passwords

Here is a piece of code that I use to fetch a web page HTML source (code) by its URL using Google App Engine: from google.appengine.api import urlfetch url = "http://www.google.com/" result = urlfetch.fetch(url) if result.status_code == 200: print "content-type: text/plain" print print result.content Everything is fine here, but sometimes I need to get an HTML source of a page from a site where I am registered and can only get an access to that page if I firstly pass my ID and password. (It can be any site, actually, like any mail-account-providing site like Yahoo: https://login.yahoo.com

I'm writing a Facebook canvas webapp that performs a login (using urllib) to a third party website and performs actions on behalf of the user. This means I have 2 accounts; the account the user has with my webapp (via facebook) and the account the app uses to perform a login on their behalf (with user/password details provided by the user). I obviously don't want plaintext passwords in the DB. But I also don't want the user to have to enter their password every time they perform an action. I want them to enter the password once when they sign up, and I want to encrypt the passwords, but what

Every example I see says to use a strong password but then they just slap it in the source code. That doens't seem quite right to me. Is it possible to authenticate to the keystore as the current account so no passwords are involved? If that's not possible, I have a requirement to not store passwords in source code, which is perfectly acceptable, but it seems like at some point a password needs to be a part of the equation, can someone point me to the most secure way to handle this? I'm tempted to add the password as part of the build, but then I have a plaintext password on the build server,

I have a database where every password is passed via SHA1. Sometimes, I want to go to the users dashboard and look how it feels like. Is there a way, I could convert SHA1 to normal form just for testing purposes? Thank You If by "normal form" you mean "can I retrieve the string that created a given hash", the answer is no. And it should be NO, because that's the whole point of secure hashes: make it very easy to create, extremely complicated (ideally impossible) to revert, otherwise, why on Earth would you make a secure hash? If you are trying to hack on the user's accounts, then I suggest you

I have been working on a project that requires me to implement a Show/Hide button on a form password field, that toggles between showing the password as plaintext, and hiding it behind asterisks. What I came up with so far: function pass(){ document.getElementById('password').type="password"; } function text(){ document.getElementById('password').type="text"; } <input type="password" id="password" /> <button class="ui-component__password-field__show-hide" type="button" onclick="text()">Show</button> It works fine for switching to showing the password, but how do I make it change the text of

In my C++ application, user must login in order to use the application. The user login data are taken from phpBB 3.1 database, which uses for password hashing bcrypt. However, I didn't found any suitable example for C++. So my question is: How I can auth user with bcrypt hashed password in C++? I know how to do authentication from external database in C++, I just need help with the bcrypt. Thank you! BCrypt is really not as common as it could be, but there is a Stackoverflow question on What's the recommended Bcrypt C implementation? that will point you to Openwall's crypt_blowfish . Given a