Search Results

Search found 94172 results on 3767 pages for 'user password'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 62/3767 | < Previous Page | 58 59 60 61 62 63 64 65 66 67 68 69  | Next Page >

  • See the latest Applications Cloud user experiences at Oracle OpenWorld 2014

    - by mvaughan
    By Misha Vaughan, Oracle Applications User Experience OAUX Day: Oracle Applications Cloud User Experience Strategy & Roadmap?. This event is for partners, Oracle sales, and customers who are passionate about Oracle’s commitment to the ongoing user experience investment in Oracle’s Applications Cloud. If you want to see where we are going firsthand, contact the Applications UX team to attend this special event, scheduled the week before Oracle OpenWorld.All attendees must be approved to attend and have signed Oracle’s non-disclosure agreement. Register HERE.Date and time: 8 a.m. - 5 p.m. Wednesday, Sept. 24, 2014 Location: Oracle Conference Center, Redwood City, Calif. Oracle Applications Cloud User Experience Partner & Sales Briefing This event is for Oracle Applications partners and Oracle sales who want to find out what’s up with release 9 user experience highlights for: Oracle Sales Cloud, Oracle HCM Cloud, cloud extensibility, and Paas4SaaS. It will be held the day before Oracle OpenWorld kicks off. All attendees must be approved to attend. Register HERE.Date and time: 10:30 a.m. - 12:30 p.m. Sunday, Sept. 28, 2014Location: Intercontinental Hotel, 888 Howard Street, San Francisco, Calif. , in the Telegraph Hill room. Oracle OpenWorld 2014 OAUX Applications Cloud Exchange.This daylong, demo-intensive event is for Oracle customers, partners, and sales representatives who want to see what the future of Oracle’s cloud user experiences will look like. Attendees will also see what’s cooking in Oracle’s research and development kitchen – concepts that aren’t products … yet.All attendees must be approved to attend and have signed Oracle’s non-disclosure agreement. Register HERE.Date and time:  1 - 4 p.m. and 6 - 8:00 p.m. Monday, Sept. 29, 2014 Location: Intercontinental Hotel, 888 Howard Street, San Francisco, Calif., on the Spa Terrace.

    Read the article

  • session management: verifying a user's log-in state

    - by good_computer
    I am storing sessions in my database. Everytime a user logs in, I create a new row corresponding to the new session, generate a new session id and send it as a cookie to the browser. My session data looks something like this: { 'user_id': 1234 'user_name': 'Sam' ... } When a request comes, I check whether a cookie with a session id is sent. If it is, I fetch session data from my database (or memcache) corresponding to that session id. When the user logs out, I remove the session data from my database (and memcache), and delete the cookie from the user's browser too. Notice that in my session data, I don't have something like logged_in: true. This is because if I find a session record in the database (or memcache) I deduce that the user is logged in, and if there is no session record found, the user is not logged in. My question is: is this the right approach? Should I have a logged_in key in my session data? Is there any possibility that a session record may be present on the server where the corresponding user is actually NOT logged in? Are there any security implications in having or not having such a key?

    Read the article

  • Managing arbitrary user permissions under PureFTPd

    - by Sebastián Grignoli
    I need to provide an FTP service that needs to be web-managed in the simplest way possible. My customer wants to create folders and users, and give them read only or read/write access arbitrarily. For example: The folder 'Documents' should be read only for several users, writable for internal users, and invisible for the rest. The folder 'Pictures' should be read only for journalists, writable for associates, and invisible for the rest. The folder 'Media' should be read only, writable or invisible for arbitrary users specified on the admin. There could be a large number of users and folders. I can't find a good way to accomplish that. I thought that I could give each user a home folder and put symlinks for the folders he has read access to, and make the user part of the folder's group when he has write access too, but now I think that this wouldn't work, because with PureFTPd (or ProFTPd) I can only specify the virtual user's mapping to a system user, and only one GUID for each virtual user. My approach requires that I could specify several GUIDs for each user (one by each folder he has write access to). I need to start programming this admin and I still don't know wich approach would work, if any. ¿Any ideas?

