passwords

A sensible PasswordStrengthRegularExpression

試著忘記壹切 提交于 2019-12-03 05:12:02
问题 We're using the standard ASP.NET authentication provider (AspNetSqlMembershipProvider as it happens) and the defualt password strength requirement is a little excessive for our needs. We require our users to enter a password that is alphanumeric at least (i.e, letters and at least one number mandatory, mixed case and non-alphanumeric characters if the user so desires). Can anyone suggest what PasswordStrengthRegularExpression setting would achieve this? Also, how can we control the error

How to check password strength? [closed]

浪尽此生 提交于 2019-12-03 05:09:50
问题 Closed. This question is off-topic. It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Stack Overflow. Closed 5 years ago . How can I check the strength of a password (as a string ) using the .Net Framework? 回答1: Basic but a logical one: enum PasswordScore { Blank = 0, VeryWeak = 1, Weak = 2, Medium = 3, Strong = 4, VeryStrong = 5 } public class PasswordAdvisor { public static PasswordScore CheckStrength(string password) { int score

Prompting for a password in Haskell command line application

孤人 提交于 2019-12-03 04:50:24
问题 The following Haskell program prompts the user for a password in the terminal and continues if he has entered the correct one: main = do putStrLn "Password:" password <- getLine case hash password `member` database of False -> putStrLn "Unauthorized use!" True -> do ... Unfortunately, the password will appear on the screen as the user types it, which I want to avoid. How can I read a sequence of characters that the users types without having the show up on the screen? What is the equivalent

Best practice for storing database password

我只是一个虾纸丫 提交于 2019-12-03 04:44:23
问题 I am developing a custom server application that will access a database. I need to decide where I will store the credentials (and to address) to that server. A common solution is to put the credential in a config file. However, I do not want a compromised server to mean that the hacker has access to the DB (which is hosted on a separate server). I could store the credentials in the environment, but that is just security through obscurity. Mr. Evil can just look in the environment to find it.

How does your company do “Enterprise” Password Management?

僤鯓⒐⒋嵵緔 提交于 2019-12-03 04:44:07
问题 We've talked about personal password management here but how do you guys manage your passwords at a company wide level? 回答1: We have managed to plan our company applications so they are mainly web based and open source or in-house developed. This then allowed us to use LDAP to hook into active directory for logging into our intranet. From there we modified the logins into various products we use (MediaWiki, Wordpress, SugarCRM etc.) so that if the user is authenticated in the intranet, they

Enter passwords interactively in R or R Studio (Server)?

自作多情 提交于 2019-12-03 04:25:36
问题 Is there a way in R to enter passwords interactively to the command line and hide them from the screen? I know there's readLine , but I do not know passwords can be hidden there. Assume you want to connect to a database using ROracle or RMySQL and do not want to store the password in a script but rather make the user enter it every time a query is executed. Yes, we had a similar question around here, but I feel that the situation has changed and it's worth to address to problem again.

Should Password fields retain their values if a form does not pass validation?

主宰稳场 提交于 2019-12-03 04:25:00
I have a typical sign-up form with two password fields. <form> <%= Html.TextBox("Email", null) %> <%= Html.Password("password", null) %> <%= Html.Password("confirmPassword", null) %> <input type='submit' /> </form> If the form fails validation and is redisplayed, the text field retains its value but the password fields are always blank. Why shouldn't the password fields retain their values? And more importantly, is there any reason I shouldn't override this behavior? I feel like this behavior decreases usability, and would prefer password fields to behave the same way as textbox fields --

Maximum MySQL user password length

眉间皱痕 提交于 2019-12-03 04:24:39
What is the maximum length for a MySQL user password? MySQL uses PASSWORD(str) to encrypt the cleartext password str . This hashed password string is stored in the mysql.user grant table with a CHAR(41) datatype. However, I was not able to find what is the maximum length for the cleartext password str , if there is one. Can anyone help? georgecj11 This is the reference pages I found when I googled : Link1 and Link2 If you are using MySQL Replication, be aware that, currently, a password used by a replication slave as part of a CHANGE MASTER TO statement is effectively limited to 32 characters

Best practice on generating reset password tokens

混江龙づ霸主 提交于 2019-12-03 03:59:06
问题 Any best practice on how a reset password token should be constructed? I'm thinking: random 17 characters [a-zA-Z0-9] + a globally unique id + random 17 characters [a-zA-Z0-9]. Is there a better solution, or an industry standard on reset password tokens? 回答1: There are some important points to consider. The code should be really random (read from MCRYPT_DEV_URANDOM), and should not be derrived from other user related information. Ideally the code is base62 encoded (A-Z a-z 0-9) to avoid

Spring security Oauth2 Resource Owner Password Credentials Grant

时光总嘲笑我的痴心妄想 提交于 2019-12-03 03:48:50
Have just installed spring security oauth2 in my eclipse IDE. The service am trying to implement will be consumed by second party users through their installed applications hence i chose to use password grant type. As per my understanding of Oauth2 the following request should work for the demo sparklr2 service without the need of me encording the username and password parameters. i.e POST http://localhost:8080/sparklr2/oauth/token?grant_type=password&client_id=my-trusted-client&scope=trust&username=marissa&password=koala but i keep getting <oauth> <error_description> Full authentication is
订阅 passwords