passwords

问题 I want to check if the user has successfully met the following requirements: The password has at least 8 characters Consists of one capital & one lowercase letter How would I do this? I am using the PHP script below: if ( strlen( $password ) < 8 ) { false } else { if ( preg_match( "/[^0,9]/", $password ) ) { // how to check the upper case and lower case } } 回答1: You can do that with a regex: if (!preg_match('/^(?=[a-z])(?=[A-Z])[a-zA-Z]{8,}$/', $password)) { //error } 回答2: Use preg_match("/[A

问题 I have set up my db to log every failed login attempt. I thought I would multiply the number of failed attempts with 0.05 seconds or something. Something like: time_nanosleep(0, (50000000 * $failed_attempts ) ); More attempts a hacker uses to guess a password, more time does it take to check every time. After checking a 100 passords he must wait 5 sec between each try. Is this a good way to stop bruteforcing? I identify the users by IP. So I guess you can bruteforce the application by using

问题 I am using the following methods to create a salted and hashed password from the crypto lib in nodejs: crypto.randomBytes(size, [callback]) crypto.pbkdf2(password, salt, iterations, keylen, callback) For the randomBytes call (creating the SALT) what size should I use? I have heard 128-bit salts, maybe up to 256-bit. It looks like this function uses a size in bytes so can I assume a size of 32 (256 bits) is sufficient? For the pbkdf2 call, what is a good number of iterations and what is a good

问题 Background While at the Gym the other day, I was working with my combination lock, and realized something that would be useful to me as a programmer. To wit, my combination is three seperate sets of numbers that either sound alike, or have some other relation that makes them easy to remember. For instance, 5-15-25, 7-17-2, 6-24-5. These examples seem easy to remember. Question How would I implement something similar for passwords? Yes, they ought to be hard to crack, but they also should be

问题 I want to build app like parental control, so when child try to uninstall/remove my app I would like to require that a user type a password before being allowed to uninstall/remove my application. i try this, but still don't understand : Require a password to uninstall/remove application Any suggest? 回答1: You can lock the device if you use device administration. Users can't uninstall active device admins, then you can lock the device if they try to disable device admin, then the parent could

问题 I'm using Netbean 7.3, Glassfish 3.1.2 I always get this error and I cannot proceed to do my project: WARNING: RAR5038:Unexpected exception while creating resource for pool mysql_tests_rootPool. Exception : javax.resource.spi.ResourceAllocationException: Connection could not be allocated because: Access denied for user 'root'@'localhost' (using password: NO) WARNING: RAR5117 : Failed to obtain/create connection from connection pool [ mysql_tests_rootPool ]. Reason : com.sun.appserv.connectors

问题 I'm writing a Facebook canvas webapp that performs a login (using urllib) to a third party website and performs actions on behalf of the user. This means I have 2 accounts; the account the user has with my webapp (via facebook) and the account the app uses to perform a login on their behalf (with user/password details provided by the user). I obviously don't want plaintext passwords in the DB. But I also don't want the user to have to enter their password every time they perform an action. I

问题 I'm writing a Facebook canvas webapp that performs a login (using urllib) to a third party website and performs actions on behalf of the user. This means I have 2 accounts; the account the user has with my webapp (via facebook) and the account the app uses to perform a login on their behalf (with user/password details provided by the user). I obviously don't want plaintext passwords in the DB. But I also don't want the user to have to enter their password every time they perform an action. I

问题 I have Active Directory, with Users in it, i am trying to change a users password from a Java Program as follows: Properties prop = new Properties(); prop.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory"); prop.put(Context.SECURITY_AUTHENTICATION, "simple"); prop.put(Context.SECURITY_PRINCIPAL,"user1"); prop.put(Context.SECURITY_CREDENTIALS,"pass1"); prop.put(Context.SECURITY_PROTOCOL,"ADSecurityProtocol"); prop.put(Context.PROVIDER_URL, "ldap://host:389/OU=My Org,DC

问题 I'm using Struts 2, my problem is that I don't want to update all my object properties because I got some sensitive data. Here is my code example public class person { private name; private email; private password; } In my form for example I display the name and email for update ,so when I update my person properties after submission ,the password property of the person gets the value null,but when I put the property password in the <s:hidden> tag in the form the update works fine. How to