password-protection

What strategy do you use to avoid storing passwords in version control? Currently, I have development/test/production passwords saved in three different files and the appropriate file gets used during deployment. All this is committed to version control, but I'm not too happy with that since not all developers need to know those passwords (especially outsourced ones, which have access only while their projects last, which could be only a month). Storing passwords in database is not a great option: I need most of the data during the initialization of Spring context (Java app), and I don't want

I started reading Google Chrome's documentation, and liked it's approach of using HTML and Javascript to create extensions. Reading this tutorial about Local Storage made me think about a lot of different uses. I want to develop an extension to help me with corporate systems. It's very specific, and it's only going to be used inside a company. This extension would do some activities to this corporate system, using javascript DOM, with just one click on Google's Chrome toolbar. To work with just one click, the extension needs to store a password in Chrome: so if you restart your system, you don

This issue has been bugging me for a while, and I hope someone has insight as to the cause of this. Essentially, I have a small percentage of users who are unable to save/update items to the keychain. The problematic flow of control is as follows: We check for the existence of the item using SecItemCopyMatching . This returns the error code errSecItemNotFound We then try to add the item via SecItemAdd , but this then returns errSecDuplicateItem . Because of this, we have some users who are unable to update a subset of keychain items at all, requiring them to restore their device to clear the

I am having a personal portfolio website and i have a some pdf files like <a href="file.pdf">Some file</a> I dont want everyone to download the file, and i want it to protect it with password,so that i can share it with only the people i know where only the person who gives the correct password is able to download my file Note: 1. since its a personal portfolio website it do not have any "LOGIN's" 2. I have designed the webpage with HTML as a responsive code Your suggestions please, any way of doing it without .htaccess ?? rws907 Use MySQL or MySQLite - depending on your preference - and store

I am using Code Igniter for my current project. As of now, I am using MD5 for password hashing, but I have read at a lot of places, that it is not a good practice to do so. What should I go with? Using a salt Or should I use bcrypt Also, if bcrypt is recommended, then how to use it with Code Igniter? EDIT I have put these files in application/libraries PasswordHash.php c/Makefile c/crypt_private.c In my controller, I am using this code - $params = array( 'phpass_hash_strength' => 8, 'phpass_hash_portable' => FALSE ); $this->load->library('PasswordHash', $params); $password = $this-

I have been given the assignment of modifying an ASP.NET MVC application in such a way that surfing to myurl?username=xxxxxx would automaticly log in user xxxxxx, without asking for passwords. I already made it very clear that this is a terrible idea for many security related reasons and scenarios, but the people in charge are determined. The site would not be publicly available. So: is there any way of signing in without password by for example extending the Microsoft.AspNet.Identity.UserManager and modifying the AccountController? Some code: var user = await _userManager.FindAsync(model

I'm trying to protect a local database that contains sensitive info (similar to this question , only for delphi 2010 ) I'm using DISQLite component , which does support AES encryption, but I still need to protect this password I use to decrypt & read the database. My initial idea was to generate a random password, store it using something like DPAPI ( CryptProtectData and CryptUnprotectData functions found in Crypt32.dll), but I couldn't find any example on that for Delphi My question is: how can I safely store a randomly generated password? Or, assuming the DPAPI road is secure, how can I

In a RESTful API that uses S3-style authentication, the API client signs the request with his secret key using HMAC-SHA1, so the secret key is never transmitted over the wire. The server then authenticates the client by using that client's secret key to repeat the signature process itself and compare the result to the signature transmitted by the client. This is all nice and good but it means the the server requires access to the plaintext of the client's shared secret. That flies in the face of all the advice out there against storing user passwords in the clear inside your database. Storing