w3hello.com logo
Home PHP C# C++ Android Java Javascript Python IOS SQL HTML Categories
condition field password (Password Protection)
You may use jQuery: $(".buttons").hide(); $("#element_1").keyup(function () { if ($(this).val() == "test") { $(".buttons").show(); } else { $(".buttons").hide(); } }); See it working here: http://jsfiddle.net/7UtHW/.

Categories : Forms

Python Password Protection
You can check the hash of what a user has entered vs the hash of your password to check if the user has entered the correct password, I have made a very simple example to show this: """ Python Password Check """ import hashlib import sys password = "2034f6e32958647fdff75d265b455ebf" def main(): # Code goes here print "Doing some stuff" sys.exit(0) while True: input = raw_input("Enter password: ") if hashlib.md5(input).hexdigest() == password: print "welcome to the program" main() else: print "Wrong Password" In the example the hashed password is "secretpassword" which hashes to "2034f6e32958647fdff75d265b455ebf" so as you can see even if the source code is decompiled you can still only see the hash of the password rather than the plan

Categories : Python

Giving password protection to Android Settings
If the solution proposed in the comment is ok with you, here I found this: AlertDialog.Builder alert = new AlertDialog.Builder(MyFeedActivity.this); LayoutInflater inflater=MyFeedActivity.this.getLayoutInflater(); //this is what I did to added the layout to the alert dialog View layout=inflater.inflate(R.layout.dialog,null); alert.setView(layout); final EditText usernameInput=(EditText)layout.findViewById(R.id.dialogusername); final EditText passwordInput=(EditText)layout.findViewById(R.id.dialogpassword); I hope it will fit your needs.

Categories : Android

How to implement client side password protection for web content?
There are two problems that crash your code and halt execution. This causes your form to submit, which you don't want, and none of your other code runs either. onsubmit="showPass(form) should be onsubmit="showPass(this) e is NOT a global variable. It is enclosed by the anonymous function and not visible outside. This means that showPass() doesn't know what e refers to. Change this var e = document.getElementById("hiddenContent"); to e = document.getElementById("hiddenContent"); (no var keyword) or (maybe better) get a unique reference to that element in showPass()

Categories : Javascript

Simple JavaScript Password protection not working on mobile platfrom
Take the space out of the second argument for prompt(). For some reason the mobile platform(s) are retaining it and that extra space is making the comparison always evaluate false. Also, this is a pretty bad security scheme. Just sayin'. <script language="JavaScript"> var password; var pass1="apple"; password=prompt('Password?',''); if (password!=pass1) {window.location="WRONG.html";} </script>

Categories : Javascript

rails rack-protection usage, error "you need to set up a session middleware *before* Rack::Protection::SessionHijacking"
Step 1 is to exclude SessionHijacking middleware from the Rack::Protection pack: # config.ru require 'rack/protection' use Rack::Protection, :except => :session_hijacking ... run YourApp This will solve the problem - but I will assume you really want this Anti-hijacking feature: Step 2. Add the middleware inside Rails application.rb module YouApp class Application < Rails::Application config.middleware.use Rack::Protection::SessionHijacking ... In this way you will make it load after rails own session middleware - ActionDispatch::Session::CookieStore. You can check the result by running rake middleware

Categories : Ruby On Rails

Spring Security: use hashed password stored in database as salt of password encoder
Well, to solve my problem I implemented a custom password encoder. Basically, I overrode the matches method of the PasswordEncoder interface: @Override public boolean matches(CharSequence rawPassword, String encodedPassword) { //encoding raw password: the given encodedPassword serves as the salt String sql = "SELECT crypt(?, ?) as hashedpwd;"; String hashedPassword = aJdbcTemplate.query(sql, new String[] {rawPassword.toString(), encodedPassword}, new ResultSetExtractor<String>() { @Override public String extractData(ResultSet rs) throws SQLException, DataAccessException { rs.next(); return rs.getString("hashedpwd"); } }); return encodedPassword.equals(hashedPassword.toString()); }

Categories : Spring

cakephp - change password method leaves blank the password field in database
You forgot one vital part about form processing in the controller: Check on POST. if ($this->request->is('post')) { // only then try to access $this->request->data['User'] content! } In the case thats it not a post (get), you just display the form - especially without trying to save anything. Tip: Take a look at baked code (using cake bake) and you will see how it's done properly.

