password-storage

问题 We store all our application and db passwords in plain text in source control. We do this as our build/deploy process generates required configuration files and also does actual deploys that require these passwords (ie: running sql against a database requires you logon to the db using valid credentials). Has anyone had a similar need where you were able to implement this type of functionality while not storing the passwords in plain text? 回答1: If your plan is to store all the code and

问题 I would like to know if one should implement AccountManager to save user credentials such as username, email, passwords etc. I can't find a good reason to use it myself. I don't want other applications to have access to the Accounts and I don't really want them showing in the "Accounts and Sync" settings (although maybe that's not a big deal). So my question is: should I use it? Pros/cons? Can I hide the Accounts from other apps and stop them from appearing in "Accounts and Sync"? 回答1: This

问题 What would be the recommended way for storing passwords in a Java desktop application? I want the user to have the ability to enter the credencials only once and not be prompted again. On personal projects I've been using the Preferences API, but I'm assuming this is no different than storing it in plain text (security wise). Many thanks EDIT: Many thanks for your suggestions. There seems to be some confusion, no doubt because I might have not made the question very clear... I'll give an

问题 Probably a very newbie question but, Ive been reading around and have found some difficulty in understanding the creation and storage of passwords. From what i\'ve read md5/hash passwords are the best ways to store them in a database. However, how would I go about creating those passwords in the first place? So say I have a login page with user bob, and password bob123 - how will I 1. get bobs password into the database to begin with (hashed) 2. how do I retrive and confirm the hashed

问题 As I continue to build more and more websites and web applications I am often asked to store user\'s passwords in a way that they can be retrieved if/when the user has an issue (either to email a forgotten password link, walk them through over the phone, etc.) When I can I fight bitterly against this practice and I do a lot of ‘extra’ programming to make password resets and administrative assistance possible without storing their actual password. When I can’t fight it (or can’t win) then I