    Read the article

  • Storing User-uploaded Images

    - by Nyxynyx
    What is the usual practice for handling user uploaded photos and storing them on the database and server? For a user profile image: After receiving the image file from user, rename file to <image_id>_<username> Move image to /images/userprofile Add img filename to a table users containing their profile details like first_name, last_name, age, gender, birthday For a image for a review done by user: After receiving the image file from user, rename file to <image_id>_<review_id> Move image to /images/reviews Add img filename to a table reviews containing their profile details like review_id, review_content, user_id, score. Question 1: How should I go about storing the image filenames if the user can upload multiple photos for a particular review? Serialize? Question 2: Or have another table review_images with columns review_id, image_id, image_filename just for tracking images? Will doing a JOIN when retriving the image_filename from this table slow down performance noticeably? Question 3: Should all the images be stored in a single folder? Will there be a problem when we have 100K photos in the same folder? Is there a more efficient way to go about doing this?

    Read the article

  • SQL DB design to support user feeds (in application like facebook)

    - by Yoav
    I have a social network server with a MySql DB. I want to show the users feeds like done in Facebook. Example - UserX now Friend with userY, userX did like on postX etc. Currently I have table: C1 : UserId C2 : LogType (now friend, did like etc) C3 : ObjectId (Can be userId or postId) - set depending on the LogType. Currently to get all related logs to show to the user I do the following queries: 1. Get All user Friends userIds 2. Query all rows which C1 is in userIds (I query completed) 3. Scan the DB and see - if LogType equals DidLike, check if post's OwnerId is the userId - if yes add it to logs. And so on. Obvious this is not efficient at all. I am looking for a better way. I thought I had in mind: Create a new table (in addition to the Log table) C1 : UserId C2 : LogId (from Log table) C3 : UserID of the one who did the action When querying logs - look in the table and get related Logs (by LogId) from LogTable. Updating the table: Whenever user doing action that should be in the log: 1. Add the Log entry to LogTable. 2. Scan the DB and see which users are interested with the Log (Who my friends are, Who is the owner of the post) and add related entries to the new table. (must be done in BG). 3. If user UNFRIEND another user - then look in the logs for all rows where C3 == UNFRIENDED user id and delete them. Any opinions? Other suggestions?

    Read the article

  • PAM with KRB5 to Active Directory - How to prevent update of AD password?

    - by Ex Umbris
    I have a working Fedora 9 system that's set up to authenticate users via PAM - krb5 - Active Directory. I'm migrating this to Fedora 14, and everything works, but it's working too well :-) On Fedora 9, if a Linux user updated their password, it did not propagate to their Active Directory account. On Fedora 14, it is changing their A/D password. The problem is I don't want A/D to be updated. Here's my password-auth-ac: auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_krb5.so use_first_pass auth required pam_deny.so account required pam_unix.so account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account [default=bad success=ok user_unknown=ignore] pam_krb5.so account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 type= password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok password sufficient pam_krb5.so use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so -session optional pam_systemd.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_krb5.so I tried removing the line password sufficient pam_krb5.so use_authtok But then when attempting to change the Linux password, if they provide their A/D password for the authentication prompt, they get the error: passwd: Authentication token manipulation error What I want to achieve is: Allow authentication with either the A/D or Linux password (the Linux password is a fall-back for certain sysadmin users in case A/D is unavailable for some reason). This is working now. Allow users to change their Linux passwords without affecting their A/D passwords. Is this possible?

    Read the article

  • SQL SERVER – Solution – User Not Able to See Any User Created Object in Tables – Security and Permissions Issue