Categories : Cakephp

Updating encrypted password-hash stored in XML file to sync with domain password changes
I wrote a bash script that works okay for the purpose. It requires a small addition in ~/.m2/settings.xml for support (see below). The script takes one optional argument: a regex-string used to match optional tag(s) associated with one or more password-hashes in the xml file. I'm using this to indicate Domain-Name, but it could be anything (or nothing, since it is optional). The script prompts for the new password to be hashed, it constrains the newly-generated hash to be pure alpha-numeric (to avoid potential issues with unintended shell-escapes elsewhere), it makes a backup copy of the settings.xml file, and then it updates the selected hashes in settings.xml. Here is the script: #!/bin/bash # Update instances of password-hashes in ~/.m2/settings.xml for a given password [and doma

Categories : Bash

Security for DataBase password and user login password in Spring and Java Encoder How to?
To encrypt properties, consider using jasypt, it integrates with Spring and Spring Security. For example you can define encrypted properties: datasource.password=ENC(G6N718UuyPE5bHyWKyuLQSm02auQPUtm) Then create a EncryptablePropertyPlaceholderConfigurer bean, which allows you refer to the properties as you normally would - they are decrypted for you: ... <property name="password" value="${datasource.password}"/> ... It's not exactly as described by your sample, but it may be a good starting point.

Categories : Java

Force ubuntu key password manager to forget incorrect password for github credentials
Nevermind, I had misdiagnosed. I had in fact entered the right credentials. The problem is I had never /committed/ in my local git repository, so it didn't see any files, and when I went to push, it had no commits to push. So, simply adding: git commit -A (write your commit message) git push -u origin master solves everything, but I do wish the git error message had said something more clear, like "sorry, there are no commits to push."

Categories : GIT

DirectoryServices UserPrincipal.SetPassword ignores password policy (password history)
This is by design, as far as I have used it. The SetPassword is intented to act like an admin who resets user password - the complexity policy holds but there are no restrictions on the history. Suppose admin resets your password, sees "can't set the same password" - one of your passwords is compromised. Our workaround was to allow the management to go through one of our web subsystems only and persist the history of hashes so that the responsibility to verify the history was put on the custom subsystem rather than the ad.

Categories : C#

Programmatically open password-protected SQLite database with given password
Android doesn't support encrypted/password-protected SQLite manipulation. As an alternate, you may integrate H2 Database which claims to offer such protection at a cost of almost 1MB overhead.

Categories : Java

Sending password link to email when user forget password
Use this code if you want to send an email: $to = 'recepient@somemail.com'; $subject = 'Subject here'; $message = "Content"; $message .= "more Content"; $message .= "even more Content or a variable".$variable; $headers = 'From: sender@yourdomain.com' . " " . 'Reply-To: sender@yourdomain.com' . " " . 'X-Mailer: PHP/' . phpversion(); mail($to, $subject, $message, $headers); Be aware that there are security issues like header injection if you don't validate the user input. A good email validation is this: $to = $_POST["email"]; if (filter_var($email, FILTER_VALIDATE_EMAIL)) { /*mail is ok*/ } else {/*mail is NOT ok*/}

Categories : PHP

Password submitted in form does not match password at the database
you need to encrypt your password with md5 if(isset($_POST['submitBtn'])){ if($_POST['senderLogin'] == 'customer'){ $checkIfExists = new CustomersDAO(); $stam = $checkIfExists->isExist($_POST["name"], md5($_POST["password"]) ); var_dump($stam); } }

Categories : PHP

comparing confirmation password against a hashed password | Laravel 4
Don't pass the hashed password to the validator. Hash it before you save it: public function getSignUp() { $userdata = array( 'email' => Input::get('email'), 'password' => Input::get('password'), 'confirm_password' => Input::get('confirm_password'), 'user_zip_code' => Input::get('user_zip_code') ); $rules = ... $validation = Validator::make($userdata, $rules); if($validation->fails()){ return Redirect::to('signup')->withErrors($validation)->withInput(); } $userdata['password'] = Hash::make($userdata['password']); $user = new User($userdata); $user->save(); return Redirect::to('login'); }

