passwords

问题 I'm looking at some code that I have not written myself. The code tries to hash a password with SHA512 and uses just time() as the salt. Is time() too simple a salt for this or is this code safe? Thanks for the answers and comments. I will sum it up here for the new readers: salt should be different for each user, so if 2 users register at the same time, their salts won't be unique. This is a problem, but not a big one. but salt shouldn't be in any way related to the user, so time() is not a

问题 There are some irreversible actions that user can do in my app. To add a level of security, I'd like to verify that the person performing such an action is actually the logged in user. How can I achieve it? For users with passwords, I'd like a prompt that would ask for entering user password again. How can I later verify this password, without sending it over the wire? Is a similar action possible for users logged via external service? If yes, how to achieve it? 回答1: I can help with the first

问题 How does one store sensitive data (ex: passwords) in std::string ? I have an application which prompts the user for a password and passes it to a downstream server during connection setup. I want to securely clear the password value after the connection has been established. If I store the password as a char * array, I can use APIs like SecureZeroMemory to get rid of the sensitive data from the process memory. However, I want to avoid char arrays in my code and am looking for something

问题 Or is there a software to auto generate random passwords? 回答1: Just build a string of random a-z , A-Z , 0-9 ( or whatever you want ) up to the desired length. Here's an example in PHP: function generatePassword($length = 8) { $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'; $count = mb_strlen($chars); for ($i = 0, $result = ''; $i < $length; $i++) { $index = rand(0, $count - 1); $result .= mb_substr($chars, $index, 1); } return $result; } To optimize, you can define

问题 Or is there a software to auto generate random passwords? 回答1: Just build a string of random a-z , A-Z , 0-9 ( or whatever you want ) up to the desired length. Here's an example in PHP: function generatePassword($length = 8) { $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'; $count = mb_strlen($chars); for ($i = 0, $result = ''; $i < $length; $i++) { $index = rand(0, $count - 1); $result .= mb_substr($chars, $index, 1); } return $result; } To optimize, you can define

问题 I have some code like this in a winforms app I was writing to query a user's mail box Storage Quota. DirectoryEntry mbstore = new DirectoryEntry( @"LDAP://" + strhome, m_serviceaccount, [m_pwd], AuthenticationTypes.Secure); No matter what approach I tried (like SecureString ), I am easily able to see the password ( m_pwd ) either using Reflector or using strings tab of Process Explorer for the executable. I know I could put this code on the server or tighten up the security using mechanisms

问题 I have some code like this in a winforms app I was writing to query a user's mail box Storage Quota. DirectoryEntry mbstore = new DirectoryEntry( @"LDAP://" + strhome, m_serviceaccount, [m_pwd], AuthenticationTypes.Secure); No matter what approach I tried (like SecureString ), I am easily able to see the password ( m_pwd ) either using Reflector or using strings tab of Process Explorer for the executable. I know I could put this code on the server or tighten up the security using mechanisms

问题 This question already has an answer here : Reference - Password Validation (1 answer) Closed last year . I found a script online and it has a password regex in JavaScript. I still want to use it, but for more security I want to use PHP to validate my password too but I'm useless with regex. The requirements: Must be a minimum of 8 characters Must contain at least 1 number Must contain at least one uppercase character Must contain at least one lowercase character How can I construct a regex

问题 I'm using AJAX for fast input validation on my login page. If everything is correct, the user is redirected. Here's the code: $(form).submit(function () { $.post($(this).attr('action'), $(this).serialize(), function (data) { if (data.status == 'SUCCESS') { window.location = data.redirectUrl; } } ... It works really well in all browsers. But there's a problem in Chrome. It doesn't offer to save the password. When JavaScript is turned off, the password is saved, so the problem is definitely in

问题 Closed. This question is off-topic. It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Stack Overflow. Closed 6 years ago . Can anyone recommend a Java library that contains methods that are suitable for performing server-side password strength checking in a webapp. Ideally the checker should be: configurable, allowing the deployer to supply different dictionaries, adjust weights of different criteria, and so on extensible allowing