    - by pinaldave
    There is an old quote “A Picture is Worth a Thousand Words”. I believe this quote immensely. Quite often I get phone calls that something is not working if I can help. My reaction is in most of the cases, I need to know more, send me exact error or a screenshot. Until and unless I see the error or reproduce the scenario myself I prefer not to comment. Yesterday I got a similar phone call from an old friend, where he was not sure what is going on. Here is what he said. “When I try to connect to SQL Server, it lets me connect just fine as well let me open and explore the database. I noticed that I do not see any user created instances but when my colleague attempts to connect to the server, he is able to explore the database as well see all the user created tables and other objects. Can you help me fix it? “ My immediate reaction was he was facing security and permission issue. However, to make the same recommendation I suggested that he send me a screenshot of his own SSMS and his friend’s SSMS. After carefully looking at both the screenshots, I was very confident about the issue and we were able to resolve the issue. Let us reproduce the same scenario and many there is some learning for us. Issue: User not able to see user created objects First let us see the image of my friend’s SSMS screen. (Recreated on my machine) Now let us see my friend’s colleague SSMS screen. (Recreated on my machine) You can see that my friend could not see the user tables but his colleague was able to do the same for sure. Now I believed it was a permissions issue. Further to this I asked him to send me another image where I can see the various permissions of the user in the database. My friends screen My friends colleagues screen This indeed proved that my friend did not have access to the AdventureWorks database and because of the same he was not able to access the database. He did have public access which means he will have similar rights as guest access. However, their SQL Server had followed my earlier advise on having limited access for guest access, which means he was not able to see any user created objects. My next question was to validate what kind of access my friend’s colleague had. He replied that the colleague is the admin of the server. I suggested that if my friend was suppose to have admin access to the database, he should request of having admin access to his colleague. My friend promptly asked for the same to his colleague and on following screen he added him as an admin. You can do the same using following T-SQL script as well. USE [AdventureWorks2012] GO ALTER ROLE [db_owner] ADD MEMBER [testguest] GO Once my friend was admin he was able to access all the user objects just like he was expecting. Please note, this complete exercise was done on a development server. One should not play around with security on live or production server. Security is such an issue, which should be left with only senior administrator of the server. Reference: Pinal Dave (http://blog.SQLAuthority.com) Filed under: PostADay, SQL, SQL Authority, SQL Query, SQL Security, SQL Server, SQL Tips and Tricks, T SQL, Technology

    Read the article

  • OAuth 2.0: Can a user-agent client avoid forwarding fragments?

    - by Bosh
    In the OAuth 2.0 draft specification, user-agent clients receive authorization in the form of a bearer token via redirection (from an authentication server) to a URL such as HTTP/1.1 302 Found Location: http://example.com/rd#access_token=FJQbwq9&expires_in=3600 According to Section 3.5.2 it is then the user-agent's job to GET the URL in question, but "The user-agent SHALL NOT include the fragment component with the request." In other words, as a result of the example redirection above, the user-agent should GET /rd HTTP/1.1 Host: example.com without passing #access_token to the server. My question: what user agents behave this way? I thought redirection in Firefox, for example, would (logically) include the fragment in the GET request. Am I just wrong about this, or does the OAuth 2.0 specification rely on non-standard user-agent behavior?

    Read the article

  • Ubuntu 13.10 isn't remembering my passwords anymore, why?

    - by Nik Reiman
    Ubuntu's password management used to be working just fine for me, but around two weeks ago after running apt-get upgrade, I've noticed that now it keeps "forgetting" my passwords. For instance, I need to manually enter passwords to unlock my ssh keys to use git, which previously was done automatically on login. My workplace's 802.11x authentication also no longer works, I need to manually re-auth just to connect to internet. What's going on?

    Read the article

  • Hash Sum mismatch on python-keyring

    - by Gearoid Murphy
    I came in to my workstation this morning to find an apt error notification relating to a hash sum mismatch on the python keyring password storage mechanism, given the sensitive nature of this package, this gives me some cause for concern. Has anyone else seen this error?, how can I ensure that my system has not been compromised? Failed to fetch http://gb.archive.ubuntu.com/ubuntu/pool/main/p/python-keyring/python-keyring_0.9.2-0ubuntu0.12.04.2_all.deb Hash Sum mismatch Xubuntu 11.04 AMD64

    Read the article

  • What are the default groups assigned to the first user in Ubuntu Server?

    - by Wayne Koorts
    I just made a silly mistake on my Ubuntu Server box: I added myself to a group using usermod -G, after which I discovered the -a option... The result is that I am now out of the admin group, and lost my sudo rights. I can sort that out, but I want to know what other groups I may been removed from? My user was the first one so what I'm looking for is a list of groups that the first user gets added to at installation time.

