passwords

Can i read user password policy from LDAP, like when it expires or more details like password strength (minimal length etc.) ? I need these information so I can use the same policy for users kept in my database. My java application require that users from the database have to be synchronized with domain. If you want to get the password policy through LDAP queries try this without PSO policy in your current domain String searchDomain= "DC=company,DC=ORG"; String ldapQuery = "(&(objectClass=domainDNS))"; String ldapAttribute = "maxPwdAge"; If you use a PSO policy try this code String

I have a webapp that requires security beyond that of a normal web application. When any user visits the domain name, they are presented with two text fields, a username field, and a password field. If they enter a valid user/pass, they get access to the web application. Standard stuff. However, I'm looking for additional security beyond this standard setup. Ideally it would be a software solution, but I'm also open for hardware solution as well (hardware=key fobs), or even procedural changes (one time use passwords on a password pad for example). The webapp is unique in that we know all our

I'm doing a bit of reading on hashing for passwords. I've seen that SHA-256 > MD5. This got me thinking about how an app may deal with changing from one hashing function to another. What happens if someone implements an app that hashes their passwords using MD5. They then decide that SHA-256 is the way to go. But of course the password hashes stored in the database are in MD5. What is the process for migrating the data in the database from one hashing function to another? Thomas Pornin It is not possible to "unhash" passwords (at least not in a general, efficient and reliable way -- you can

Can JavaScript access autofilled passwords, and is this considered a security risk? I know that stored passwords generally are strictly associated with a domain, but sometimes Chrome suggests the username and password from another website if it has no currently stored passwords for this domain. (This may vary by browser, I guess) Chrome autofills details under two circumstances: When explicitly told to remember credentials for a specific site When it sees fields it thinks it can autofill and the user accepts the suggested values (and these values won't be passwords) While the fields can be

in my current C# windows application password has been stored in plain text which is obviously not good. so i just want to know what is the best way to encrypt the password and stored into SQL Server. I have read that using hash+salt is better. but i feel "EncryptByPassPhrase","DecryptByPassPhrase" new feature in sql 2005 is better to use because you are handling everything from SQL Server itself and i suppose it uses triple DES. can somebody suggest is it good to use it ? Do you need to have access to the original password, or are you just going to try and compare an entered password against

For some reason, my firebase project apikey associate with database changed. I can still create another api key, update into the application. But when user try to reset password, the link use the old key and lead to "Your request to reset your password has expired or the link has already been used" (I think I read this problem somewhere and now I found the reason). Is there anyway to update new api key for an existing firebase project? Thank you Hieu Jack Nguyen Somehow, my original apiKey was recovered. You can find the original key (which were deleted from console.google.com) associated with

I've created a RESTful server app that sits and services requests at useful URLs such as www.site.com/get/someinfo. It's built in Spring. However, these accesses are password protected. I'm now building a client app that will connect to this RESTful app and request data via a URL. How can I pass the credentials across? Currently, it just pops up the user/password box to the user, but I want the user to be able to type the username and password into a box on the client app, and have the client app give the credentials to the RESTful app when it requests data. The client is built using Struts.