Menu
  • HOME
  • TAGS

What about password_hash() in PHP

php,hash,password-protection

Because if you don't create your own salt, It will create a secure salt automatically for you. From the documentation : Caution It is strongly recommended that you do not generate your own salt for this function. It will create a secure salt automatically for you if you do not...

Implement pattern lock in windows phone or simple password authentication

c#,windows-phone-7,windows-phone-8,pattern-matching,password-protection

You can use isolated storage application settings, which are per-application settings Variable. Their scope is determined by the full path of the application .xap file. For example, you can store application settings, such as number of images to display per page, page layout customization settings, and so on. You can...

Work with plain text password before salting and hashing (symfony 2)

symfony2,hash,password-protection,password-encryption

Current password hash functions will not just add the salt before hashing, instead they do a lot of iterations and use the salt in each iteration. So you cannot just do it the other way round. Actually what you have in mind is to generate a key out of the...

Bypass non-secure password

batch-file,password-protection

I cannot see how this answer could do any harm, because if you know the batch source code, then you would probably know how to start the program anyway. So let's try and enter: EXIST blabla.txt This should throw an error, but the batch continues and therefore you bypass the...

How to pre-fill user field on protected directory

.htaccess,password-protection

You don't need username and password for HTTP basic auth, you can generate an .htpasswd file with a blank username so when the login window opens, people only need to enter a password and can leave the username field blank. Or you can handle the HTTP basic auth yourself, without...

Securing Access database

password-protection,ms-access-2013

Ok so I had to do 4 things: Encrypt the back-end. This makes it so they need a password to open the back-end file. But they can still access the tables and stuff from the front-end! The next steps are to prevent that. In the front-end, uncheck: Display Navigation Pane,...

Programmatically remove known password from zip file

c#,.net,zip,password-protection,dotnetzip

From DotNetZip Library - how to remove a zip password?: The password in a zipfile is used to encrypt the entry data. As a result, "removing a password" involves decrypting the entry data, and then rewriting the unencyrpted entry data back into a zip file. There is no other way...

Ghostscript does not honor PDF security permissions

pdf,ghostscript,password-protection

"How to genuinely protect the content from PDF from users when serving them in web pages?" You cannot....

Check the document password protected or not

java,detection,password-protection,tika

No, there is no way to check in advance. This is because Tika won't know the file is password protected until it gets a fair way through processing it If you know the password for a file, you should use logic something like: ParseContext context = new ParseContext(); context.set(PasswordProvider.class, new...

Plain-text password and “remember me”, node.js and js client

node.js,security,passport.js,password-protection

explain those concepts with node.js and passport.js Those concepts are not dependent on a specific runtime or framework, so it makes sense that materials on the web don't refer to node.js and passport.js ... the salt thing Salt is a string that makes it harder to crack passwords. You...

jQuery Prompt for Password doesn't want to display

jquery,html,css,password-protection,password-prompt

tl;dr You got some errors in your code. Go to straight to working demo. .display(none) is invalid $(document).display(none); This is invalid since none is not a defined variable, either remove it or use an alternative: $(document).css('display', 'none'); or $(document.body).hide(); You need to prompt the user var password = ("You have...

Password Protect app installation

android,password-protection

depends on your way of distribution: for example downloading the app of your repository: you can put you app in a rar with password, or you can put a dynamic download link that build this once you have entered the password. Others solutions: http://stackoverflow.com/a/8818011/4535278

Exchange 2007 account

password-protection,exchange-server-2007

The following steps that you need. To get started in the shell, go to: Start > All Programs > Microsoft Exchange Server 2007 > Exchange Management Shell This opens a window that looks a lot like a normal command window but, instead of using the old cmd.exe in the background,...

MD5 password hash with user lockout on failed login attempts

security,hash,cryptography,passwords,password-protection

Your assumption is correct. Account lockout is more about mitigating educated guessing or brute force over the internet. It also helps prevent someone from DoSing your server if your hashing algorithm is very expensive. The weakness of MD5 comes from when you want to break the hash locally. When it...