    Read the article

  • How To Create a Shortcut That Lets a Standard User Run An Application as Administrator

    - by Chris Hoffman
    Want to allow a standard user account to run an application as administrator without a UAC or password prompt? You can easily create a shortcut that uses the runas command with the /savecred switch, which saves the password. Note that using /savecred could be considered a security hole – a standard user will be able to use the runas /savecred command to run any command as administrator without entering a password. However, it’s still useful for situations where this doesn’t matter much – perhaps you want to allow a child’s standard user account to run a game as Administrator without asking you. We’ve also covered allowing a user to run an application as Administrator with no UAC prompts by creating a scheduled task. HTG Explains: Is ReadyBoost Worth Using? HTG Explains: What The Windows Event Viewer Is and How You Can Use It HTG Explains: How Windows Uses The Task Scheduler for System Tasks

    Read the article

  • How to setup passwordless SSH access for root user

    - by Cerin
    I need to configure a machine so software installation can be automated remotely via SSH. Following the wiki, I was able to setup SSH keys so my user can access the machine without a password, but I still need to manually enter my password when I use sudo, which obviously an automated process shouldn't have to do. Although my /etc/ssh/sshd_config has PermitRootLogin yes, I can't seem to be able to login as root, presumably because it's not a "real" account with a separate password. How do I configure SSH keys, so a process can remotely login as root on Ubuntu?

    Read the article

  • Multiple Passwords on One Account

    - by user110789
    I'd like to join three ideas into one interesting and sometimes useful feature. There was a question about using multiple passwords earlier this year, but it didn't receive much attention. I'd like to ask the question again after showing an interesting and new way to use the feature. The three original posts I found to be interestingly combined were: (1) Multiple passwords per user (2) http://blog.littleimpact.de/index.php/2009/09/14/automatic-encryption-of-home-directories-using-truecrypt-62-and-pam_exec/ (3) http://www.truecrypt.org/docs/hidden-volume Basically I'd like to login to my account with two passwords and depending on the password I use, I would get a different content in my home directory. In a way I would get a cryptographically hidden account into my system. So the question is, is it possible to allow multiple passwords to log on to Ubuntu/Linux for the same user?

    Read the article

  • How can * be a safe hashed password?

