passwords

问题 My project for this summer is to make a multiplayer online flash game. I could use some advice as I've never implemented a secure login system before, let alone done so in Actionscript. My setup right now is a .swf sending/receiving game data to/from a Java server which communicates with a MySQL database about account info. 1) How should I proceed in general? I was thinking that maybe I should have my .swf encrypt the password, send it, (have my server encrypt it again?), then store it in the

问题 I am learning Rails, at the moment, but the answer doesn't have to be Rails specific. So, as I understand it, a secure password system works like this: User creates password System encrypts password with an encryption algorithm (say SHA2). Store hash of encrypted password in database. Upon login attempt: User tries to login System creates hash of attempt with same encryption algorithm System compares hash of attempt with hash of password in the database. If match, they get let in. If not,

问题 I want to generate SHA512 hashed passwords for inclusion directly into a /etc/shadow file for use with chef's user resource. Normally I'd go to the stdlib's Digest library for this, but it doesn't generate the hash in the right format: ruby-1.9.2-p136 :001 > require 'digest/sha2' => true ruby-1.9.2-p136 :002 > Digest::SHA512.hexdigest('test') => "ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff" The format that

问题 In the small application that I'm currently developing for a customer I need to ask the user for his windows login username, password and domain and then use those with System.Diagnostics.Process.Start to start an application. I have a textbox with UseSystemPasswordChar to mask the entered password. I need a System.Security.SecureString to feed the password to System.Diagnostics.Process.Start . How do I convert the entered text to secure string while not doing it one character after another?

问题 I will be working with very sensitive data in an app. Obfuscation by my definition is not added security, it will only delay the cracker with finite time. Is it possible that Proguard does this so well it may be called added security? What is most sensitive are some network calls. It will be hard to sniff the password because we will generate the password on both sides and check it's validity with timestamps. Problem is the app may be reverse engineered and the generate algorithm may be

问题 I would like to encrypt the passwords on my site using a 2-way encryption within PHP. I have come across the mcrypt library, but it seems so cumbersome. Anyone know of any other methods that are easier, but yet secure? I do have access to the Zend Framework, so a solution using it would do as well. I actually need the 2-way encryption because my client wants to go into the db and change the password or retrieve it. 回答1: You should store passwords hashed (and properly salted ). There is no

问题 HI I am getting Resource#6 and Resource#7 when I print the following variables: $salty_password = sha1($row['salt'], $_POST['password']); if(isset($_POST['subSignIn']) && !empty($_POST['email']) && !empty($_POST['password'])) { $query = "SELECT `salt` FROM `cysticUsers` WHERE `Email` = '" . $_POST['email'] . "'"; $request = mysql_query($query,$connection) or die(mysql_error()); $result = mysql_fetch_array($request); $query2 = "SELECT * FROM `cysticUsers` WHERE `Email` = '". $_POST['email']."'

问题 http://www.php.net/manual/en/faq.passwords.php#faq.passwords.fasthash I'm storing user passwords in a MySQL database in hash form. Does this mean that it is unsafe to do so? If it is, what are my alternatives? 回答1: The next question in the FAQ you linked to discusses it: How should I hash my passwords, if the common hash functions are not suitable? From the FAQ: The suggested algorithm to use when hashing passwords is Blowfish, as it is significantly more computationally expensive than MD5 or

问题 This question already has answers here : Using python to open cmd and automatically enter a password (3 answers) Closed 2 years ago . I need to run a file as another user without it prompting for a password, from my script. How is this done? 回答1: There's an executable program called SANUR.EXE that's made for just this kind of situation: you can use it to pipe in the password on the command-line, like this: runas /user:domain\username cmd.exe | sanur mysekritpassword . 回答2: Have the user add

问题 This question already has answers here : Using python to open cmd and automatically enter a password (3 answers) Closed 2 years ago . I need to run a file as another user without it prompting for a password, from my script. How is this done? 回答1: There's an executable program called SANUR.EXE that's made for just this kind of situation: you can use it to pipe in the password on the command-line, like this: runas /user:domain\username cmd.exe | sanur mysekritpassword . 回答2: Have the user add