passwords

问题 Sorry if this has been asked before, I did check but couldn't find anything... Is there a function in Unix to encrypt and decrypt a password in a batch file so that I can pipe it into some other commands in a bash file? I realise that doing this provides no real security, it is more to stop someone accidentally seeing the password if they are looking at the script over my shoulder :) I'm running on Red Hat 5.3. I have a script which does something similar to this: serverControl.sh -u admin -p

问题 I'm installing a user registration script (Tank Auth) for my website. In the installation guide its says, WARNING: By default the library generates strong system-specific password hashes that are not portable. It means that once created, user database cannot be dumped and exported to another server. This behavior can be changed in config-file as well. This put me in a dilemma. In the future I may want to change servers but I don't want weak passwords either. Are portable password hashes a big

问题 I am using WebMatrix and have built a website based on the "StarterSite". In this starter site you get a nice basic layout - including registration, login, forgot password pages etc... I've noticed that in the database that the "webpages_Membership" table has a column named "PasswordSalt". After creating a few new user accounts, this column always remains blank. So I'm assuming that no password salt (not even a default one) is in use. Obviously this is not the best practice, however I cannot

问题 A common Java security guideline for handling sensitive data (== passwords) recommends never using a String object to store the data, and instead using an array of bytes or chars. I am trying to apply this guideline in a HttpServlet handler. In particular, I am using a basic-authentication-like approach where the credentials are passed in in a header (this is a GET request, so no body). The issue I'm running into is that it seems impossible to get to the header data without generating a

问题 I'm quite new to jQuery, and I've written a simple function to check the strength of a password for each keypress. The idea is that every time a user enters a character, the contents is evaluated to test the strengh of the password they have entered... I'm sure everyone has seen these before. Anyhow, the logic I have used is that no password begins with a value of 1. When a lower-case character is used, the score increments to 2. When a digit is used the score increments by 1 again, same for

问题 I am trying to use 2 of the mysql utilities, mysqldiff and mysqldbcompare and want to avoid putting my password on the command line Is it possible to use an option file to specify the password for my DB connection to prevent me having to specify the password? This is the sort of command that I currently have... /usr/share/mysql-workbench/python/mysqldiff --server1=root@localhost --server2=root@localhost --difftype=sql db1:db2 I also have a file at ~/.my.cnf that has "600" permissions and

问题 I'm using ASP.NET membership for a site that will serve primarily sophisticated users. I understand the difference between hashed and encrypted passwords, and I'm trying to decide between the two. After my last client complained bitterly about hashed passwords being a total PITA, I've started to favor encrypted passwords. But someone suggested this just isn't secure enough. So my question is: What, exactly are the risks of encrypting passwords? Any person with the ability to steal passwords

问题 I would like to allow my users to use Unicode for their passwords. However I see a lot of sites don't support that (e.g. Gmail, Hotmail). So I'm wondering if there's some technical or usability issue that I'm overlooking. I'm thinking if anything it must be a usability issue since by default .NET accepts Unicode and if Hotmail--er, the new Live mail--is built on that, I don't see why they would restrict it. Has anyone encountered similar issues? 回答1: I am sure there is no technical problem

问题 Closed . This question is opinion-based. It is not currently accepting answers. Want to improve this question? Update the question so it can be answered with facts and citations by editing this post. Closed 4 months ago . What is the best way of ensuring that a user supplied password is a strong password in a registration or change password form? One idea I had (in python) def validate_password(passwd): conditions_met = 0 conditions_total = 3 if len(passwd) >= 6: if passwd.lower() != passwd:

问题 I need to execute ssh from windows command line by providing password in a non interactive manner. I could implement the key based authentication and able to execute the ssh commands just like ssh <user>@<host> <command> Is there any commands like ssh <user>@<host> -P <password> <command> I don't know if it is feasible. However, there can be some work around for the same. Throw me some ideas to accomplish the same. 回答1: PuTTY's plink has a command-line argument for a password. Some other