Search Results

Search found 12055 results on 483 pages for 'password complexity'.

Page 65/483 | < Previous Page | 61 62 63 64 65 66 67 68 69 70 71 72  | Next Page >

  • Agile web development with rails

    - by Steve
    Hi.. This code is from the agile web development with rails book.. I don't understand this part of the code... User is a model which has name,hashed_password,salt as its fields. But in the code they are mentioning about password and password confirmation, while there are no such fields in the model. Model has only hashed_password. I am sure mistake is with me. Please clear this for me :) User Model has name,hashed_password,salt. All the fields are strings require 'digest/sha1' class User < ActiveRecord::Base validates_presence_of :name validates_uniqueness_of :name attr_accessor :password_confirmation validates_confirmation_of :password validate :password_non_blank def self.authenticate(name, password) user = self.find_by_name(name) if user expected_password = encrypted_password(password, user.salt) if user.hashed_password != expected_password user = nil end end user end def password @password end def password=(pwd) @password = pwd return if pwd.blank? create_new_salt self.hashed_password = User.encrypted_password(self.password, self.salt) end private def password_non_blank errors.add(:password,"Missing password")if hashed_password.blank? end def create_new_salt self.salt = self.object_id.to_s + rand.to_s end def self.encrypted_password(password, salt) string_to_hash = password + "wibble" + salt Digest::SHA1.hexdigest(string_to_hash) end end

    Read the article

  • Is it possible to export saved passwords from Toad

    - by Joe Enos
    I'm looking for a way to export saved usernames/passwords from Toad for Oracle (9.5.0.31). It doesn't have to be in a usable format for importing - even a plaintext format would be fine. I believe the passwords are stored encrypted in CONNECTIONPWDS.INI, but from what I've read, that file doesn't transfer from one machine to another. There doesn't seem to be anything in the Quest site or the Yahoo groups about this, other than "That's a very good suggestion...". Has anyone had any luck accomplishing this? Or am I stuck with having to dig up the passwords for each of my accounts? Thanks

    Read the article

  • Where does Internet Explorer store saved passwords?

    - by Ian Boyd
    Where does Internet Explorer store saved passwords? And since this is a programming site, i'm not literally asking for the location where IE stores passwords, but which API ie uses to save passwords. At first i assumed that Microsoft was using the standard api: CredRead CredWrite which is used to save domain and generic program/web-site credentials. CredRead/CredWrite turn around and use CryptProtectData CryptUnprotectData to encrypt data with the current user's account. CredRead/CredWrite then store the data in some magical location, which contents you can see from the control panel: But i don't see IE passwords in there. So ie doesn't store passwords using CredRead/CredWrite. What api does IE use to store passwords, and if it uses CryptProtectData, where does it then store the protected data?

    Read the article

  • iPhone - Web Access Authentication

    - by Terry
    I am building a secure app for our exec's... here is my setup. It's a somewhat Macgyver approach, but bear with me :) There are only 10 users, I have a record of each uniqueIdentifier on my backend in a database table. (This is internal only for our users, so I don't believe I am breaking the public user registration rule mentioned in the API docs) Through adhoc distribution I install my app on all 10 devices My app is simply composed of a UIWebView. When the app starts it does a POST to our https site sending the uniqueIdentifier. (Thanks to this answer) The server page that recieves the POST, checks the uniqueIdentifier and if found sets a session cookie that automatically logs them into the site. This way the user doesn't have to enter in their credentials every time. So what do you think, is there a security hole with this? Thanks

    Read the article

  • How to transform phrases and words into MD5 hash?

    - by brilliant
    Can anyone, please, explain to me how to transform a phrase like "I want to buy some milk" into MD5? I read Wikipedia article on MD5, but the explanation given there is beyond my comprehension: "MD5 processes a variable-length message into a fixed-length output of 128 bits. The input message is broken up into chunks of 512-bit blocks (sixteen 32-bit little endian integers)" "sixteen 32-bit little endian integers" is already hard for me. I checked the article on little endians and didn't understand a bit. However, the examples of some phrases and their MD5 hashes are very nice: MD5("The quick brown fox jumps over the lazy dog") = 9e107d9d372bb6826bd81d3542a419d6 MD5("The quick brown fox jumps over the lazy dog.") = e4d909c290d0fb1ca068ffaddf22cbd0 Can anyone, please, explain to me how this MD5 algorithm works on some very simple example? And also, perhaps you know some software or a code that would transform phrases into their MD5. If yes, please, let me know.

