could you please provide your answers? Regards K

Read the article
mysql: encrypting and decrypting data

- by cbrulak

Does mysql provide a mechanism for storing and retrieving encrypted data? I don't mean passwords, I mean real strings. I'd like to encrypt a string, store in mysql and then retrieve the decrypted string at a later date. So, I know there is the AES_Encrypt and decrypt functions. But they ask for a key. (which is fine) but I wondering if you call those functions and use your user password as the key. Or something else that is super-simple. Also, is there a simple wrapper for the AES_Encrypt & decrypt functions in Rails? Or do you need to build the query manually?

Read the article
How to avoid having very large objects with Domain Driven Design

- by Pablojim

We are following Domain Driven Design for the implementation of a large website. However by putting the behaviour on the domain objects we are ending up with some very large classes. For example on our WebsiteUser object, we have many many methods - e.g. dealing with passwords, order history, refunds, customer segmentation. All of these methods are directly related to the user. Many of these methods delegate internally to other child object but this still results in some very large classes. I'm keen to avoid exposing lots of child objects e.g. user.getOrderHistory().getLatestOrder(). What other strategies can be used to avoid this problems?

Read the article
Using Api to submit userdata to external party

- by Younes

I have to submit subscription data to another website. I have got documentation on how to use this API however i'm not 100% sure of how to set this up. I do have all the information needed, like username / passwords etc. This is the API documentation: https://www.apiemail.net/api/documentation/?SID=4 How would my request / post / whatever look like in C# .net (vs 2008) when i'm trying to acces this API? This is what i have now, I think i'm not on the right track: public static string GArequestResponseHelper(string url, string token, string username, string password) { HttpWebRequest myRequest = (HttpWebRequest)WebRequest.Create(url); myRequest.Headers.Add("Username: " + username); myRequest.Headers.Add("Password: " + password); HttpWebResponse myResponse = (HttpWebResponse)myRequest.GetResponse(); Stream responseBody = myResponse.GetResponseStream(); Encoding encode = System.Text.Encoding.GetEncoding("utf-8"); StreamReader readStream = new StreamReader(responseBody, encode); //return string itself (easier to work with) return readStream.ReadToEnd();

Read the article
ASP.NET plug-in architecture, settings problem

- by Xaqron

I want to divide business layer (BLL) of an asp.net application into multiple components. Each component is a .NET class library which is compiled as a standalone DLL. These components should have their own configuration files. For example "MyNameSpace.Users.dll" contains classes about users of the website and there's a password policy to check if password length is at least x characters. When webmaster edits the config file of this DLL and set x to y then component (DLL) should use new value (y) in the future and enforce passwords to be at least y characters. I want each component as a single project and compile them separaely (and not to put all projects in a solution in Visual Studio), and put the DLLs of these libraries into the "Bin" folder of my ASP.NET application. Is it possible ? Where should I put these config files ?

Read the article
[Sql-Server]what data type to use for password salt and hash values and what length?

- by Pandiya Chendur

I am generating salt and hash values from my passwords by using, string salt = CreateSalt(TxtPassword.Text.Length); string hash = CreatePasswordHash(TxtPassword.Text, salt); private static string CreateSalt(int size) { //Generate a cryptographic random number. RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider(); byte[] buff = new byte[size]; rng.GetBytes(buff); // Return a Base64 string representation of the random number. return Convert.ToBase64String(buff); } private static string CreatePasswordHash(string pwd, string salt) { string saltAndPwd = String.Concat(pwd, salt); string hashedPwd = FormsAuthentication.HashPasswordForStoringInConfigFile( saltAndPwd, "sha1"); return hashedPwd; } What datatype you would suggest for storing these values in sql server? Any suggestion... Salt:9GsPWpFD Hash:E778AF0DC5F2953A00B35B35D80F6262CDBB8567

Read the article
Can you figure out the password hashing scheme?

- by Adal

I have two passwords and two resulting hashes. I can't figure out how the hash is derived from the password. I don't know if salting is used. I don't know if the password is hashed as a integer value or as a string (possibly Unicode). Password: 6770 Hash: c12114b91a3841c143bbeb121693e80b Password: 9591 Hash: 25238d578b6a61c2c54bfe55742984c1 The hash length seems to suggest MD5. Anybody has any ideas what I could try? Note: This is not for hacking purposes. I'm trying to access a service through an API instead of it's desktop client, and I can't figure out how to compute the password hash. Currently instead of using my real password I'm sending directly the hash.

