password-protection

问题 I had scanned my yii2 application few days before and noted that username and passwords from the login form is posting without any encryption. How can i make my username and password more secure?I know \yii\helpers\Security::encrypt($data, $secretKey) will encrypt the data and similiary we can decrypt it. But how to use it in a view like login form? This is my login form <?php $form = ActiveForm::begin(['id' => 'login-form']); ?> <?= $form->field($model, 'username') ?> <?= $form->field($model

问题 This question already has answers here : How to include third party Python libraries in Google App Engine? (6 answers) Closed 5 years ago . I have found a bcrypt library for python that seems to be very easy to use: bcrypt 1.0.1 After installing it and testing the hello world example in my local machine all seems fine: >>> import bcrypt >>> password = b"super secret password" >>> # Hash a password for the first time, with a certain number of rounds >>> hashed = bcrypt.hashpw(password, bcrypt

问题 I'm building a page with a custom template. The thing is, I need this page to be password protected, or at least accessible to logged in users, but even if I set it as such (Private/Password protected) in the New Pages section in WordPress Administration, it won't display the menu entry nor the content (if Private) or it would show the page contents immediately (if Password protected). I've read somewhere that the_content() function is what makes this work, but as you can guess, my custom

问题 I'm making a chrome extension that requires fetching an xml file from a secure server. I'm currently using XMLHttpRequest() to make a call to the server https://username:password@mydomain.com which returns an xml object that I can parse and display. I want this extension to be available for more than just my hobby use, so it needs an options page to set and store the username and password. How should I store the user password in chrome so that it is secure? chrome has a localStorage global

问题 I am working on a school-project (writing a website) and I ran into the problem of providing the password for the connection to our database. Because of our Open-Source license we have to publish the sourcecode but that would mean that everyone could connect to the database and see tha data. Currently our connection (a php file) looks like this: $host="************"; $password="************"; $this->conn = new mysqli($host, $user, $password, $dbname).mysqli_connect_error()); Now my question

问题 I am a beginner so if this question sounds stupid, please bear with me. I am wondering that when we write code for username/password check in python, if it is not compiled to exe ie script state , won't people will easily open the file and remove the code potion that is doing the password check? I am assuming that the whole program is entirely written in python , no C or C++ . Even if I use a program like py2exe it can be easily decompiled back to source code. So, does that mean it is useless

问题 I have a password being passed from my iPhone app to the database via a php script, user.php. The variable $pass is populated by the following: $pass = str_replace("'", "", $_REQUEST['pass']); How can I encrypt this before it's inserted into my database? I've read a little about the different techniques, but looking for the best way to manage this. Thanks to everyone. 回答1: While the answer below is technically still correct, php has new recommendations with regards to the hashing algorithms

问题 How is bcrypt stronger than, say, def md5lots(password, salt, rounds): if (rounds < 1) return password else newpass = md5(password + salt) return md5lots(newpass, salt, rounds-1) I get the feeling, given its hype, that more intelligent people than me have figured out that bcrypt is better than this. Could someone explain the difference in 'smart layman' terms? 回答1: There are three significant differences between bcrypt and hashing multiple times with MD5: The size of the output: 128-bit (16

问题 How is bcrypt stronger than, say, def md5lots(password, salt, rounds): if (rounds < 1) return password else newpass = md5(password + salt) return md5lots(newpass, salt, rounds-1) I get the feeling, given its hype, that more intelligent people than me have figured out that bcrypt is better than this. Could someone explain the difference in 'smart layman' terms? 回答1: There are three significant differences between bcrypt and hashing multiple times with MD5: The size of the output: 128-bit (16

问题 I have set up my db to log every failed login attempt. I thought I would multiply the number of failed attempts with 0.05 seconds or something. Something like: time_nanosleep(0, (50000000 * $failed_attempts ) ); More attempts a hacker uses to guess a password, more time does it take to check every time. After checking a 100 passords he must wait 5 sec between each try. Is this a good way to stop bruteforcing? I identify the users by IP. So I guess you can bruteforce the application by using