    Read the article

  • Temp file that exists only in RAM?

    - by Auraomega
    I'm trying to write an encrpytion using the OTP method. In keeping with the security theories I need the plain text documents to be stored only in memory and never ever written to a physical drive. The tmpnam command appears to be what I need, but from what I can see it saves the file on the disk and not the RAM. Using C++ is there any (platform independent) method that allows a file to exist only in RAM? I would like to avoid using a RAM disk method if possible. Thanks Edit: Thanks, its more just a learning thing for me, I'm new to encryption and just working through different methods, I don't actually plan on using many of them (esspecially OTP due to doubling the original file size because of the "pad"). If I'm totally honest, I'm a Linux user so ditching Windows wouldn't be too bad, I'm looking into using RAM disks for now as FUSE seems a bit overkill for a "learning" thing.

    Read the article

  • secure from unauthorised access

    - by soclose
    Hi, Based on the user requirements, he wants to use our android application via pin code access like login whenever he starts to use this application. In Android or any mobile, most of the applications start again the last using layout. so which event should i call this login alertdialog to access each time users start to use it? Or let me know the better. Thank you.

    Read the article

  • HTTP authentication logout via PHP

    - by Josef Sábl
    What is the correct way to log out of HTTP authentication protected folder? There are workarounds that can achieve this, but they are potentially dangerous because they can be buggy or don't work in certain situations / browsers. That is why I am looking for correct and clean solution.

    Read the article

  • htpasswd, secure specific files in zend framework

    - by AKFourSeven
    Hi I have been bashing my head against the wall with this riddle and cannot find the way to solve this. I would like to secure couple of files to restrict access to certain pages but my attempts so far are unsuccessful. I do not want to use Zend Auth as it is a very small web site doing simple stuff. Here is a sample of what I have done: AuthUserFile /path/to/my/.htpasswd AuthName "Admin Restriction" AuthType Basic <Files file.phtml> require valid-user </Files> Is there any way to achieve this ?

    Read the article

  • Adobe Acrobat API - How to skip opening password protected PDFs?

    - by Ryan
    Hi all, I've been using Delphi and the Adobe Acrobat 9 API. I'm simply opening a PDF and printing it, followed by closing it without saving anything. I'm having an issue while opening some PDFs though. If the PDF is password protected the Open method displays Adobe's "Input password" prompt. My application is running in an automated fashion, and therefor cannot proceed beyond this password prompt until somebody clicks cancel. I've been looking for something that will either notify me that the file is password protected prior to opening it, or a parameter or something that will skip password protected files. I need my program to assume it cannot open any passworded PDF. Does anyone know enough about the Acrobat API to provide any assistance here? Thank you, Ryan

    Read the article

  • Flask Admin didn't show all fields

    - by twoface88
    I have model like this: class User(db.Model): __tablename__ = 'users' __table_args__ = {'mysql_engine' : 'InnoDB', 'mysql_charset' : 'utf8'} id = db.Column(db.Integer, primary_key=True) username = db.Column(db.String(80), unique=True) email = db.Column(db.String(120), unique=True) _password = db.Column('password', db.String(80)) def __init__(self, username = None, email = None, password = None): self.username = username self.email = email self._set_password(password) def _set_password(self, password): self._password = generate_password_hash(password) def _get_password(self): return self._password def check_password(self, password): return check_password_hash(self._password, password) password = db.synonym("_password", descriptor=property(_get_password, _set_password)) def __repr__(self): return '<User %r>' % self.username I have ModelView: class UserAdmin(sqlamodel.ModelView): searchable_columns = ('username', 'email') excluded_list_columns = ['password'] list_columns = ('username', 'email') form_columns = ('username', 'email', 'password') But no matter what i do, flask admin didn't show password field when i'm editing user info. Is there any way ? Even just to edit hash code. UPDATE: https://github.com/mrjoes/flask-admin/issues/78

    Read the article

  • Section of website to be protected by a login

    - by shane
    I have a section of my website where I will have forms. I only want people who have registered with the site to be able to use these forms so that I only have serious customers using them. So what i want to have is a way that people can register on the site and once registered the area with the forms will be available to them and I will know who has sent me a form etc.

    Read the article

  • iPhone / ios development - best way to check if password is secure enough?

    - by Pranoy C
    what is the best way to check the strength of a password in iOS development? I came across this post: What is the best way to check the strength of a password? but this is not iOS specific. My question is - Does Apple or third party libraries provide any libraries by default which I can use to check if the user entered a secure password? If not, then as the above post says, is using regular expressions the best way? Does Apple have any requirements which our app needs to implement to make sure user has a secure password? I am planning on using the keychain to store the password.

