passwords

问题 How do I get my JSF login page to prompt Chrome to save password? <h:form id="login-form" class="form login-form"> <h:outputLabel for="j_username" value="Email:" /> <p:inputText value="#{loginBean.j_username}" id="j_username" required="true"> </p:inputText> <h:outputLabel for="j_password" value="Password:" /> <h:inputSecret value="#{loginBean.j_password}" id="j_password" required="true"> <p:commandButton id="loginButton" value="Login" action="#{loginBean.login}" /> </h:form> 回答1: Turn off

问题 I would like to know if my current implementation of BCrypt is correct, I am aware that I am not using BCrypt.checkpw() which may lead to an issue so that is the main reason I verify it here. Hasher.java container class: abstract public class Hasher { public static String hash(final char[] input) { String output = Hasher.hash(new String(input)); for (int i = 0; i < input.length; i++) { input[i] = 0; } return output; } public static String hash(final String input) { return BCrypt.hashpw(input,

问题 I'm using the following regex to validate password complexity: /^.*(?=.{6,12})(?=.*[0-9]{2})(?=.*[A-Z]{2})(?=.*[a-z]{2}).*$/ In a nutshell: 2 lowercase, 2 uppercase, 2 numbers, min length is 6 and max length is 12. It works perfectly, except for the maximum length, when I'm using a minimum length as well. For example: /^.*(?=.{6,})(?=.*[0-9]{2})(?=.*[A-Z]{2})(?=.*[a-z]{2}).*$/ This correctly requires a minimum length of 6! And this: /^.*(?=.{,12})(?=.*[0-9]{2})(?=.*[A-Z]{2})(?=.*[a-z]{2}).*$/

问题 I have a simple C# windows form which acts as a login, but also has a form to change the password of a user. When you click on Change Password the form loads with a text box of current password, new pass and confirm new pass, and one save button. I have stored username in label so that current password can be checked if it is valid from database or not. I am storing these in a table which I created in Microsoft SQL Server 2008. The code is as follows so far. SqlConnection connect = new

问题 I have an ASP.NET application that requires impersonation as an administrator user. In web.config: <identity impersonate="true" userName="administrator" password="password"/> The customer complained about saving the password in clear text format. Is there a way to save the password here as hashed? 回答1: aspnet_regiis with the appropriate switch should do the trick, see this article. 来源： https://stackoverflow.com/questions/2912903/how-to-use-hashed-password-in-impersonate-of-asp-net

问题 Is there a way to suppress the password prompt when using Java Webstart with a https server that uses client authentication? I would like to do this, because the webstarted app runs on a touch screen device that got no keyboard and runs in a kiosk mode. Therefore it would be sufficient to either remove the password from the keystore or to store it somewhere, maybe in the desktop shortcut that starts the app. I already tried to attach a JVM Parameter to the shortcut like this, but it doesn't

问题 Can JavaScript access autofilled passwords, and is this considered a security risk? I know that stored passwords generally are strictly associated with a domain, but sometimes Chrome suggests the username and password from another website if it has no currently stored passwords for this domain. (This may vary by browser, I guess) 回答1: Chrome autofills details under two circumstances: When explicitly told to remember credentials for a specific site When it sees fields it thinks it can autofill

问题 Can JavaScript access autofilled passwords, and is this considered a security risk? I know that stored passwords generally are strictly associated with a domain, but sometimes Chrome suggests the username and password from another website if it has no currently stored passwords for this domain. (This may vary by browser, I guess) 回答1: Chrome autofills details under two circumstances: When explicitly told to remember credentials for a specific site When it sees fields it thinks it can autofill

问题 I'm doing a bit of reading on hashing for passwords. I've seen that SHA-256 > MD5. This got me thinking about how an app may deal with changing from one hashing function to another. What happens if someone implements an app that hashes their passwords using MD5. They then decide that SHA-256 is the way to go. But of course the password hashes stored in the database are in MD5. What is the process for migrating the data in the database from one hashing function to another? 回答1: It is not

问题 I'd like to use form validation to require a password that has BOTH alpha and numeric characters. Here's what I've come up with so far: $this->form_validation->set_rules('password', 'Password', 'required|matches[passconf]|min_length[8]|alpha_numeric'); The issue is that "alpha_numeric" requires that the password only contain letters or numbers, it doesn't require both. Going for the stronger password option here. 回答1: You could set up a callback in your controller: public function password