Database password on the PHP file

A quick question for you! This is my first WEB application... Is it safe leaving the password visible in the PHP file or there is a way to protect/hide it? Thank you DavideThere exists different situations to store a password, which cannot be handled

How to describe PasswordValidator rules

The Microsoft.AspNet.Identity.PasswordValidator is configurable with a number of parameters which define the minimum password length and complexity rules. If the user enters a password that does not meet the criteria, PasswordValidator will throw an

create a .txt file in a variable directory

I might change this later to a better form of databasing, and if you have any advice on that then shoot, I'm pretty new to C++ and I am currently thinking JSON because I used it a bit in Python. For now though I am just looking to test and make sure

How to protect Hibernate columns from being read

Lets say I have models Configuration and User. In Configuration I specify relation to User like this: @ManyToOne(fetch = FetchType.EAGER) @JoinColumn(name= "user") private User author; And then when I want all configuration per specific user I g

how cakephp2 project transplanted to cakephp3?

I want to cakephp2 project transplanted to cakephp3 problem. I must retain the user's information. How to make them have the same way to generate password? Here's how I generate passwords by cakephp2. App::uses('AuthComponent', 'Controller/Component'

The password in the database is always stored as text

I want to store a password in the database, but when I click Submit button, it added successfully to the database, but it does not stored the password in the database as random text, but as the original text. How could I fix this? Here is the code th

Joomla Create my own password change form

I want to create a simple form with input fields like old password, new password etc. I want to encrypt the new password (which is a simple text format) the same way as Joomla does. I got the technique, but my problem is I have made a simple PHP page

Correct way to store passwords for autologin

I get how to store passwords on a server, but what about a client that will automatically login to the server? What's the best way here? Should I store a hashed password, and have the server double hash? Should I encrypt it? What options are availabl

How to change the username and password mysql

I have installed MySQL on my mac v10.8.5, with the default username='' and password=''. How do I change these to username='root' and password='root'?Follow thid step: Stop MySQL sudo /usr/local/mysql/support-files/mysql.server stop Start it in safe m

Excel password protected using NPOI

i have a .net c# application in which im downloading one excel file on button click. the code im using is using NPOI.HSSF.UserModel; using NPOI.HSSF.Util; using NPOI.SS.UserModel; then some codes. HSSFWorkbook book = new HSSFWorkbook(); var sheet = b

spring gravel security connection does not work

I am using grails 2.1.0. I have installed spring-security-core plugin. When I create user it is creating it. But when I try to login then it shows: "Sorry, we were not able to find a user with that username and password." And there is also anoth

how do you get the hash password of a zip file?

I was doing a CTF sample, and they gave me the files hash. I ran it through JtR and i got my password for the sample. The thing is, the hash was given to me. Is there a way to find the hash of that file if it wasnt given? There are 2 points that need

Tools to generate strong secret sentences?

Passphrases seem like a good alternative for traditional guidelines for strong passwords. See http://xkcd.com/936/ for an entertaining take on passwords vs. passphrases. There are many tools for generating more traditional passwords (eg. pwgen.) Such

MD5 against Encode for passwords?

I'm building a password protected login system for a site, and I have run into two MySQL functions to encrypt the user's password: MD5() and ENCODE(). They both seem to encrypt it, but I want to use whichever one is more secure. Is there a clear winn

Apache password protect a specific URL

I need to password protect on specific URL, for instance anyone can access index.php but as soon as they add parameters or "GET" variables I must require valid-user. index.php -> sweet index.php?prev=1 -> require valid userInteresting ques

non-interactive SSH password in JAVA

I have a program that requires cascaded SSH, i.e. it ssh A server and then using same connection ssh B server. Server A is acting as a bridge. I have an instance of shell which is used to ssh first server. When I am doing ssh [email protected], it asks

User / PW system for an MVC 3 application

So I've read numerous articles on a password system for a web app, and they all seem very confusing. Some say you need to hash your PW's AND establish an https secure connection, others say you just need to hash AND salt your PW's. I just know, after

How can we create a fairly secure password hash in PHP?

I have been reading up on password hashing, but all the forums I read are full of posts from people debating theory behind it that I don't really understand. I have an old (and presumably extremely weak) password script that reads like this: $hash =

Need help in the asp.net password text box

I have problem with password text box control. I have username textbox, password textbox, retypepassword textbox. And i have drowpdownlist with items Website, Newspaper, Others. After filling username, password, retype password in textbox. Whenever i

Securely reset the password without sending an e-mail

How do I go about implementing a secure password reset function without sending the user an e-mail? There is another secure bit of information that I store and only the user should know, but it seems insecure to just let the user update a password ju