passwords

问题 I'm trying to create system users with a php script securely, In that, I'd like to be able to hash the password with the php script, so that their password shows up nowhere in the bash history. How to I take a string, and hash it so it is a unix password hash? $UX_PW = some_function('my_password'); exec("useradd -p $UX_PW newusername"); 回答1: It's crypt() that implements the UNIX password hashing. http://us.php.net/manual/en/function.crypt.php 回答2: Depending on your system, you're either

问题 OK I see a lot of people asking about passing other values, URLS, random stuff through a URL, but don't find anything about sending a password to a password field. Here is my situation: I have a ton of sites I use on a daily basis with my work and oh about 90% require logins. Obviously remembering 80 bajillion logins for each site is dumb, especially when there are more than one user name I use for each site. So to make life easier, I drew up a nifty JSP app that stores all of my logins in a

问题 I'm hashing a password in SQL directly like this : DECLARE @HashThis nvarchar(4000); SET @HashThis = 'SecretPizza' INSERT into Users (UserId,Password) Values ('CryptTest',HASHBYTES('SHA1', @HashThis)) Result : When I try and change the SHA1 Algorithm to SHA2_256 or SHA2_512 I get the following error : Question 1 - Is this really supposed to give me chinese like characters ? Question 2 - Those are valid algorithm so how come I can't use them and why is encryption setting @HashThis to null? 回答1

问题 A customer asked me to prevent users from typing common passwords, but permit them to use only alphanumeric passwords. Do you know a regular expression to use in the built in PasswordStrengthRegularExpression option? Edit : I know is pretty vague, and that what I told the client. The definition is something like Do not allow the same character more that 3 consecutive times.(1111, 2222, etc) Do not allow ascending or descending trends (12345, abcde, 6543, etc.) 回答1: That's asking way too much

问题 How can I retrieve a password from user input in Lua in a way that it can securely be deleted from memory after the program is done using the password? This is a followup to: lua aes encryption How can I convert a password to hexadecimals in lua? A simple example would be: "pass" becomes {0x70,0x61,0x73,0x73} 回答1: What do you mean by "hexadecimals"? Do you want to convert pass to a string containing #pass*2 hexadecimal characters? Then you want this: function toHex(s) return (string.gsub(s, "

问题 I am trying to password protect a folder called backoffice . I would like to password protect the folder and everything below it (including PHP files). I just can't seem to get it working in nginx . My configuration is currently this: server { listen 80; server_name www.example.com; access_log /var/log/nginx/localhost.access.log; access_log off; client_max_body_size 50m; ## Default location location / { root /var/www/clients/client3/web21/web; index index.php; } ## Images and static content

问题 I have a basic signup form: <form action="adduser" method="post" onsubmit='passwordCheck()'> Email Address: <input type="email" name="email" required autocomplete="on" placeholder="fr@star.com"/><br/> Username: <input type="text" name="username" maxlength=25 required placeholder="JoyfulSophia"/><br/> Password: <input type="password" name="password" id='password' onkeydown='checkPassword()' maxlength=30 required placeholder="**********" /> Password (Again): <input type='password' id='pass

问题 I need to validate passwords. I currently use: preg_match("/^[a-z0-9_-]*$/i", $pass) . I would like to add length to this. My mysql table is set up like this : userpassword varchar (40) NOT NULL, . So between 6 and 40 characters. And I would like to allow all characters that are not dangerous to put in my db. 回答1: Imposing arbitrary complexity rules on passwords is very user hostile and does not improve security substantially. Don't do it. Here's why I think the above statement is true: If I

问题 I am currently configuring my CAS Server v5.0.2 to use Database Authentication, particularly using the Encode method, using the CAS properties file. Below are the relevant property configurations from the properties file: cas.authn.jdbc.encode[0].sql=SELECT * FROM public.vt_user WHERE email=? cas.authn.jdbc.encode[0].driverClass=org.postgresql.Driver cas.authn.jdbc.encode[0].url=jdbc:postgresql://localhost:5432/tracking cas.authn.jdbc.encode[0].user=postgres cas.authn.jdbc.encode[0].password

问题 Is there a way to use the same hashing algorithm that SimpleMembership uses for password to hash a clear-text password without actually setting or changing a password? I just want the hashed version of the password for comparison. I am building a new site using MVC 4, and have opted to use the SimpleMembershipProvider to handle most account related data. One requirement I have is to keep a password history. I do not need to be able to retrieve the actual passwords, so one-way hashing is fine.