passwords

问题 My question is how do I set empty string as password for mysql database in properties file? The password for MySql database is an empty string. I tried leaving the right hand side empty like this jdbc.password= in my application.properties file but I get the following exception: org.hibernate.exception.GenericJDBCException: Could not open connection Caused by: org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (Access denied for user 'root'@'localhost'

问题 I have a web application (Java) that I am trying to launch. The user needs to login to the system to use the features. So there are two parts to this application: 1) User Registration 2) Login My concern is how secure is my method of transferring username/password data from the web browser to the server. Registration I am very lost on this one as I am not really sure how to securely send data from the web browser to the server. Login I have the following setup: << Client >> ------------------

问题 I've created a login submit form in HTML but for some reason autocompletion does not work in firefox. This is what happens in Firefox: - I give username and password and click on the login button - Firefox prompts me if I would like to remember the password. I press 'remember' and login works. - I log out and return to the login page. I would expect the username and password field to be prefilled but that is not the case. Notice that I don't (want to) use cookies. Here's the code for this

问题 In my app, users can edit their profile information. On the edit profile form, the user can make changes to all fields (name, title, and more). On this same form are three fields: current_password , password , and password_confirmation . I am using bcrypt 's has_secure_password feature for password authentication. I am NOT using Devise at all. I want users to only be able to change their password if they have supplied a correct current password. I've got this working before with the following

问题 In tk inter is their away to make a specific username and password open a specific file like if an administrator logs in he would be taken to a administrator page. from Tkinter import * root = Tk() w = Label(root, text="LiftServer(Sign-in)") w.pack() e1 = Label(root, text="******************************") e1.pack() w1 = Label(root, text="Username") w1.pack() e = Entry(root) e.pack() w2 = Label(root, text="Password") w2.pack() e1 = Entry(root) e1.pack() toolbar = Frame(root) b = Button(toolbar

问题 Modern browsers save passwords. Which criteria affect this decision? Background: I have a registration page with the following form: <form action="/BlaBla/Account/Register" method="post"> <div> <fieldset> <legend>Account Information</legend> <p> <label for="username"> Username:</label> <input id="username" name="username" type="text" value="" /> </p> <p> <label for="email"> Email:</label> <input id="email" name="email" type="text" value="" /> </p> <p> <label for="invitationCode"> Invitation

问题 I have a bit of a dilemma here. I have a drupal 7 database table of users, with corresponding passwords. All these passwords have been naturally encrypted. My assumption is that these are MD5 hashes, but not quite. The challenge here is that, we are utilizing the same set of users in a companion website that uses similar credentials but a different technology [please don't blame me for this, I a mere pawn]. Now if I knew how Drupal goes about encrypting its passwords, maybe I could decrypt

问题 There are many discussions about security risk for saving hash password in cookies, as upon accessing to the user's computer, a hacker can log in with the saved password. If a hacker has access to the user's computer, he can catch the password, as browsers also save passwords locally (encrypted of course). What is the difference between password set in cookies with that saved by the browser? For obvious reason, a temporary GUID should be send instead of password. In any case, I believe that

问题 I am building a suite of batch jobs that require regular access to a database, running on a Solaris 10 machine. Because of (unchangable) design constraints, we are required use a certain program to connect to it. Said interface requires us to pass a plain-text password over a command line to connect to the database. This is a terrible security practice, but we are stuck with it. I am trying to make sure things are properly secured on our end. Since the processing is automated (ie, we can't

问题 At the moment I have a database with md5 passwords stored, a few years back this was considered a little more secure than it is now and it's got to the point where the passwords need to be more secure. I've read a lot of posts on here about crypt , md5 , hash , bcrypt , etc and have come to consider using something along the lines of the following to 'secure' the passwords better than they are now. I will use a combination of hash("sha512" and two salts, the first salt will be a site wide