    - by Exception e
    phpass is a widely used hashing 'framework'. While evaluating phpass' HashPassword I came across this odd method fragment. function HashPassword($password) { // <snip> trying to generate a hash… # Returning '*' on error is safe here, but would _not_ be safe # in a crypt(3)-like function used _both_ for generating new # hashes and for validating passwords against existing hashes. return '*'; } This is the complete phpsalt class: # Portable PHP password hashing framework. # # Version 0.2 / genuine. # # Written by Solar Designer <solar at openwall.com> in 2004-2006 and placed in # the public domain. # # # class PasswordHash { var $itoa64; var $iteration_count_log2; var $portable_hashes; var $random_state; function PasswordHash($iteration_count_log2, $portable_hashes) { $this->itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; if ($iteration_count_log2 < 4 || $iteration_count_log2 > 31) $iteration_count_log2 = 8; $this->iteration_count_log2 = $iteration_count_log2; $this->portable_hashes = $portable_hashes; $this->random_state = microtime() . getmypid(); } function get_random_bytes($count) { $output = ''; if (is_readable('/dev/urandom') && ($fh = @fopen('/dev/urandom', 'rb'))) { $output = fread($fh, $count); fclose($fh); } if (strlen($output) < $count) { $output = ''; for ($i = 0; $i < $count; $i += 16) { $this->random_state = md5(microtime() . $this->random_state); $output .= pack('H*', md5($this->random_state)); } $output = substr($output, 0, $count); } return $output; } function encode64($input, $count) { $output = ''; $i = 0; do { $value = ord($input[$i++]); $output .= $this->itoa64[$value & 0x3f]; if ($i < $count) $value |= ord($input[$i]) << 8; $output .= $this->itoa64[($value >> 6) & 0x3f]; if ($i++ >= $count) break; if ($i < $count) $value |= ord($input[$i]) << 16; $output .= $this->itoa64[($value >> 12) & 0x3f]; if ($i++ >= $count) break; $output .= $this->itoa64[($value >> 18) & 0x3f]; } while ($i < $count); return $output; } function gensalt_private($input) { $output = '$P$'; $output .= $this->itoa64[min($this->iteration_count_log2 + ((PHP_VERSION >= '5') ? 5 : 3), 30)]; $output .= $this->encode64($input, 6); return $output; } function crypt_private($password, $setting) { $output = '*0'; if (substr($setting, 0, 2) == $output) $output = '*1'; if (substr($setting, 0, 3) != '$P$') return $output; $count_log2 = strpos($this->itoa64, $setting[3]); if ($count_log2 < 7 || $count_log2 > 30) return $output; $count = 1 << $count_log2; $salt = substr($setting, 4, 8); if (strlen($salt) != 8) return $output; # We're kind of forced to use MD5 here since it's the only # cryptographic primitive available in all versions of PHP # currently in use. To implement our own low-level crypto # in PHP would result in much worse performance and # consequently in lower iteration counts and hashes that are # quicker to crack (by non-PHP code). if (PHP_VERSION >= '5') { $hash = md5($salt . $password, TRUE); do { $hash = md5($hash . $password, TRUE); } while (--$count); } else { $hash = pack('H*', md5($salt . $password)); do { $hash = pack('H*', md5($hash . $password)); } while (--$count); } $output = substr($setting, 0, 12); $output .= $this->encode64($hash, 16); return $output; } function gensalt_extended($input) { $count_log2 = min($this->iteration_count_log2 + 8, 24); # This should be odd to not reveal weak DES keys, and the # maximum valid value is (2**24 - 1) which is odd anyway. $count = (1 << $count_log2) - 1; $output = '_'; $output .= $this->itoa64[$count & 0x3f]; $output .= $this->itoa64[($count >> 6) & 0x3f]; $output .= $this->itoa64[($count >> 12) & 0x3f]; $output .= $this->itoa64[($count >> 18) & 0x3f]; $output .= $this->encode64($input, 3); return $output; } function gensalt_blowfish($input) { # This one needs to use a different order of characters and a # different encoding scheme from the one in encode64() above. # We care because the last character in our encoded string will # only represent 2 bits. While two known implementations of # bcrypt will happily accept and correct a salt string which # has the 4 unused bits set to non-zero, we do not want to take # chances and we also do not want to waste an additional byte # of entropy. $itoa64 = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; $output = '$2a$'; $output .= chr(ord('0') + $this->iteration_count_log2 / 10); $output .= chr(ord('0') + $this->iteration_count_log2 % 10); $output .= '$'; $i = 0; do { $c1 = ord($input[$i++]); $output .= $itoa64[$c1 >> 2]; $c1 = ($c1 & 0x03) << 4; if ($i >= 16) { $output .= $itoa64[$c1]; break; } $c2 = ord($input[$i++]); $c1 |= $c2 >> 4; $output .= $itoa64[$c1]; $c1 = ($c2 & 0x0f) << 2; $c2 = ord($input[$i++]); $c1 |= $c2 >> 6; $output .= $itoa64[$c1]; $output .= $itoa64[$c2 & 0x3f]; } while (1); return $output; } function HashPassword($password) { $random = ''; if (CRYPT_BLOWFISH == 1 && !$this->portable_hashes) { $random = $this->get_random_bytes(16); $hash = crypt($password, $this->gensalt_blowfish($random)); if (strlen($hash) == 60) return $hash; } if (CRYPT_EXT_DES == 1 && !$this->portable_hashes) { if (strlen($random) < 3) $random = $this->get_random_bytes(3); $hash = crypt($password, $this->gensalt_extended($random)); if (strlen($hash) == 20) return $hash; } if (strlen($random) < 6) $random = $this->get_random_bytes(6); $hash = $this->crypt_private($password, $this->gensalt_private($random)); if (strlen($hash) == 34) return $hash; # Returning '*' on error is safe here, but would _not_ be safe # in a crypt(3)-like function used _both_ for generating new # hashes and for validating passwords against existing hashes. return '*'; } function CheckPassword($password, $stored_hash) { $hash = $this->crypt_private($password, $stored_hash); if ($hash[0] == '*') $hash = crypt($password, $stored_hash); return $hash == $stored_hash; } }