Categories : PHP

Password hashing algorithm that will keep password safe even from supercomputers?
Use a key derivation function with a variable number of rounds, such as bcrypt. The passwords you encrypt today, with a hashing difficulty that your own system can handle without slowing down, will always be vulnerable to the faster systems of 20 years in the future. But by increasing the number of rounds gradually over time you can increase the amount of work it takes to check a password in proportion with the increasing power of supercomputers. And you can apply more rounds to existing stored passwords without having to go back to the original password. Will it hold up for another 20 years? Difficult to say: who knows what crazy quantum crypto and password-replacement schemes we might have by then? But it certainly worked for the last 10. Note also that entities owning supercomputers

Categories : Algorithm

using crypt in php password script allows for password with extra characters?
It looks like the crypt function has this little caveat: The standard DES-based crypt() returns the salt as the first two characters of the output. It also only uses the first eight characters of str, so longer strings that start with the same eight characters will generate the same result (when the same salt is used). So I presume that what happens does not happen on "stack" and "stackoverflow" but does with e.g. "stackove" and "stackoverflow". Using crypt() is a really bad idea. Use PBKDF2 or bcrypt instead of crypt of the stone age.

Categories : PHP

Encrypted password is not saving in database but only salt password
You are not storing register in the database, you are storing the original item(reg). easiset way(least changes would be) public ActionResult Register(Authentication reg, bool captchaValid, string captchaErrorMessage) { if (!captchaValid) ModelState.AddModelError("captcha", captchaErrorMessage); if (ModelState.IsValid) { var crypto = new SimpleCrypto.PBKDF2(); reg.Password = crypto.Compute(reg.Password); reg.PasswordSalt = crypto.Salt; db.Authentications.InsertOnSubmit(reg); db.SubmitChanges(); } return View(); }

Categories : Asp Net Mvc

Convert Plain password into .NET Membership HASH password in T-SQL
I learnt that you cannot generate the same HASH algorithm in T-SQL and the best way is to simple read your basic table to the ASP.net side, then call the Membership Script to insert users. This cuts down on time as well. DataSet dtData = DivDatabase.ExecuteSQLString("SELECT * FROM Users"); foreach (DataRow row in dtData.Tables[0].Rows) { MembershipUser mUser = null; mUser = Membership.GetUser(row["Username"].ToString()); if (mUser == null) { mUser = Membership.CreateUser(row["Username"].ToString(), row["Password"].ToString(), row["Email"].ToString() ); } } I first check if the userName is not in the system already. This is because I had duplicating usernames and I wanted to eliminate that. For additional information from the old table that doesn't exist i

Categories : Sql Server

How to convert text password to hashed password in wordpress
The resuling hash is not supposed to be the same. Thats how the hashing was designed, Each stored password has a salt built in. Wordpress uses Openwalls phpass (http://www.openwall.com/phpass/) This makes it much more secure if there is a leak of the database as each row has its own salt so attacks are on a per password basis rather than a per database basis increasing the time taken for brute force and dictionary attacks etc. Wordpress provide a function wp_check_password for checking a password agaist a hash.

Categories : Wordpress

GAS: Range Protection?
Part of your question asked about protecting a sheet. Please have a look here: setProtected(protection) As for programmatically protecting a range no. However, you could protect a sheet, does not need to be in the same spreadsheet and then create an onEdit trigger that would replace any change in your "protected" range with the original source data. Something like this: function onLoad() { var ss = SpreadsheetApp.getActiveSpreadsheet(); var protected = ss.getSheets()[1].getRange("A1:B2").getValues(); //You could use openByID to get from a different ss var target = ss.getSheets()[0].getRange("A1:B2").setValues(protected); } function onEdit(){ onLoad(); } Every time a change is made to the spreadsheet the script will rewrite the data in the sheet for the range you specify.

Categories : Google Apps Script

ASP.NET Model Protection
Well the overall problem with this entire thing: private IEnumerable<stuff> ourThings; public IEnumerable<stuff> things { get {return ourThings; } } is that the collection can still be modified. You don't need a set to modify a collection because it's a reference type. But, if you wanted to make it immutable by design you might do something like this: private IEnumerable<stuff> ourThings; public IEnumerable<stuff> things { get {return ourThings.ToList(); } } because that will build a copy of the original collection. That's one way of doing it anyway, and it proves to be pretty successful.

