Stack Overflow
Stack Overflow

Questions tagged [password-storage]

Password storage is often a tricky issue - where do you keep it so that it is well protected? This tag deals with problems relating to the management of user credentials in a system.

Password storage is often a tricky issue - where do you keep it so that it is well protected? This tag deals with problems relating to the management of user credentials in a system. Typically, this would involve some sort of encryption or manipulation of permissions so that not everyone can see the password of a given user.

83 questions
2
votes
1 answer

Store password for passing to another service

I wrote an app that queries a Jira API which requires authentication that I provide through Basic Authentication (base64 in the header). The password was stored in the code which has to stop now because I want to hand over the code. When the users…
progonkpa
  • 2,417
  • 6
  • 22
  • 38
2
votes
1 answer

Is it safer to have the salt in the source code?

Is it safer to have the salt in the source code? If the db gets compromised with salts then everything is lost.. but if they only have hashes they can't do anything with it.. If the salt is in the source code, you could use their userid or something…
Rifat Cholakov
  • 99
  • 1
  • 8
2
votes
1 answer

Why do I need to declare encoding before hashing in Python, and how can I do this?

I am trying to create an AI-like chatbot, and one of its features is a login. I have used the login code before and it works fine, but I am now encountering difficulties with the code dealing with the hashing of the passwords. Here's the…
KittyKatCoder
  • 45
  • 7
2
votes
4 answers

Automated login and password storage

I wrote a simple PHP script to log into my mobile phone provider's website, check my balance, and send me an email if it's too low. I put the script on a distant server. It seems that I have to store my password as plaintext in the script to be able…
Klaus
  • 1,211
  • 4
  • 14
  • 31
2
votes
4 answers

Password hashing - Industry Standards

I know there are probably a lot of questions like this already. But, I really haven't found the definite answer for my question. I know that passwords are stored in the database with a prepended random salt followed by the hashed password. The value…
matteeyah
  • 815
  • 9
  • 23
2
votes
1 answer

Company-wide password scheme for different customers

Consider a company that delivers a network of computers as part of its deliveries. And it does this for hundreds of different customers. All of the PCs need to have secure passwords. This at least means: The password should conform to the basic…
some user
  • 337
  • 1
  • 5
  • 16
2
votes
1 answer

How would I store passwords in CouchDB using CouchRest & BCrypt?

Although, this isn't CouchDB specific, the library I'm using is. I'm using couchrest_model in Ruby to create a User model like this below: class User < CouchRest::Model::Base use_database 'sample' property :_id, String property :email, String …
user2005477
2
votes
3 answers

Securely storing credentials that can't be encrypted

I have a client that's running an aggregator of information from multiple accounts. The database needs to store usernames and password to other websites in a way that can be used later by a script to log into those websites to retrieve data. Rather…
Citizen
  • 10,683
  • 20
  • 68
  • 105
2
votes
2 answers

bcrypt or progressive passes of sha256?

It seems that the current best practice for storing passwords on the web is to use bcrypt as opposed to sha256 or any other hashing algorithm. Bcrypt seems fantastic, with one flaw as I see it: if I have a database filled with passwords using a…
rbrc
  • 864
  • 1
  • 6
  • 12
2
votes
2 answers

How are zencart passwords encrypted in Sql Server?

I have set up a zencart on my web server and the passwords for admin functions are encrypted (or obfuscated in some way) in the sql database associated with zencart - can anyone tell me the extent of this encryption? I want to know if someone who…
Henry Ford
  • 35
  • 1
  • 5
1
vote
2 answers

in wordpress i want to send the user his password by mail?

i have a workflow in which a user when gets approved by system. Gets his login credentials as username and password. I want to send the user when he is approved his username and password in a mail. I am not sure how can i retrieve a user password…
sushil bharwani
  • 27,522
  • 29
  • 88
  • 122
1
vote
2 answers

Is hash(site || password || salt) actually a bad idea?

Suppose I were designing a web service with modest security requirements. For the most part, the threat model would be more about bored college students and less about anything you'd ever find in a spy novel. Would there be anything practically…
Ming
  • 1,548
  • 11
  • 24
1
vote
0 answers

Unable to insert a new password into pass (the standard unix password manager)

I am trying to insert a new password to pass (passwordstore.org), but I am receiving the following error: ➜ GitHub git:(master) ✗ pass insert platform-name Enter password for platform-name: Retype password for platform-name: gpg: error retrieving…
Muttalip Kucuk
  • 13
  • 4
1
vote
1 answer

Is this method of ajax login secure at all?

I am building a login form using ajax php and MySql. I've done my fair share of research and I didn't like much posts found online, so I've built the below code. My question is, is this secure at all? I'm not using any hashing and I'm not sure how…
mark
  • 155
  • 1
  • 15
1
vote
1 answer

C# Most secure way to load a password into Process method with a service

I have a C# service that needs to run a process as another user (interactive mode). That user is an admin level user and I know I should NOT store the password as a string in the code. I could use some help pointing me in the right direction as all…
David Bentley
  • 732
  • 4
  • 21
1 2
3
4 5 6