    Read the article

  • jQuery Validate plugin - password check - minimum requirements - Regex

    - by QviXx
    I've got a little problem with my password-checker. There's got a registration form with some fields. I use jQuery Validate plugin to validate user-inputs. It all works except the password-validation: The password should meet some minimum requirements: minimum length: 8 - I just use 'minlength: 8' at least one lower-case character at least one digit Allowed Characters: A-Z a-z 0-9 @ * _ - . ! At the moment I use this code to validate the password: $.validator.addMethod("pwcheck", function(value, element) { return /^[A-Za-z0-9\d=!\-@._*]+$/.test(value); }); This Code works for the allowed characters but not for minimum requirements. I know that you can use for example (?=.*[a-z]) for a lower-case-requirement. But I just don't get it to work. If I add (?=.*[a-z]) the whole code doesn't work anymore. I need to know how to properly add the code to the existing one. Thank you for your answers! This is the complete code <script> $(function() { $("#regform").validate({ rules: { forename: { required: true }, surname: { required: true }, username: { required: true }, password: { required: true, pwcheck: true, minlength: 8 }, password2: { required: true, equalTo: "#password" }, mail1: { required: true, email: true }, mail2: { required: true, equalTo: "#mail1" } }, messages: { forename: { required: "Vornamen angeben" }, surname: { required: "Nachnamen angeben" }, username: { required: "Usernamen angeben" }, password: { required: "Passwort angeben", pwcheck: "Das Passwort entspricht nicht den Kriterien!", minlength: "Das Passwort entspricht nicht den Kriterien!" }, password2: { required: "Passwort wiederholen", equalTo: "Die Passwörter stimmen nicht überein" }, mail1: { required: "Mail-Adresse angeben", email: "ungültiges Mail-Format" }, mail2: { required: "Mail-Adresse wiederholen", equalTo: "Die Mail-Adressen stimmen nicht überein" } } }); $.validator.addMethod("pwcheck", function(value, element) { return /^[A-Za-z0-9\d=!\-@._*]+$/.test(value); }); }); </script>

    Read the article

  • How does one decrypt a PDF with an owner password, but no user password?

    - by Tony Meyer
    Although the PDF specification is available from Adobe, it's not exactly the simplest document to read through. PDF allows documents to be encrypted so that either a user password and/or an owner password is required to do various things with the document (display, print, etc). A common use is to lock a PDF so that end users can read it without entering any password, but a password is required to do anything else. I'm trying to parse PDFs that are locked in this way (to get the same privileges as you would get opening them in any reader). Using an empty string as the user password doesn't work, but it seems (section 3.5.2 of the spec) that there has to be a user password to create the hash for the admin password. What I would like is either an explanation of how to do this, or any code that I can read (ideally Python, C, or C++, but anything readable will do) that does this so that I can understand what I'm meant to be doing. Standalone code, rather than reading through (e.g.) the gsview source, would be best.

    Read the article

  • Password hashing, salt and storage of hashed values

    - by Jonathan Leffler
    Suppose you were at liberty to decide how hashed passwords were to be stored in a DBMS. Are there obvious weaknesses in a scheme like this one? To create the hash value stored in the DBMS, take: A value that is unique to the DBMS server instance as part of the salt, And the username as a second part of the salt, And create the concatenation of the salt with the actual password, And hash the whole string using the SHA-256 algorithm, And store the result in the DBMS. This would mean that anyone wanting to come up with a collision should have to do the work separately for each user name and each DBMS server instance separately. I'd plan to keep the actual hash mechanism somewhat flexible to allow for the use of the new NIST standard hash algorithm (SHA-3) that is still being worked on. The 'value that is unique to the DBMS server instance' need not be secret - though it wouldn't be divulged casually. The intention is to ensure that if someone uses the same password in different DBMS server instances, the recorded hashes would be different. Likewise, the user name would not be secret - just the password proper. Would there be any advantage to having the password first and the user name and 'unique value' second, or any other permutation of the three sources of data? Or what about interleaving the strings? Do I need to add (and record) a random salt value (per password) as well as the information above? (Advantage: the user can re-use a password and still, probably, get a different hash recorded in the database. Disadvantage: the salt has to be recorded. I suspect the advantage considerably outweighs the disadvantage.) There are quite a lot of related SO questions - this list is unlikely to be comprehensive: Encrypting/Hashing plain text passwords in database Secure hash and salt for PHP passwords The necessity of hiding the salt for a hash Clients-side MD5 hash with time salt Simple password encryption Salt generation and Open Source software I think that the answers to these questions support my algorithm (though if you simply use a random salt, then the 'unique value per server' and username components are less important).