Categories : C#

encryption key protection in C#
Yes, you ask the user for a key (password). This is built into the OS with APIs like Data Protection API. If you're looking for a way to hide a secret from the user then the problem you're trying to solve is called DRM (Digital Rights Management) and you need a DRM solution.

Categories : C#

Javascript not being executed because of XSS protection
The escape() function was deprecated in JavaScript version 1.5. Use encodeURI() or encodeURIComponent() instead. I'm not sure It'll get you where you want, but may solve at least part of your problem. Have you tried using jQuery (GET/load) instead of plain JS to see if you get the same result ? You have an <option> tag that is not not properly closed (see "Marketing") I'm no JS guru but, didn't you have to close your "else" a bit later ? like after the: "Error"; instead of before the "=" sign ? else{document.getElementById("info").innerHTML="Error";} instead of else{document.getElementById("info").innerHTML}="Error";

Categories : Javascript

SQL injection protection action
The query is made in java code and send to my php script with JSON. This is what you're doing wrong. The query shouldn't be of user choice The query shouldn't be made in java (or rather javascript it is) code The query shouldn't be sent with JSON The query have to be hardcoded in PHP script. At least you can create your query dynamically, based on the user's choice: $sql = "SELECT x FROM y WHERE z = ?"; if (isset($json['o'])) { $sql .= " AND o =?"; $values[] = $json['o'] } // and so on

Categories : PHP

Python protection settings IE
According to documentation, in python-selenum, you should use setting called ignoreProtectedModeSettings: from selenium import webdriver from selenium.webdriver.common.desired_capabilities import DesiredCapabilities caps = DesiredCapabilities.INTERNETEXPLORER caps['ignoreProtectedModeSettings'] = True driver = webdriver.Ie(capabilities=caps)

Categories : Python

'xx' is inaccessible due to its protection level
I suspect that cmbBox was declared as private (or maybe you didnt declare any protection level, and it defaults to private). If you can, please change it to be protected instead. If you can't change it for some reason, try: public partial class Form1 : Form { protected void AddPerson(Person p) { cmbBox.Items.Add(p); } } and class studentHC : Form1 { public studentHC() { InsertMethod(); } private void InsertMethod() { MySqlConnection conn; // connection object; string connstring = "server=localhost;user Id=root;database=collegesystem;Convert Zero Datetime=True "; conn = new MySqlConnection(connstring); conn.Open(); using (var command = new MySqlCommand("SELECT * FROM person", conn)) {

Categories : C#

vb.net it may be inaccessible due to its protection level
Your protection level error is caused because you must access the function WaitForPageLoad() in your module WaitForPageLoad from Form1's button click event Public Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click WebBrowser1.Navigate("http://www.----------.org/login.php?") WaitForPageLoad.WaitForPageLoad() 'Example: ModuleName.FuncionOrMethodName() WebBrowser1.Document.GetElementById("username").SetAttribute("value", TextBox1.Text) WebBrowser1.Document.GetElementById("password").SetAttribute("value", TextBox2.Text) WebBrowser1.Document.GetElementById("login").InvokeMember("Click") End Sub You'll need to make your WaitForPageLoad() public so you can access it from Form1. You will need to access your WebBrowser1 using

Categories : Vb.Net

Attack Protection for iOS In-App Purchases
These are the attacks that I am aware of, past and present: Fake App Store Made famous by the Russian programmer Alexey Borodin, this attack only affects apps that verify purchase receipts directly with the App Store. By modifying the DNS settings of the device, and installing forged security certificates, the verification requests are sent to a fake App Store server, which automatically returns that the purchase is valid. Unsuspecting apps will accept these verification calls and deliver the content to the user. Commentary After this exploit was made known in July of 2012, Apple issued updated documentation and advice for developers to ensure this kind of attack would not continue to occur. Borodin has been quoted in various web articles as stating that the "game is over" based on

Categories : IOS

PHPExcel cell protection
try something like this (add after your loop) $objPHPExcel->getActiveSheet() ->getStyle('A45:S500') ->getProtection()->setLocked( PHPExcel_Style_Protection::PROTECTION_UNPROTECTED ); (replace range that suits your needs)

