password-protection

I was looking for an effective algorithm that can give me an accurate idea of how strong a password is. I found that several different websites use several different algorithms as I get different password strength ratings on different websites. This has grown to my general brain dump of best practices for working with passwords in PHP/MySQL. The ideas presented here are generally not my own, but the best of what I've found to date. Ensure you are using SSL for all operations involving user information. All pages that involve these forms should check they are being called via HTTPS, and refuse

I have a password in my code which is needed to connect to a sftp server. Whats the best way to "obfuscate" or hide it in the code? Thanks Don't store you password in your source code, store it in a protected section within you App.Config (or Web.Config). See Encrypting Configuration File Sections Using Protected Configuration section in this Microsoft Doc This works by encrypting the encryption keys using built-in Windows stuff, locked to the Mac address and various other undocumented things. This will even work if you are using more than one server: ... if you are planning to use the same

The very basic issue all developers face: Whenever user submits the form, the password is sent via network and it must be protected. The site I develop for doesn't have HTTPS. Neither does the owner want to buy a SSL certificate, nor is he interested in a self-signed one. So I want to protect the password sent via HTTP using Javascript when submitting form. To eager downvoters: How to send password securely over HTTP? DOES NOT give any sensible solution and I am in another situation. If I use MD5, one can reverse that password string. What about nonce/HMAC? Any available Javascript library for

I have a page I want to password-protect. I've tried doing HTTP authentication, but for some reason it doesn't work on my hosting. Any other quick (and easy) way to do this? Thanks! JacobN Not exactly the most robust password protection here, so please don't use this to protect credit card numbers or something very important. Simply drop all of the following code into a file called (secure.php), change the user and pass from "admin" to whatever you want. Then right under those lines where it says include("secure.html"), simply replace that with the filename you want them to be able to see.

I am using php 5.4 with this backwards compatibility script: https://github.com/ircmaxell/password_compat/blob/master/lib/password.php that shouldn't matter though, because I can get the hashing and verification process working in my registration function: $hash = password_hash($pass, PASSWORD_DEFAULT); echo $pass; echo $hash; if( password_verify($pass,$hash) ) echo 'success'; else echo 'failure'; //success is always shown //EXAMPLE INPUT $pass = 'password'; //EXAMPLE OUTPUT password$2y$10$JK1jumvvSIm/gP3fWE3k9O98MzvHKDRYCjRPBniYg9riACyQw7WYSsuccess but whenever I try to store the hash in a