    Read the article

  • multiple ssh aliases is selecting wrong user when forwarding

    - by Chris Beck
    I'm following the dual identity procedure for bitbucket: I have 2 bitbucket accounts ccmcbeck and chrisbeck. The former is personal, the latter is work. On my local Mac, I have this in my ~/.ssh/config Host *.work.com User chris ForwardAgent yes IdentityFile ~/.ssh/work_dsa Host bitbucket-personal HostName bitbucket.org User ccmcbeck ForwardAgent no IdentityFile ~/.ssh/bitbucket_ccmcbeck_rsa Host bitbucket-work HostName bitbucket.org User chrisbeck ForwardAgent no IdentityFile ~/.ssh/bitbucket_chrisbeck_rsa On my local Mac I ssh -T all is good, I get: $ ssh -T git@bitbucket-personal logged in as ccmcbeck. $ ssh -T git@bitbucket-work logged in as chrisbeck. On my local Mac, the ssh version is OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011 When I ssh foo.work.com to my Linux box, I get: $ ssh-add -l 1024 ... /Users/chris/.ssh/work_dsa (DSA) 2048 ... /Users/chris/.ssh/bitbucket_ccmcbeck_rsa (RSA) 2048 ... /Users/chris/.ssh/bitbucket_chrisbeck_rsa (RSA) On foo.work.com, I also have this in my ~/.ssh/config Host bitbucket-personal HostName bitbucket.org User ccmcbeck ForwardAgent no IdentityFile ~/.ssh/bitbucket_ccmcbeck_rsa Host bitbucket-work HostName bitbucket.org User chrisbeck ForwardAgent no IdentityFile ~/.ssh/bitbucket_chrisbeck_rsa However, on foo.work.com when I ssh -T, it references the wrong User for git@bitbucket-work $ ssh -T git@bitbucket-personal logged in as ccmcbeck. $ ssh -T git@bitbucket-work logged in as ccmcbeck. On foo.work.com, the ssh version is OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 Why is my configuration causing foo.work.com to reference the wrong User?