How to calculate password strength?

math,passwords,password-protection

It's all a question of entropy. How many different symbols are there to test ? Traditionally, passwords are a string of characters. Symbols are then characters. If you use lower case letters only a-z is a range of 26 possible letters. With upper case and numbers, you get 62 symbols....

How to unprotect an Excel workbook

excel,vba,excel-vba,password-protection

If it's the password to open the file, you want: Thisworkbook.Password = "" then save it. Wb.Unprotect would remove the password that protects the workbook structure/windows....

Hashing Password in ASP.NET and Resolving it In SQL Procedure

asp.net,vb.net,stored-procedures,hash,password-protection

A very simple aproach is to use a MD5 hash. public class MD5 { public static string Hash(string message) { // step 1, calculate MD5 hash from input System.Security.Cryptography.MD5 md5 = System.Security.Cryptography.MD5.Create(); byte[] inputBytes = System.Text.Encoding.ASCII.GetBytes(message); byte[] hash = md5.ComputeHash(inputBytes); // step 2, convert byte array to hex string StringBuilder...

Javascript Password Protected area.. must be better way

javascript,password-protection

You can have your passwords in array and then use indexOf method of array. It returns index of the element in array or -1 if not present. ... var passwords = ["pass1", "pass2"]; if (passwords.indexOf(this.document.login.pass.value) !== -1) { ... However comparing passwords in JavaScript is not a safe way to...

How do you create a password protected registration form that checks the password against a database table before submit?

php,mysql,forms,password-protection

HTML <input type="text" name="promo" required> PHP <?php $promo_codes = ['code1', 'code2']; if(in_array($_POST['promo'], $promo_codes) { //in array, continue } else { //not in array, exit gracefully } Basically create a form entry for the promo code in the html and something like the above to validate the promo codes. ...

Protect source code files in team

security,version-control,source,password-protection,team

Use a revision control package (https://en.wikipedia.org/wiki/Revision_control). If you don't like the the changes made by the team you can roll them back individually or as a group. If you don't trust your team or have no confidence in their abilities, get a new team :)...

.htaccess authentication 500 error

.htaccess,password-protection,internal-server-error

Test this : <FilesMatch "staff.php"> Require valid-user Order deny,allow Deny from all AuthUserFile /home/tedctcou/.pswrd AuthType Basic AuthName "Information for committee and board members. Please enter your login details to access this information." Allow from 216.70.112.113 Satisfy Any </FilesMatch> Move your .pswrd !!...

Password verify using PDO returns nothing

php,pdo,login,password-protection

There is a space between the colon and "username" 'username = : username' ^ There should not be any spaces and to read as :username A few lines below you are using: array( ':username'=>$username ) ...

Provide 4-pin password protection to android app

android,password-protection

You just need two screens, One for setting the password, the other which opens everytime user opens the app In the first screen, use four edittexts horizontally with custom background, that will make them rectangular in shape (one example is this), set the input type "numberPassword", this will open the...

Spring | How to encode login password before sending to server

spring,spring-security,password-protection

Below is the solution I have applied for above issue. <script type="text/javascript" src="<%=request.getContextPath()%>/tp/web/console/include/js/security/sha256.js"></script> <script type="text/javascript" src="<%=request.getContextPath()%>/tp/web/console/include/js/security/base64.js"></script> <script type="text/javascript" src="<%=request.getContextPath()%>/tp/web/console/include/js/security/crypto.js"></script> <script type="text/javascript"> function...

Get string from a web server's protected folder

objective-c,.htaccess,password-protection

You can use Url like this one: http://user:[email protected]/folder/file I do not think this is the most secure method, but it is the fastest. Work from browser. I never try from stringFromContentsOfUrl...

How can I make a control on a referenced form accessible? [duplicate]

c#,winforms,login,password-protection,login-control

Don't make the control public. Instead expose a property as part of the login form: public string UserName {get {return textBoxUserName.Text;}} ...

