passwords

问题 I know, this is a simple question, and maybe it is similar to others, but I couldn't find my answer in those, so I`m asking new one. I would like to understand the process of checking passwords in databases. I know they use encryption and hashing algorithms, but I can't understand how they can check those stored values and compare them with user`s passwords provided in input fields to verify them? As I have read here in many answers, for example, you can't detect the MD5 hashed password and

问题 I have a file on my server called "pform.php", this is what it looks like: <form action="password.php" method="get"> <input type="text" name="password13"/> <input type="submit" value="Submit!"/> </form> I have it transfer to another file called "password.php", this is what it looks like: <?php $text=$_GET["password13"]; $right="You entered the right password!"; $wrong="You entered the wrong password!"; if($password13)=="test" { echo $right; } else { echo $wrong; } ?> What can I change on line

问题 this doesn't necessarily entail a Python specific answer, but that is what I am using, Python 3.2 to be exact. I am also developing under Linux. I have a script that is connecting to a website, logging in, and obtaining information for the the user. How do I store the user's credentials safely? Or what is the best practice? Encryption seems silly since the encrypted credentials and encryption key would be in the same place. The only thing I can think of is storing in a file which has

问题 I would like to know if there is any way (should be approved on Appstore) to detect when device passcode is activated on Home screen. Basically, my app would like to know those phone events: device screen turn on/off phone lock/unlock (by Auto-Lock setting / press Power button) passcode activate (by Require Passcode setting) As far as I research, I could achieve 1 & 2 by combine Darwin Notification Center & notify_get_state with 4 events: com.apple.springboard.lockstate com.apple.springboard

问题 I have a Django-based site (not yet launched, so there are no real users) using plain django.contrib.auth , and want to store passwords as plain-text, not salted SHA-1 hashes. The question is what's the best approach to do this, hopefully, without patching (or monkey-patching) Django source code? NOTE : I perfectly know this is certainly less secure. Plaintext is required to perform challenge-response auth, like CHAP for PPTP VPN, DIGEST-MD5 for IMAP4 and HTTP Digest for WebDAV-based file

问题 I am supporting a site built on symfony. There were problems regarding some kind of "admin page". While not knowing much about the whole thing by reading the logs and comparing recent backups I think I was able to fix the issue (some developer removed a route, but did not fix a template). I do not have admin password to the site, but have root access to the server and super access to the database (in this case postgres). Can you help me how to create myself an account without knowing the

问题 I got great help from the link below, I have made a few changes but I can not get it to work, any thoughts? What it is supposed to do is go get the domain policy and check the password expiration information, if it is within the 14 day time frame it shows a popup (it works if I use msgbox) I want to use a company logo with the text, this is the problem area. PwExpChk.vbs can I add a company logo? '========================================== ' Check for password expiring notification '=========

问题 I state that I am a complete beginner to LDAP. I have to let a user change its own password through an Android device. User has NOT administrative privileges. Using the UnboudId LDAP SDK for Java I'm able to bind to server and get the user entry using this code: final SocketFactory _socket_factory; final SSLUtil _ssl_util = new SSLUtil(new TrustAllTrustManager()); try { _socket_factory = _ssl_util.createSSLSocketFactory(); } catch (Exception e) { Log.e(LOG_TAG, "*** Unable to initialize ssl",

问题 Basically, what I'm asking is if salting a password by appending a hashed version of it to the end of it is just as secure as salting with a different string. So: Is this: $pass = "pass"; $salt = sha1(md5($pass)); $pass = md5($pass.$salt); As secure as this? $pass = "pass"; $salt = "4D9ds*^dkrUI45^#dkd*3fD8&!dlvd*"; $pass = md5($pass.$salt); 回答1: The first example is as secure as hashing without using any salt at all, because it still just requires the password and nothing more to crack. In

问题 I am using a small cakephp setup, with no forgot password functionality. I want to be able to create a hashed password, using the same security hashing method and cipherseed used in the site. Is there a way to recreate the setup in a local php file which would output a hashed password, the system would understand? 回答1: Make sure to specify that you're using the Security Component in whatever controller you're working in: var $components = array('Security'); Then, in the action (method