Read the article
How can a hacker put a file on my server root (apache, php, 1and1)

- by mike-sav

Hi there, I have a site hosted on 1and1 and a couple of weeks ago I noticed a hacker had put a .php file on the server that when viewed in a browser exposed my DB schema, DB connection strings, FTP account (for file uploads using a form), etc, etc. Naturally I panicked and I wiped the server and reuploaded my files. Fortunatley I encrypt passwords using MD5 and I don't store things like credit card details, etc, etc. Now I checked my files and with all user input I use a clean function (htmlentities, sql_real_escape_string, etc, etc) that strips the input of any XSS or SQL injection. I have also made sure that the session key gets re-engineered when a user status changes (like they log into their account) to prevent session hijacking, my folder permissions are set to 755 and file permission are 644. Has anyone got any idea how this could have happened? Or if I'm missing something

Read the article
Convert ASP.NET membership system to secure password storage

- by wrburgess

I have a potential client that set up their website and membership system in ASP.NET 3.5. When their developer set up the system, it seems he turned off the security/hashing aspect of password storage and everything is stored in the clear. Is there a process to reinstall/change the secure password storage of ASP.NET membership without changing all of the passwords in the database? The client is worried that they'll lose their customers if they all have to go through a massive password change. I've always installed with security on by default, thus I don't know the effect of a switchover. Is there a way to convert the entire system to a secure password system without major effects on the users?

Read the article
simple authorisation in web api

- by monthon1

I want to make nice and clean api; I'm making site and I want to offer the ability to mobile apps use web API of my site. I don't want to use oAuth, becouse the mobile and embedded applications that are facing the biggest hurdle, as they may not be able to bring up and/or control the web browser. Also its a little complicate. I know, that HTTP basic authorisation is not safe, but it's so simple... I want to use it in my api. I have somee users logins and their passwords (md5-encoded) in mysql base, but how to use those data in this HTTP basic authorisation?

Read the article
Perform manual test, automate after - or never?

- by dotnetdev

In my current company, we have one tester. Having spoken to this tester, she says that in testing, before implementing any automation systems, the scripts (steps to take) are manually written and performed (performed at least once). Is this the way things work in testing? To make me laugh, this has been done in this case, yet no automation. It makes me laugh to see the lead tester perform loads of different combinations of usernames and passwords for a login form (which she is not overly keen on having automated) when I could easily automate that (but politics in the company won't allow that). This doesn't seem like the environment where a junior tester (not me, I'm a SDET) cannot learn anything. Thanks

Read the article
Secure database connection. DAL .net architecture best practice

- by Andrew Florko

We have several applications that are installed in several departments that interact with database via Intranet. Users tend to use weak passwords or store login/password written on a shits of paper where everybody can see them. I'm worried about login/password leakage & want to minimize consequences. Minimizing database-server attack surface by hiding database-server from Intranet access would be a great idea also. I'm thinking about intermediary data access service method-based security. It seems more flexible than table-based or connection-based database-server one. This approach also allows to hide database-server from public Intranet. What kind of .net technologies and best practices would you suggest? Thank in you in advance!

Read the article
Password checking in dojo

- by Richard

I want to check that two passwords are the same using Dojo. Here is the HTML I have: <form id="form" action="." dojoType="dijit.form.Form" / <pPassword: <input type="password" name="password1" id="password1" dojoType="dijit.form.ValidationTextBox" required="true" invalidMessage="Please type a password" /</p <pConfirm: <input type="password" name="password2" id="password2" dojoType="dijit.form.ValidationTextBox" required="true" invalidMessage="This password doesn't match your first password" /</p <div dojoType="dijit.form.Button" onClick="onSave"Save</div </form Here is the JavaScript I have so far: var onSave = function() { if(dijit.byId('form').validate()) { alert('Good form'); } else { alert('Bad form'); } } Thanks for your help. I could do this in pure JavaScript, but I'm trying to find the Dojo way of doing it.

Read the article
How to accomplish "AuthType None" in Apache 2.2

- by Technorati

http://httpd.apache.org/docs/trunk/mod/mod_authn_core.html#authtype talks about "AuthType None", and has an awesome example of exactly what I need to do - unfortunately, it appears to be new to 2.3/2.4. Is there any equivalent feature in 2.2? The authentication type None disables authentication. When authentication is enabled, it is normally inherited by each subsequent configuration section, unless a different authentication type is specified. If no authentication is desired for a subsection of an authenticated section, the authentication type None may be used; in the following example, clients may access the /www/docs/public directory without authenticating: <Directory /www/docs> AuthType Basic AuthName Documents AuthBasicProvider file AuthUserFile /usr/local/apache/passwd/passwords Require valid-user </Directory> <Directory /www/docs/public> AuthType None Require all granted </Directory>

Read the article
Convert VB6 Randomize to C#

- by Thomas G. Mayfield

I'm writing a C# frontend to a legacy database that uses VB6 Rnd() and Randomize() methods for user password encryption. The encryption function is very simplistic and really not all that secure, but it's what all current passwords are stored with. What I'd like to be able to do is authenticate legacy users from a C# application. I can write new encryption (or preferably hashing) code for VB6 so that all future users have a more secure password, and that can be duplicated in C#. But I don't want to require current users to have had their password reset before they can use the new frontend. Is there any way I can reimplement that algorithm in C# so that it produces identical results to the legacy VB6 code?

Read the article
creating multiple users for a c#.net winform application using sql server express

- by sqlchild

i have a single sql database in sql server express. i have a login MAINLOGIN, for this database. i want insertion of data in this database through multiple users, U1,U2,U3, each having different userids & passwords. These users would be created by MAINLOGIN , manually or via the winform application. So while creating MAINLOGIN , i would give him permission to further create logins. For this what should i do? i cannot create MULTIPLE users, because for one database, only one user can be created under one login. so should i create multiple logins, L1,L2,L3, then map, U1, U2, U3 to them. Or, is there a better way to do this? like application roles etc. i dont want to use windows authentication. because if i know the system password, then i could simply connect sql via the application and insert wrong data.