Categories : PHP

How to set up XSRF protection in web apps
When should the authentication token be initialized? The first time, during a session, that the user arrives at a page containing any form that you wish to protect from CSRF attacks. Should it be set on page load (i.e. GET request)? It should be embedded in the form when the HTML for it is generated. Should they be set in input fields, cookies or request headers? Hidden inputs. Using a cookie would miss the point (which is that it comes from the page and does not persist in the browser). Extra headers can only work when using XHR, use a general approach. How is this random value generated? With a random number generator How do I persist this value in order to be used for comparison? Sessions When should the authentication token be verified? As part of

Categories : Security

typo3 sql injection protection
On many places values are quoted automatically. Within the prepare_* functions, all parameters are quoted by default. If you use exec_* querys, you need to escape values in where part on your own. Use $GLOBALS['TYPO3_DB']->fullQuoteStr($value, $tablename) for that. Be aware, that you can create SQL-Injections with TypoScript too. If you use CONTENT-Object you can insert GET/POST Data into the where-clause. Use intval or select.markers for creating SQL-Injection save querys.

Categories : SQL

XSS protection on already production project
The only approach that really works is to create a UI layer. That is, use a framework like Vaadin, Google Web Toolkit, or similar, which abstracts away all HTML, JavaScript, etc, so that the developer working on the UI look and feel, or creating a new page, or modifying a page, doesn't have to consider the security implications of his/her changes. This is particularly important as most developers don't know the security implications of their changes, so abstracting them away will help protect against lack of knowledge/experience. It also protects against simple errors that the developer makes - after all, we know that code always has bugs. It's also very beneficial in other ways. Using a UI framework instead of scattering UI code everywhere makes maintenance easier. It makes the UI

Categories : Jsp

zip file protection on server
Firstly, create a folder in your root (~/) called secure_zip or something. This should sit alongside your public_html folder (meaning they cannot be accessed by typing in a URL). Next, create a new php script, called file.php or something:- <?php public function sendFile() { $filename = "sample.zip"; $attachment_location = $_SERVER["DOCUMENT_ROOT"] . "../secure_zip/" . $filename; if (file_exists($attachment_location)) { header('Cache-Control: public'); // needed for i.e. header('Content-Type: application/pdf'); header('Content-Disposition: attachment; filename="' . $filename . '"'); readfile($attachment_location); die(); } else { die('Error: File not found.'); } } And call sendFile() if you authe

Categories : PHP

Tornado's XSRF protection
If I understand you correctly, you are asking what prevents attacker from accessing user's cookie in given domain. Well, the answer is: browser security policy. The script from one domain cannot access cookie from other domain (most of the time). More details here: http://en.wikipedia.org/wiki/HTTP_cookie#Domain_and_Path This can be circumvented by using XSS (Cross-Site Scripting) attack: injecting the script directly into the source of attacked page. Another approach is to break the client application (browser). However, most of the time it is not possible for the attacker to retrieve user's cookie from other domain. Additional level of security would be to associate specific CSRF (or "XSRF") token with specific user (and to check it during validation).

Categories : Python

Spam protection onclick()
why dont you just take a timestamp when the button was first clicked then compare the time when the button was clicked again and see if the difference is greater than the allotted amount of time?

Categories : Java

Devise - how to require password if changing password
if you add devise :validatable to your user model, Devise will automatically validate your model. The validation logic can be found at: https://github.com/plataformatec/devise/blob/master/lib/devise/models/validatable.rb#L53 you could also overwrite this method in your controller by simply overwriding the Devise method like so: def password_required? prepared? || !password.nil? || !password_confirmation.nil? end

Categories : Ruby On Rails

Decrypting password after a password hash encrypt
There is no *de*cryption algorithm because there's no *en*cryption algorithm. What you're doing is a hash, which is a non-reversible operation. And that's exactly the point, you do not want to store anything that would even allow you the chance of knowing what the actual secret password is.

Categories : PHP

CodeIgniter use CSRF protection only in some pages
Always use form open method then CSRF protection will be added automatically <?php $this->load->helper('form'); echo form_open('form'); ?> Refer https://ellislab.com/codeigniter/user-guide/libraries/form_validation.html#theform

Categories : Codeigniter



© Copyright 2017 w3hello.com Publishing Limited. All rights reserved.