passwords

问题 Essentially I have a HtmlPasswordFor(m => EmployeeID), I have a button called "Go". Once I hit the Go textbox, I actually do not want the password to disappear on the or have the field password to be cleared. How would I do this? BEFORE AFTER I do not want the my employeeid to reset. I want to keep the passwords in ****'s, but I'll need the password on my next post call. Controller [HttpGet] public ActionResult MainForm() { var model = new VTViewModel(); return View(model); } [HttpPost]

问题 How would one need to modify one of these examples, to have at least a capital and a nubmer inside the password? jQuery password generator http://javascript.internet.com/passwords/password-generator.html http://www.blazonry.com/javascript/password.php or any other example :) 回答1: off the top of my head: function generatePassword(len){ var pwd = [], cc = String.fromCharCode, R = Math.random, rnd, i; pwd.push(cc(48+(0|R()*10))); // push a number pwd.push(cc(65+(0|R()*26))); // push an upper

问题 This question already has answers here : How does browser know when to prompt user to save password? (13 answers) Closed 6 years ago . What do you need to do on a login form so that the browser prompts to remember the login information? I have a input named "username" and one named "password". on my browser i have it set to ask if it should remember the password, and it does on most sites, but on the site that i am testing it doesnt, so i am wondering what can be changed to make it remember.

问题 I have a PHP application that has a somewhat decent userbase. Now unfortunately, it has been using sha1($password . $salt) all these years and I really want to ditch that in favor of bcrypt. I have found some nice ways of getting a Blowfish hash, but I am still unsure about the conversion approach that I should use. Here are my options: Option 1 Every time a user logs in, I check if the hash starts with $2. If not, I assume it is sha1, take the password entered by the user, get the bcrypt

问题 For example, I have hobby project - ASP MVC application. I want to share my code. And get some feedback, or, maybe, somebody will join me in development of the project. I setup public repository for it. The question is following: How do I store web.config and connection string in it? It contains address of my SQLServer, password and username. It would be seen. It's security breach. So, what's the common solution? 回答1: In this case don't store the connection string in your web.config. Store it

问题 This question already has answers here : Closed 7 years ago . Possible Duplicate: what is best possible way of salting and storing salt? Improve password hashing with a random salt Assuming that using a correct algorithm for password hashing and generating different salts for each password... Is it a security risk to store salts separately from password hashes? For ex. in a database table, storing password hashes in one column, and password salts in a separate column? I saw strategies where

问题 I'm using SHA-512 to hash my passwords (with a salt ofcourse). I don't think that what I want is possible, but let's ask anyway. Is there a way to check if a string is a SHA-512 (or another algorithm) hash already? When a user logs in, I want to do a check on his password. If it's still in plain text, it should get converted to a secure form. 回答1: Your task is extremely simple and require no strings checking. Just compare entered password with stored one first. If matched - here it is, a

问题 I have a TextBox control in a form which is still pulling in data when the HTML form renders. I tried setting the AutoCompleteType to "None" but I think that just controls whether or not it will find previously entered data for that field, not what actually fills into that input field when the page loads. Why would this textbox be pulling in data? It's causing another larger issue. This TextBox is inside of a control (*.ascx file). It's loaded from another control dynamically--not sure if

问题 I have a little java prog that uses a webservice which needs authorization. So the java prog (which is to be run using windows task scheduler) needs to have a user/password argument. How can I store these somewhere without having them laying around in a file as plaintext? So far I've tried using runtime.getRuntime and CACLS to have a plaintext file but alter the permissions so only the owner could open it (didn't work, not sure why). Password encryption doesn't work because if I pass the hash

问题 I need to check for a password containing 3 of the following 4: Lowercase letter Uppercase letter Numeric character Special characters (like %, $, #, ...) The length of the password has to be between 6 and 20 characters. I currently have this: public void ChangePassword(string password) { Regex regex1 = new Regex("^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z]){6,20}$"); Regex regex2 = new Regex("^(?=.*[0-9])(?=.*[a-z])(?=.*?[#?!@$%^&*-]){6,20}$"); Regex regex3 = new Regex("^(?=.*[0-9])(?=.*[A-Z])(?=.*?[#