Read the article
Combining DROP USER and DROP DATABASE with SELECT .. WHERE query?

- by zsero

I'd like to make a very simple thing, replicate the functionality of mysql's interactive mysql_secure_installation script. My question is that is there a simple, built-in way in MySQL to combine the output of a SELECT query with the input of a DROP user or DROP database script? For example, if I'd like to drop all users with empty passwords. How could I do that with DROP USER statement? I know an obvious solution would be to run everything for example from a Python script, run a query with mysql -Bse "select..." parse the output with some program construct the drop query run it. Is there an easy way to do it in a simple SQL query? I've seen some example here, but I wouldn't call it simple: http://stackoverflow.com/a/12097567/518169 Would you recommend making a combined query, or just to parse the output using for example Python or bash scripts/sed?

Read the article
HTML stops at a PHP script made to connect to a mysql database. No errors printed.

- by DavidR

I'm trying to set up a login script for PHP using the tutorial on this site. The problem is that the site stops when it hits these lines, no error, no text: <?php $conn = mysql_connect('localhost', 'root', 'password') or die('error line7' . mysql_error()); mysql_select_db('mydb', $conn) or die('error line8' . mysql_error()); ?> If I take out these lines, the rest of the html runs perfectly. I've double checked my passwords and everything, nothing is working. I know very little about php and mysql other than what I've learned trying to set this up.

Read the article
Error on Access database: Permission denied: 'CreateObject'

- by elixireu

Hi, I am migrating a website over to a new server, its in ASP and uses several Access databases, the site and CMS can read, display the data, and even edit and update existing data entries, but when I want to add a new entry, I get an error... Microsoft VBScript runtime error '800a0046' Permission denied: 'CreateObject' /padp2010d/ads_tradetracker.asp, line 11 There seems to be no passwords on the databases, I have set up and tested the ODBC Data Sources and they are working fine. The code or line that is causing the problem is... <% Dim Mail, strPath, strHost, Upload Set Upload = CreateObject("Persits.Upload") Upload.IgnoreNoPost = True ' Generate unique names Upload.OverwriteFiles = False ' Limit file size to 500000 bytes Upload.SetMaxSize 500000, True ' capture an upload and save uploaded files (if any) in temp directory Upload.SaveVirtual "\pa\images\advertenties" Upload.Save ' Use session ID as the new file name NewName = Session.SessionID The line 11 is Set Upload = CreateObject("Persits.Upload") If anyone could help that would be great. Could it be a Permission setting? Im a complete novice with ASP and Access! Thanks

Read the article
Login fails after upgrade to ASP.net 4.0 from 3.5

- by lomac

I cannot log in using any of the membership accounts using .net 4.0 version of the app. It fails like it's the wrong password, and FailedPasswordAttemptCount is incremented in my_aspnet_membership table. (I am using membership with mysql membership provider.) I can create new users. They appear in the database. But I cannot log in using the new user credentials (yes, IsApproved is 1). One clue is that the hashed passwords in the database is longer for the users created using the asp.net 4.0 version, e.g 3lwRden4e4Cm+cWVY/spa8oC3XGiKyQ2UWs5fxQ5l7g=, and the old .net 3.5 ones are all like +JQf1EcttK+3fZiFpbBANKVa92c=. I can still log in when connecting to the same db with the .net 3.5 version, but only to the old accounts, not the new ones created with the .net 4.0 version. The 4.0 version cannot log in to any accounts. I tried dropping the whole database on my test system, the membership tables are then auto created on first run, but it's still the same, can create users, but can't log in.

Read the article
Kentico - Using punctuation with AuthenticateUser

- by Big Friendly Giant

We are currently using version 7.0 of the kentico API to authenticate users into our system. The following code is used to gain user details from the database and authenticate users. UserInfo objUserInfo = AuthenticationHelper.AuthenticateUser(username.ToLower(), password.ToLower(), CMSContext.CurrentSiteName); This has primarily been working correctly, but we are having issues with usernames and passwords that contain any of the following characters. " ! @ ' / \ < * - Is there any settings that I need to be aware of (web.config or otherwise) that would stop the API from accessing an account where a username or password contained special characters?

Read the article
Encrypting password in compiled C or C++ code

- by Daniel

Hello!, I know how to compile C and C++ Source files using GCC and CC in the terminal, however i would like to know if its safe to include passwords in these files, once compiled. For example.. i check user input for a certain password e.g 123, but it appears compiled C/C++ programs is possible to be decompiled. Is there anyway to compile a C/C++ source file, while keeping the source completely hidden.. If not, could anyone provide a small example of encrypting the input, then checking against the password e.g: (SHA1, MD5)

Read the article

< Previous Page | 40 41 42 43 44 45 46 47 48 49 50 51 | Next Page >