    Read the article

  • VPN - What is the complexity involved setting one up across less than a dozen machines?

    - by lucius
    Hello, I have never set up and configured a VPN. I was wondering what it takes to set one up across windows server 2008 servers. What is the complexity involved? How complicated is it to configure? Do I need to set up a Domain controller as a pre-requisite? I am asking because it appears SQL Server 2008 merge replication can only be set up over the internet using VPN and I am trying to gauge what I am up against. Thanks a lot.

    Read the article

  • Am I going the right way to make login system secure with this simple password salting?

    - by LoVeSmItH
    I have two fields in login table password salt And I have this little function to generate salt function random_salt($h_algo="sha512"){ $salt1=uniqid(rand(),TRUE); $salt2=date("YmdHis").microtime(true); if(function_exists('dechex')){ $salt2=dechex($salt2); } $salt3=$_SERVER['REMOTE_ADDR']; $salt=$salt1.$salt2.$salt3; if(function_exists('hash')){ $hash=(in_array($h_algo,hash_algos()))?$h_algo:"sha512"; $randomsalt=hash($hash,md5($salt)); //returns 128 character long hash if sha512 algorithm is used. }else{ $randomsalt=sha1(md5($salt)); //returns 40 characters long hash } return $randomsalt; } Now to create user password I have following $userinput=$_POST["password"] //don't bother about escaping, i have done it in my real project. $static_salt="THIS-3434-95456-IS-RANDOM-27883478274-SALT"; //some static hard to predict secret salt. $salt=random_salt(); //generates 128 character long hash. $password =sha1($salt.$userinput.$static_salt); $salt is saved in salt field of database and $password is saved in password field. My problem, In function random_salt(), I m having this FEELING that I'm just making things complicated while this may not generate secure salt as it should. Can someone throw me a light whether I m going in a right direction? P.S. I do have an idea about crypt functions and like such. Just want to know is my code okay? Thanks.

    Read the article

  • Password security; Is this safe?

    - by Camran
    I asked a question yesterday about password safety... I am new at security... I am using a mysql db, and need to store users passwords there. I have been told in answers that hashing and THEN saving the HASHED value of the password is the correct way of doing this. So basically I want to verify with you guys this is correct now. It is a classifieds website, and for each classified the user puts, he has to enter a password so that he/she can remove the classified using that password later on (when product is sold for example). In a file called "put_ad.php" I use the $_POST method to fetch the pass from a form. Then I hash it and put it into a mysql table. Then whenever the users wants to delete the ad, I check the entered password by hashing it and comparing the hashed value of the entered passw against the hashed value in the mysql db, right? BUT, what if I as an admin want to delete a classified, is there a method to "Unhash" the password easily? sha1 is used currently btw. some code is very much appreciated. Thanks

