password-protection

firstly, I apologize if my question sounds little confusing, I will try my best to describe my scenario as detailed as possible: I have website where user can input their personal data about themselves. They are mainly health data, so it's very private and sensitive information. So I need to encrypt this data on the server even then the server is compromised these data are secured because they will be encrypted with each user's password. Of course, user passwords will not be stored as clear-type text on the server, only password hashes. But my problem is that the website will offer "social

I need to add certificate signing to my build. Below is a sample of the working script I wrote, however it includes the password to the .pfx file. I can't keep the password in the build script. What are "best practices" or hacks that you would use in this type of situation? <ItemGroup Label="SignFiles"> <SignFilesInclude="$(FileLocation)\**\*.exe"/> </ItemGroup> <Exec Command="$(SignTool) sign /v /ac C:\MSCV-VSClass3.cer /f C:\Certificate.pfx /p Password /t http://timestamp.verisign.com/scripts/timestamp.dll %(SignFiles.Identity)"/> After googling, I read in multiple places that once you run

Looking at Gmail's cookies it's easy to see what's stored in the "remember me" cookie. The username/one-time-access-token. It could be implemented differently in cases where the username is secret, as well. But whatever... the thing is not very high security: you steal the cookie and you're ready to go. My question is on the functional side, however: when do you wipe their access tokens? If a user logs in without clicking "remember me" on another machine, should it invalidate their access tokens on all machines ? I'm asking about how this is traditionally implemented, and also how it should be

I want to implement a salt into my login system but am a bit confused on how this is supposed to work. I can't understand the logic behind it. I understand md5 is a one-way algorithm and all of the functions that I have come across seem to hash everything together. If this is the case, how does one get the password back out for comparison? My biggest question is, how is salting a users' password safer than just hashing the password? If a database was ever to be compromised, the hash along with the salt is in the database. Isn't this all that a hacker would need? I also found another post here

In case one wants to protect VBA applications to make trial(demo) versions and not to expose the scripts, how secure the built in password protection is? Are there any alternatives? Edit: I'm asking about Excel VBA here. Your password security is going to depend largely upon the version of office used. All other Office solutions prior to 2007 can be cracked. Office 2007 requires brute forcing the password. The default encryption mechanism is 128 bit AES. This means the higher the complexity of the password, the harder to crack. IE - Numbers, special characters, mixing case, etc. It's not very

Ok. thats clear that one must store hashed password in the database but in case a user does not remembers the password and want to retrieve it back, then obviously the user wont like to have the hashed password. If the password is hashed with md5 or additional like salt and sha1 then how to retrieve back the password. There is but one simple answer: You cannot. Well, theoretically you could, but it could take many years per password if they are long enough. After all, that is the point of hashing passwords in the first place: to make the data effectively useless to an attacker (or at least