password-protection

问题 I am creating an application and I need to connect to a database. The database requires login/password so the application can do operations like select and insert. In the application I need to connect to the database using login and password, so the application is free to do some tasks on the database. My question is: how do I store and use a password to connect to the database without exposing the password? I can't simply use a hash or encryption to store the password because the database

问题 I am new to java and trying to write an program which will unzip all the password protected zip files in an directory, I am able to unzip all the normal zip files (Without password) but I am not sure how to unzip password protected files. Note: All zip files have same password import java.io.OutputStream; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.PathMatcher; import java.nio.file.Paths; import java.util.List; import java.util.stream.Stream; import java.util

问题 I'm developing a web service where users must login. I will store user data in an SQL database and input/output via PHP. But I don't want to store it openly. How do I encrypt the passwords in PHP so only those who knows the password can unlock it? I know services like phpBB uses some sort of hiding/encryption on stored passwords. 回答1: The easiest way to get your password storage scheme secure is by using a standard library . Because security tends to be a lot more complicated and with more

问题 I'm developing a web service where users must login. I will store user data in an SQL database and input/output via PHP. But I don't want to store it openly. How do I encrypt the passwords in PHP so only those who knows the password can unlock it? I know services like phpBB uses some sort of hiding/encryption on stored passwords. 回答1: The easiest way to get your password storage scheme secure is by using a standard library . Because security tends to be a lot more complicated and with more

问题 I believe hash('sha256', $pw) is FIPS compliant, but I know for certain that an attack vector is possible with using that function. Also, there is no salt (so I would have to encounter that implementation and I would rather not). Is password_hash / password_verify FIPS compliant? 回答1: No. FIPS 140-2 does not certify password hashing algorithms. As such, password_hash cannot be FIPS compliant, because FIPS simply doesn't apply to it. To the best of my knowledge, the hash implementations used

问题 I need to create a ZIP file in node.js, protected by a password. I am using "node-zip" module, that unfortunately doesn't support password protection: var zip = new require('node-zip')(); zip.file('test.file', 'hello there'); var data = zip.generate({base64:false,compression:'DEFLATE'}); Looking other node modules to create ZIP files, I haven't found any that support password protection. 回答1: If you work on linux then you can do it with the help of zip (command line utility in most linux

问题 A salt makes every users password hash unique, and adding a salt to a password before hashing to protect against a dictionary attack. But how? 回答1: The tool you almost certainly want is called PBKDF2 (Password-Based Key Derivation Function 2). It's widely available, either under the name "pbkdf2" or "RFC 2898". PBKDF2 provides both salting (making two otherwise identical passwords different) and stretching (making it expensive to guess passwords). Whatever system you are developing for

问题 I have a wpf application and I am following the mvvm pattern carefully for reasons beyond my control. I do not want to databind to my PasswordBox for security reasons beyond my control. How do I clear the contents of the password box when the login fails? I would prefer a way to do so in xaml. 回答1: You can create your attached DependencyProperty and use it as a XAML or in code. Example: Listing of PasswordBehaviors : public static class PasswordBehaviors { public static void SetIsClear

问题 I have a simple bokeh server application and I want to expose it on a Linux-based Azure node. The server is there up and running. My question is: how to protect the content by username and password? I do not need necessarily authentication of users. My ideas so far (not tried, may not work) To create an extra bokeh server page with a text field. On the callback for a button, to add the test if the password fits. If it does, to redirect to the original server page. Otherwise, inform the user

问题 I have a simple bokeh server application and I want to expose it on a Linux-based Azure node. The server is there up and running. My question is: how to protect the content by username and password? I do not need necessarily authentication of users. My ideas so far (not tried, may not work) To create an extra bokeh server page with a text field. On the callback for a button, to add the test if the password fits. If it does, to redirect to the original server page. Otherwise, inform the user