|
I have been tasked with securing the connection string in an classic ASP application and I'm wondering if I should just bite the bullet and upgrade the whole application to ASP.NET, or if there is a simple fix.
Currently the application connects to an...
Started by lrussell on
, 4 posts
by 4 people.
Answer Snippets (Read the full thread at stackoverflow):
However, as you seek to not supply the password doesn't seem to allow alternate authentications ....
Rather than ODBC, you can consider OLEDB not apply if another database is in use.. .
Out the user id and password in the connection string.
|
|
Some time ago I joined new project. It was under development for quite a long time. The thing that surprised me was that all users' passwords are stored in non-encrypted form .
I explained huge security vulnerabilities of this to our management - it looks...
Started by Fedyashev Nikita on
, 7 posts
by 7 people.
Answer Snippets (Read the full thread at stackoverflow):
To the old system (by providing the old password list, of course, since once the passwords are hashed it has been demonstrated to work for a couple of weeks, you can delete the cleartext password listIf possible you can try....
|
|
EDIT: Can anybody actually answer the question? Thanks, I don't need no audit trail, I WILL know all the passwords and users can't change them and I will continue to do so.
This is not for hacking!
We recently migrated away from a old and rusty Linux/...
Answer Snippets (Read the full thread at serverfault):
Don't enable "reversible encryption" - you need....
With a moderately complex password would be nearly impossible to discover.
Microsoft has their ILM product which can replicate passwords, perhaps to a foreign LDAP store.
password.
|
Ask your Facebook Friends
|
I am working on an application that is targetted at non technical users. I expect a large number of support calls regarding lost passwords and inability to login.
I am using ASP.NET membership provider that provides 3 options for storing passwords - Clear...
Answer Snippets (Read the full thread at stackoverflow):
If you think that resetting password liabilities....
For lost passwords, you simply reset their password and give passwords that can be being used in bank accounts for example.
Of the password which cannot be recovered .
|
|
From Jacob Nielson's "Stop Password Masking" :
Usability suffers when users type in passwords and the only feedback they get is a row of bullets. Typically, masking passwords doesn't even increase security, but it does cost you business due to login failures...
Started by Abi Noda on
, 42 posts
by 42 people.
Answer Snippets (Read the full thread at stackoverflow):
In this day and age of identity theft and anonymous internet... .
Wouldn't a password manager resolve the issue passwords visible as cleartext is a recipe for trouble.
If not, then that is the problem, not the masked passwords.
|
|
Hi,
I just installed google chrome and realized that there was an option to migrate all my passwords from firefox. Surprisingly it actually did migrate all of my passwords seamlessly.
So here's my question: if chrome can do it, why couldn't any other ...
Started by michal kralik on
, 6 posts
by 6 people.
Answer Snippets (Read the full thread at stackoverflow):
Firefox uses the master password in ....
If you didFirefox passwords are secured using a master password (if you set one).
password, then yes your passwords are completely cleartext to anything that runs locally.
|
|
I need to store passwords in NSString objects; however, I would like some way to obfuscate them, so they cannot be read directly from memory.
This is a Mac OS X (10.5) application, but a solution that also works on iPhone would be much appreciated.
Started by rjstelling on
, 6 posts
by 6 people.
Answer Snippets (Read the full thread at stackoverflow):
The only think you will never be able to do is access the cleartext password again - if you want the input string and compare that with what is stored?
If you use the keychain for storing passwords their passwords to be ....
|
|
I need to salt and hash some passwords so that I can store them safely in a database. Do you have any advice or ideas as to how best to do this using Linq To SQL?
Started by JayJay on
, 4 posts
by 4 people.
Answer Snippets (Read the full thread at stackoverflow):
Generate (and remember a password would go along these lines:
Receive the password as cleartext, along with the user's ID to, because you won....
These lines:
Receive the password as cleartext, along with the user's ID.
|
|
I'm migrating an application from ColdFusion to ASP.Net MVC and have a little problem I cannot seem to get my head around. The original application stores user's passwords in a MD5 hash format with no salt in the database. I'm using the ASP.Net membership...
Started by E-Madd on
, 4 posts
by 4 people.
Answer Snippets (Read the full thread at stackoverflow):
A couple of refinements:
You don't need to prompt them to update their password; they provided you the cleartext to ....
Once your new as I was aware.
Is secure and I never needed to find out the original passwords or reset anything.
|
|
As much as I understand it is a good idea to keep passwords secret from the site administrator himself because he could try to take a user's email and log into his mailbox using the same password (since many users use the same password everywhere).
Beyond...
Started by User on
, 13 posts
by 12 people.
Answer Snippets (Read the full thread at stackoverflow):
With credit my password in ....
Yes, this has happened.
Password it and read the password which was so conveniently stored in cleartext.
Allow him/her to do anything with other systems (by using your users' passwords).
|
