password-protection

I have a question about password protecting an Excel file. The situation is that, I have a zip file, that has an Excel file in it. I need to write a Java program, to password protect the Excel file. Hence, the user should be able to unzip the file (the zip file need not be password protected). But, the Excel needs to be password-protected. When the user tries to unzip the file, he should be able to do so. And when he tries to open the Excel file (which is inside the unzipped folder), it must ask for a password. The question is similar to Protect excel file with java , with the added complexity

How can I password protect my website during development with htaccess in Cakephp? which htaccess file do I have to change? what do I have to write in the htaccess where do I put the .htpasswd? I searched google for that but couldn't find anything useful, I hope you could help me! Thanks Till that helped me solve the problem! For CakePHP-Users: - Modify the .htaccess in /app/webroot/ - add something like that at the beginning of the .htaccess-file: AuthName "Restricted Area" AuthType Basic AuthUserFile /complete/path/to/.htpasswd AuthGroupFile /dev/null require valid-user Now create the

I would like to know the algorithm or technique used by this command (mvn --encrypt-master-password ). Each time I run it produces a different output. I'm assuming that it takes system time as a seed parameter. The encryption mechanism is not in the maven codebase per se. It is located on a library called plexus-cipher . It is always on the maven distribution. Mine is on lib/plexus-cipher-1.7.jar being 3.0.5 the maven version. The actual cipher is AES/CBC/PKCS5Padding . The key for the cipher and IV for the block chaining are derived iterating SHA-256 -ing over the provided password (encoded

What is the most secure way to handle forgotten passwords/password resets? Should I email the password to the user? If so do you then force them to reset it? Or do you let them reset it immediately (without sending an email) and require some other information to verify that it is them? Or is there a better method? You can't email the password to the user, because you don't know it. You've "hashed" it by applying something like PBKDF2 or bcrypt to it for storage, right? If you reset the password without confirming it with the owner of the account, an attacker can deny the owner access to his

I have found the following two commands to respecively create and open password protected zip files. I was however wondering if it's possible to do this in pure PHP echo system('zip -P password file.zip file.txt'); echo shell_exec('unzip -P password file.zip'); Aurelio De Rosa You can create simple file zip using some libraries (as PclZip ) but you can't create zip with the password. It was not possible do do below PHP5.6.0 . But in a new PHP5.6.x version developers added this functionality . So no need for a scary system or shell_exec (which can lead to security vulnerability). So right now

I want to protect my newly deployed Rails 3 app with the basic http authentication. It's running on the latest Nginx/Passenger and I'm using the following Nginx directive to protect the web root directory: location = / { auth_basic "Restricted"; auth_basic_user_file htpasswd; } htpasswd file was generated using Apache htpasswd utililty. However, after entering correct username and password I'm getting transferred to the 403 Forbidden error page. Analyzing Nginx error log revealed this: directory index of "/var/www/mysite/public/" is forbidden, client: 108.14.212.10, server: mysite.com, request

I've put together a simple Excel database that performs a few macro functions and I need to distribute this database to a few people - but they cannot see how the macro function actually works (stupid rules I have to follow!). What is the best way to achieve this? I've done a bit of research and I found two ways: Password protect the VBA project ; but this is apparently very easy to break using readily available tools online (it would be in the best interest to the people I'm sending this to find out how the macros and functions work; so I'm almost 100% sure they will try to get into it..