ASP.NET MVC Identity login without password

c#,asp.net-mvc,password-protection

You just need to use the usermanager to find the user by name. If you have a record then just sign them in. public ActionResult StupidCompanyLogin() { return View(); } [HttpPost] //[ValidateAntiForgeryToken] - Whats the point? F**k security public async Task<ActionResult> StupidCompanyLogin(string name) { var user = await UserManager.FindByNameAsync(name); if...

Is it possible to write a file or set a setting that can not be deleted by a user in Android?

android,broadcastreceiver,password-protection,android-file,appsettings

For ordinary users, put the file on internal storage (e.g., getFilesDir()). They have no access to those files. For users of rooted devices, there is no way to prevent them from deleting a file....

What's wrong in this SHA-256 Javascript code?

javascript,hash,passwords,password-protection,sha

From the docs: The hash you get back isn't a string yet. It's a WordArray object. When you use a WordArray object in a string context, it's automatically converted to a hex string. When you compare objects in JavaScript you are testing to see if they are the same object,...

Alternative ways to authenticate

passwords,password-protection

yes, do a two factor authentication without the first factor. So when people register for your application, have them chose email, or sms, or both, as a verification method. Verify their identity by sending an email (or sms) with a code they have to enter. Once you verify their ownership...

Cake PHP Simple Password Hasher()

cakephp,hash,password-protection

Do you really want the password to be on the form for the user to edit? You might want to just clear the password fields so your users can edit and save the rest of profile without bothering with the password. If they post the form, and the password field...

Where is the salt stored for password_hash?

php,password-protection

Let's learn by example from what everyone else is telling you: $options = [ 'cost' => 11, 'salt' => 'abcdefghijklmnopqrstuv', ]; echo password_hash("rasmuslerdorf", PASSWORD_DEFAULT, $options)."\n"; Output: $2y$11$abcdefghijklmnopqrstuu7aZVUzfW85EB4mHER81Oudv/rT.rmWm The bolded parts are your cost and salt, respectively embedded in the resulting hash. You can spit this back into password_verify and it...

pdf protection with user and password

php,pdf,password-protection,copy-protection

You can't achieve what you want with PDF. There are two ways to encrypt a PDF document: Using passwords. You can define two passwords: a user password and an owner password. A document that is encrypted with an owner password can be opened by every one who receives the document....

Key stretching algorithms vs throttling for password “hashing”

security,hash,password-protection

When you use key-stretching, then you prepare for the case that an attacker has stolen the hashes from your database. The attacker can then start an offline attack and brute-force with the full speed of his GPU/CPU to crack the passwords. Only the absolute necessary code to calculate the hash...

Password_hash() need of pre-hashing before submit?

javascript,php,password-protection,password-encryption,password-hash

Your concerns about hijacking the password between controllers are superfluous : For an attacker to hijack the password while it's passed between different controllers it would mean the attacker has to be able to read the memory of the PHP process, which would require root privileges. If the attacker has...

How risky is it to use email for custom sign in?

security,passwords,password-protection

Using email + password as credentials is the widely accepted method of allowing users to log into sites on the web. The advantage of using email is that everyone remembers their email address, whereas people will have difficulty in remembering which username or user ID they first signed up with...

How do I properly use password_verify with PDO and a salt?

php,mysql,password-protection

To verify a password you have to retrieve it. Means you have to select it, not use in a condition. Once selected, it can be easily verified. Sounds logically? For the salt you don't need to worry at all - it s already stored....

Strategies for safely storing and using user credentials testing environments

security,authentication,automated-tests,protractor,password-protection

I'm not sure what you mean when you say 'Strategies for safely storing and using user credentials testing environments'. You state that your tests need to be run with different sets of credentials. If your test is able to get to the credentials in clear text, so is any other...

give 30s delay when password not match [closed]

android,security,password-protection

Create a private variable called passwordfailedcount in your private variables. int passwordfailedcount = 0; Also create one for your password failed limit... int passwordfailedlimit = 5; We should also declare a handler to (this will hadle the 30 second delay) this should be a private variable too... Handler mHandler =...