    Read the article

  • Finding the groups of a user in WLS with OPSS

    - by user12587121
    How to find the group memberships for a user from a web application running in Weblogic server ?  This is useful for building up the profile of the user for security purposes for example. WLS as a container offers an identity store service which applications can access to query and manage identities known to the container.  This article for example shows how to recover the groups of the current user, but how can we find the same information for an arbitrary user ? It is the Oracle Platform for Securtiy Services (OPSS) that looks after the identity store in WLS and so it is in the OPSS APIs that we can find the way to recover this information. This is explained in the following documents.  Starting from the FMW 11.1.1.5 book list, with the Security Overview document we can see how WLS uses OPSS: Proceeding to the more detailed Application Security document, we find this list of useful references for security in FMW. We can follow on into the User/Role API javadoc. The Application Security document explains how to ensure that the identity store is configured appropriately to allow the OPSS APIs to work.  We must verify that the jps-config.xml file where the application  is deployed has it's identity store configured--look for the following elements in that file: <serviceProvider type="IDENTITY_STORE" name="idstore.ldap.provider" class="oracle.security.jps.internal.idstore.ldap.LdapIdentityStoreProvider">             <description>LDAP-based IdentityStore Provider</description>  </serviceProvider> <serviceInstance name="idstore.ldap" provider="idstore.ldap.provider">             <property name="idstore.config.provider" value="oracle.security.jps.wls.internal.idstore.WlsLdapIdStoreConfigProvider"/>             <property name="CONNECTION_POOL_CLASS" value="oracle.security.idm.providers.stdldap.JNDIPool"/></serviceInstance> <serviceInstanceRef ref="idstore.ldap"/> The document contains a code sample for using the identity store here. Once we have the identity store reference we can recover the user's group memberships using the RoleManager interface:             RoleManager roleManager = idStore.getRoleManager();            SearchResponse grantedRoles = null;            try{                System.out.println("Retrieving granted WLS roles for user " + userPrincipal.getName());                grantedRoles = roleManager.getGrantedRoles(userPrincipal, false);                while( grantedRoles.hasNext()){                      Identity id = grantedRoles.next();                      System.out.println("  disp name=" + id.getDisplayName() +                                  " Name=" + id.getName() +                                  " Principal=" + id.getPrincipal() +                                  "Unique Name=" + id.getUniqueName());                     // Here, we must use WLSGroupImpl() to build the Principal otherwise                     // OES does not recognize it.                      retSubject.getPrincipals().add(new WLSGroupImpl(id.getPrincipal().getName()));                 }            }catch(Exception ex) {                System.out.println("Error getting roles for user " + ex.getMessage());                ex.printStackTrace();            }        }catch(Exception ex) {            System.out.println("OESGateway: Got exception instantiating idstore reference");        } This small JDeveloper project has a simple servlet that executes a request for the user weblogic's roles on executing a get on the default URL.  The full code to recover a user's goups is in the getSubjectWithRoles() method in the project.

    Read the article

  • Windows 7 file sharing password protecting or making stuff available to just me

    - by Carbonara
    Even with the new Homegroup feature I'm still finding the way Windows deals with folder sharing utterly baffling. Here's what I want to do. I have two computers, a PC Desktop and a laptop. I also live in a shared flat with other computer users. I have set up a Homegroup and a Workgroup on the desktop and joined them on the laptop and in the home group I have shared video, music and pictures. This is so that anyone on the network can view pictures and listen to music etc. But I want my Documents folder from my desktop to only be available to me on my laptop and not to anyone else that may be on the network. The Homegroup only allows (from what I can gather from the baffling array of options) sharing with everyone or no one. Is it possible to only allow the laptop to access the documents folder on the desktop? The user name and password are the same on both computers.

    Read the article

  • Windows 7 locked out account

    - by Lukas
    I have a Win7 x64 computer. There was only one account (mine, created at installation, password protected, full administrative access with UAC enabled). To speed up the startup + login process I went to control userpasswords2 and unchecked that users need to enter password. By this operation my account has been changed to Guest type and an Administrator account has been created. This Administrator account has a small overlay icon with a downwards pointing arrow. My original password did not work; if I try leaving the password blank it says something like "Your account has been disabled. Contact your administrator." Contacting myself surprisingly did not help. As my account (which I am still able to access) is Guest, I have no rights to do anything. Is there a way to get my access back without reinstalling?

    Read the article

  • Password Manager that can sync a Blackberry and Mac OS X.

    - by pdhoven
    I use a Blackberry Bold and a Macbook Pro. I am looking for a solution to have a synchronized password manager between the two devices. All the commercial ones I have discovered won't work between a Blackberry and a Mac. The almost solution was KeePass. I like the application on the Blackberry but I could not get the sync working reliably to the Mac. As well, I had to run the PC application by using Mono on the Mac and it was pretty slow. I am happy to pay for a good solution.

    Read the article

  • What is a plain text password and why can it be decypted?

    - by Misha
    I was trying to understand the level of security offered by Windows picture passwords and ran across this claim on this website. Some of our password recovery utilities already implement Windows 8 plain-text password decryption. The upcoming release of Windows Password Recovery is expected to have a full-fledged Vault analyzer and offline decoder. I'm trying to understand what a plain text password is and if it is the default kind of password when I add a password to my account. My head is a bit muddled on this one so any clarification can help. It seems there are passwords that can be decrypted and those that can't. What can be decrypted? Is the password I enter in Windows exposed?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 58 59 60 61 62 63 64 65 66 67 68 69  | Next Page >