password-protection

问题 I am creating a log in system with database and wanted to ask about hashing passwords. I currently use the function password_hash() in PHP and in addition I add a custom random string of 20 characters. Looks something like this: $salt = generateRandomString(); $hashedPwd = password_hash($pwd + $salt, PASSWORD_DEFAULT); And the function: function generateRandomString($length = 20) { $characters='0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!@#$%^&*()_+{}|[]/?~`';

问题 This question already has answers here : Script to open encrypted excel file, that has a dynamic filename ending in “mmddyyyy” (2 answers) Closed 2 years ago . I'm trying to open a password protected excel sheet in powershell and output a report on how many rows are in the sheet. the script works absolutely fine if the sheet isn't password protected but I can't seem to get powershell to open it if there is a password set. my current script is $Report = "S:\Business Support\excel tests\MI Tool

问题 I'm trying to save my hashed password in my database, but It keeps saving my plaintext password Models: class StudentRegistration(models.Model): email = models.EmailField(max_length=50) first_name = models.CharField(max_length=20) last_name = models.CharField(max_length=20) password = models.CharField(max_length=100, default="", null=False) prom_code = models.CharField(max_length=8, default="", null=False) gender = ( ("M","Male"), ("F","Female"), ) gender = models.CharField(max_length=1,

问题 I have a simple site with a sign-up form. Currently the user can complement their registration with (non-critical, "low security") information not available at the time of the sign-up, through a personal (secret) URL. I.e., once they click submit, they get a message like: Thanks for signing up. You can complement your registration by adding information through this personal URL: http://www.example.com/extra_info/cwm8iue2gi Now, my client asks me to extend the application to allow users to

问题 I'm working on a system that interacts with many external system API:s. Most of them require authentication of some sort. For the sake of usability there is an "application wide reachable" AppConfig that stores configuration info, as well as credentials for the external systems. My question is if it is a bad idea to store usernames and passwords (in cleartext) to the external systems in the application configuration file. If so, how do you avoid it? In order to access the configuration file

问题 I am new to perl script, The below code is downloading the files from sftp server. #!/usr/bin/perl use strict; use warnings; use Net::SFTP::Foreign; my $sftp = Net::SFTP::Foreign->new( 'auser@sftp.rent.com', password => 'auser123', more => ['-v'] ); $sftp->get('outgoing/DATA.ZIP', '/home/sar/') or die "unable to retrieve copy: ".$sftp->error; $sftp->disconnect; Here i have hard codded the password, I want to avoid password in the script, Is there any other method to read the password from the

问题 I'm running a web service on Django. Users register to my system and provide me login details (username and password) for a 3rd party web service). My purpose is to store this details in the best and safest way. Unfortunately my service needs this data for some offline scripts that query the 3rd party service, so I cannot store the login/password encrypted with user password (and use it to a key do decipher them. I read lots of articles on stackoverflow, but most of them (like: What is the

问题 I'm intested in building some kind of password-less login between a mobile app and an API (assuming I can control both). The motivation is that having to login is very annoying for users and has security risks (eg. users will reuse existing passwords) and I want the users to be able to get started with the app immediately. I'm wondering if there are some techniques that could work. For instance: Generate and random login/password on the mobile device and store the password in the keychain.

问题 I'm using coldfusion and I would like to generate a random salt field for my passwords. I was wondering if a CreateUUID() function is useful here. I found many examples which use a seperate function to create the salt string; but why do this when you could use rand() or CreateUUID() functions instead? I'm not sure. Is it an overkill or a good idea? Or should I use rand() or a timestamp instead? 回答1: This is not a good idea - CreateUUID guarantees uniqueness , not randomness ; if you did a

问题 I would like to give some kind of protection to my files either stored in SDCard or in application sandbox. Currently I am using Cipher to encrypt or decrypt any file. Problem with using Cipher is time. It takes lots of time if file is large. Like currently I am encrypting a video file which takes more than 4 minutes to decrypt. I want to know that Can we apply some kind of password protection to file without encrypting ? If anyone knows how can we do that, please let me know. 回答1: Short