    Read the article

  • Data Source Security Part 2

    - by Steve Felts
    In Part 1, I introduced the default security behavior and listed the various options available to change that behavior.  One of the key topics to understand is the difference between directly using database user and password values versus mapping from WLS user and password to the associated database values.   The direct use of database credentials is relatively new to WLS, based on customer feedback.  Some of the trade-offs are covered in this article. Credential Mapping vs. Database Credentials Each WLS data source has a credential map that is a mechanism used to map a key, in this case a WLS user, to security credentials (user and password).  By default, when a user and password are specified when getting a connection, they are treated as credentials for a WLS user, validated, and are converted to a database user and password using a credential map associated with the data source.  If a matching entry is not found in the credential map for the data source, then the user and password associated with the data source definition are used.  Because of this defaulting mechanism, you should be careful what permissions are granted to the default user.  Alternatively, you can define an invalid default user to ensure that no one can accidentally get through (in this case, you would need to set the initial capacity for the pool to zero so that the pool is populated only by valid users). To create an entry in the credential map: 1) First create a WLS user.  In the administration console, go to Security realms, select your realm (e.g., myrealm), select Users, and select New.  2) Second, create the mapping.  In the administration console, go to Services, select Data sources, select your data source name, select Security, select Credentials, and select New.  See http://docs.oracle.com/cd/E24329_01/apirefs.1211/e24401/taskhelp/jdbc/jdbc_datasources/ConfigureCredentialMappingForADataSource.html for more information. The advantages of using the credential mapping are that: 1) You don’t hard-code the database user/password into a program or need to prompt for it in addition to the WLS user/password and 2) It provides a layer of abstraction between WLS security and database settings such that many WLS identities can be mapped to a smaller set of DB identities, thereby only requiring middle-tier configuration updates when WLS users are added/removed. You can cut down the number of users that have access to a data source to reduce the user maintenance overhead.  For example, suppose that a servlet has the one pre-defined, special WLS user/password for data source access, hard-wired in its code in a getConnection(user, password) call.  Every WebLogic user can reap the specific DBMS access coded into the servlet, but none has to have general access to the data source.  For instance, there may be a ‘Sales’ DBMS which needs to be protected from unauthorized eyes, but it contains some day-to-day data that everyone needs. The Sales data source is configured with restricted access and a servlet is built that hard-wires the specific data source access credentials in its connection request.  It uses that connection to deliver only the generally needed day-to-day information to any caller. The servlet cannot reveal any other data, and no WebLogic user can get any other access to the data source.  This is the approach that many large applications take and is the reasoning behind the default mapping behavior in WLS. The disadvantages of using the credential map are that: 1) It is difficult to manage (create, update, delete) with a large number of users; it is possible to use WLST scripts or a custom JMX client utility to manage credential map entries. 2) You can’t share a credential map between data sources so they must be duplicated. Some applications prefer not to use the credential map.  Instead, the credentials passed to getConnection(user, password) should be treated as database credentials and used to authenticate with the database for the connection, avoiding going through the credential map.  This is enabled by setting the “use-database-credentials” to true.  See http://docs.oracle.com/cd/E24329_01/apirefs.1211/e24401/taskhelp/jdbc/jdbc_datasources/ConfigureOracleParameters.html "Configure Oracle parameters" in Oracle WebLogic Server Administration Console Help. Use Database Credentials is not currently supported for Multi Data Source configurations.  When enabled, it turns off credential mapping on Generic and Active GridLink data sources for the following attributes: 1. identity-based-connection-pooling-enabled (this interaction is available by patch in 10.3.6.0). 2. oracle-proxy-session (this interaction is first available in 10.3.6.0). 3. set client identifier (this interaction is available by patch in 10.3.6.0).  Note that in the data source schema, the set client identifier feature is poorly named “credential-mapping-enabled”.  The documentation and the console refer to it as Set Client Identifier. To review the behavior of credential mapping and using database credentials: - If using the credential map, there needs to be a mapping for each WLS user to database user for those users that will have access to the database; otherwise the default user for the data source will be used.  If you always specify a user/password when getting a connection, you only need credential map entries for those specific users. - If using database credentials without specifying a user/password, the default user and password in the data source descriptor are always used.  If you specify a user/password when getting a connection, that user will be used for the credentials.  WLS users are not involved at all in the data source connection process.

    Read the article

  • Ruby: backslash all non-alphanumeric characters in a string

    - by HBlend
    I have a script where I need to take a user's password and then run a command line using it. I need to backslash all (could be more then one) non-alphanumeric characters in the password. I have tried several things at this point including the below but getting no where. This has to be easy, just missing it. Tried these and several others: password = password.gsub(/(\W)/, '\\1') password = password.gsub(/(\W)/, '\\\1') password = password.gsub(/(\W)/, '\\\\1')

    Read the article

  • Why doesn't the highlighted part of the JavaScript work?

    - by Dor Cohen
    Why isn't the 'confirm password and password the same' part working? Meaning, the part that uses the 'getElementById' to adress the password and confirmpassword. Every part works but that particular part. It doesn't show a red box around the text fields. Can anyone help me? <html> <head> </head> <script> function submitinfo() { var firstname = document.getElementById("firstname").value; var lastname = document.getElementById("lastname").value; var username = document.getElementById("username").value; var password = document.getElementById("password").value; var confirmpassword = document.getElementById("confirmpassword").value; var email = document.getElementById("email").value; if(firstname !== "" && document.getElementById("firstname").style.borderColor == "red")     {     document.getElementById("firstname").style.border = "none"     } if(lastname !== "" && document.getElementById("lastname").style.borderColor == "red") { document.getElementById("lastname").style.border = "none" } if(username !== "" && document.getElementById("username").style.borderColor == "red") { document.getElementById("username").style.border = "none" } if(password !== "" && document.getElementById("password").style.borderColor == "red") { document.getElementById("password").style.border = "none" } if(confirmpassword !== "" && document.getElementById("confirmpassword").style.borderColor == "red") { document.getElementById("confirmpassword").style.border = "none" } if(email !== "" && document.getElementById("email").style.borderColor == "red") { document.getElementById("email").style.border = "none" } if(firstname == "") { document.getElementById("firstname").style.borderColor = "red"; document.getElementById("firstname").style.borderStyle = "solid"; } if(lastname == "") { document.getElementById("lastname").style.borderColor = "red"; document.getElementById("lastname").style.borderStyle = "solid"; } if(username == "") { document.getElementById("username").style.borderColor = "red"; document.getElementById("username").style.borderStyle = "solid"; } if(password == "") { document.getElementById("password").style.borderColor = "red"; document.getElementById("password").style.borderStyle = "solid"; } if(confirmpassword == "") { document.getElementById("confirmpassword").style.borderColor = "red"; document.getElementById("confirmpassword").style.borderStyle = "solid"; } if(email == "") { document.getElementById("email").style.borderColor = "red"; document.getElementById("email").style.borderStyle = "solid"; } if(password !== "" && confirmpassword !== "" && document.getElementById("password").style.border == "none" && document.getElementById("confirmpassword").style.border == "none" && password !== confirmpassword) { document.getElementById("password").style.border = "red"; document.getElementById("confirmpassword").style.border = "red"; } if(firstname && lastname && username && password && confirmpassword && email !== "") { window.open() } } </script> <h><font size=4 color=3BCCBE><b>Full Name</b></font><h/> <br> <input type="text" id="firstname" size="15px" placeholder="First"> <input type="text" id="lastname" size="15px" placeholder="Last"> <br> <br> <br> <br> <h><font size=4 color=3BCCBE><b>Choose your username</b></font></h> <br> <input type="text" id="username" size="37px"> <br> <p><font size=3 color="grey">atleast 6 characters long</font></p> <br> <h><font size=4 color=3BCCBE><b>Create a password</b></font></h> <br> <input type="password" id="password" size="37px"> <br> <br> <br> <br> <h><font size=4 color=3BCCBE><b>Confirm your password</b></font><h/> <br> <input type="password" id="confirmpassword" size="37px"> <br> <br> <br> <br> <h><font size=4 color=3BCCBE><b>Email address</b></font><h/> <br> <input type="text" id="email" size="37px"> <br> <br> <br> <br> <input type="button" value="Submit" onclick="submitinfo()" style="height:50px; width:85px; font-size:22px;> <br> </body> </html>

    Read the article

  • Indian government department have more unsecure website then others.

    - by Anirudha
    Originally posted on: http://geekswithblogs.net/anirugu/archive/2013/10/26/indian-government-department-have-more-unsecure-website-then-others.aspxOne of my friend share his college experience with me. He is not related with computer science. One day he told me that Ankia Fadia come to their college. In front of many student he show how to hack BSNL website by tricks. he break the flow how BSNL site work. I have told them BSNL is one of the most unsecure website of India   If you logged-in to website maybe it’s run in few seconds but sometime it run in 58 minute. OK this is not grammar mistake 58 minute is less then 1 hour. This means open a tab and put the link to open. it will open in hours. If you are using IE8, Chrome and Firefox you will be forced to use IE7 or downgrade. I simply use Ie7 mode in IE for make it work. This happen because they use something that is called DynaTrace. This site is most unsecure. now guess how !   Suppose my username is xyz and password is abc. How I can reset the password I simply go to website and in their site when I do reset my password he told me to fill password and password will not worked here.you can use here password here to reset my password. Remember that username are different then broadband username and password. Suppose if I want to reset your password I simply need to know your broadband username and I can reset it myself. I just logged in with my username and when I open the page for reset password I can fill your bb username and password will work here. I have not tried this. the broadband username can easily guess. this is depend on same way how people’s broandband username made. IS this Safe ? Nope, There are many thing on the site which make me feel that is 1900 century website. They still lived in popup life.  These site are nothing but a crap. not work most of time and when work it’s run too slowly.

    Read the article

  • Public EC Meeting Today at 15:00; new WebEx password

    - by Heather VanCura
    Update:  Public EC Meeting is today at 15:00 PST; note new WebEx meeting password is 12345; login from https://jcp.webex.com. Audio remains the same: +1 (866) 682-4770 (US) Conference code: 627-9803 Security code: 52732 ("JCPEC" on your phone handset) For global access numbers see http://www.intercall.com/oracle/access_numbers.htm Or +1 (408) 774-4073

    Read the article

< Previous Page | 61 62 63 64 65 66 67 68 69 70 71 72  | Next Page >