Stack Overflow
Stack Overflow

Questions tagged [password-storage]

Password storage is often a tricky issue - where do you keep it so that it is well protected? This tag deals with problems relating to the management of user credentials in a system.

Password storage is often a tricky issue - where do you keep it so that it is well protected? This tag deals with problems relating to the management of user credentials in a system. Typically, this would involve some sort of encryption or manipulation of permissions so that not everyone can see the password of a given user.

83 questions
0
votes
2 answers

Username and password storage location

I am writing a program in vb.net that requires a user to log in before he can use the application. The main user is created when the program is installed, similar to how windows works when it is installed. The main user can add additional users to…
Kritz
  • 5,560
  • 11
  • 39
  • 64
0
votes
1 answer

Tell browser to store different passwords for each path under the same domain individually

I'm writing a browser application that has multiple login forms under the same domain but at different paths. domain.tld/foo/login domain.tld/bar/login domain.tld/bar/boo/login At the moment all form elements look the same, with no attributes and…
Sebastian Barth
  • 3,217
  • 5
  • 32
  • 48
0
votes
1 answer

Saving decryptable password

I know there was question like this million times, but I was unable to find answer that will fit my needs. I'm building something like small internal password manager for my company, to store login data for various servers and so on. When new user…
BeRightBack
  • 138
  • 1
  • 10
0
votes
1 answer

Is there a cryptographic disadvantage to applying bcrypt to an already hashed password

Imagine a scenario where a client application is sending a password to a backend server so that the server can validate that the user entered the correct password when being compared to a stored variation of the password. The transport mechanism is…
David
  • 5,464
  • 15
  • 47
  • 86
0
votes
5 answers

Castle ActiveRecord / NHibernate - Password Encryption or Hashing

What is the proper way to work with Passwords you don't want to store in clear text in a database? What are my options in NHibernate / Castle ActiveRecord? UPDATE: I was interested in how others handle this with NHibernate / Castle ActiveRecord. And…
BuddyJoe
  • 64,613
  • 107
  • 281
  • 451
0
votes
1 answer

How to prevent user from imitating other users by updating passwords for other users?

I have an application running locally and to access the application, a user has to login using a user name and password. At the time of login, the provided password is hashed and compared to exiting hashed password. The application uses a database…
kagundajm
  • 962
  • 1
  • 12
  • 26
0
votes
2 answers

Saving login password

I'm writing a desktop app that retrieves e-mails from an IMAP server. For convenience, the user is given the option to save his username and password for the login screen, so he doesn't have to enter it each time. Can I save the password as plain…
python dude
  • 6,960
  • 10
  • 36
  • 53
0
votes
1 answer

Securely displaying passwords in php

I would like to create a secure password repository for the company I work for. A system where users can store their usernames and passwords for various systems. All they would have to do is login to this system once and then be able to view their…
Austin
  • 1,470
  • 4
  • 21
  • 45
0
votes
1 answer

Using SHA512 to store login passwords instead of MD5

I have been reading a lot online that MD5 is not very secure, i have decided to switch my site over to use SHA512, i have never done this before so really i am just asking you to check to see if i have done it correctly, or is there an alternative…
Bradley Cousins
  • 187
  • 3
  • 13
0
votes
1 answer

Storing blank password in USER table if authenticating using facebook

I am designing an application that would accept new users through signup form, or login using facebook. When user signs up, I'd create a user record and store the encrypted password (hash) in the USER table. If the user signs up through FB, I still…
just curious
  • 63
  • 9
0
votes
1 answer

Password failing using Bcrypt

So far bcrypt has had no problems until now. For some reason the following password won't work. UIO78349%^&(]\\';= This is the first time I've had a password not work and I hope somebody has an explanation. I hunted the net and read about the…
Disaster Faster
  • 97
  • 15
0
votes
1 answer

Design for saving old passwords for authentication

I've a requirement that when resetting a password, new password should be different from old passwords. I'm thinking of designing this as a User object having multiple Password objects and the Password object containing userId, password and…
user203617
  • 503
  • 8
  • 18
0
votes
4 answers

Simple but safe password hashing

I'm looking for a simple (or as simple as possible) yet secure method for hashing and salting a users password when submitting it to the database and then retrieving from the database. Having spent the past 3 hours researching, there are literally…
Nikki Mather
  • 1,078
  • 2
  • 16
  • 33
0
votes
1 answer

Storing passwords in a client-side application in C

I'm writing a client-side program (in C) to access a certain web site, and I'd like to implement a 'remember password' feature in it. I don't think storing it in plain text is a good idea (what if the user's running malicious software which might…
DusXMT
  • 11
  • 2
0
votes
1 answer

Storing password in an AES container

I know about storing passwords as salted hashes and I know it is even safe enough for Linux. But even before I knew this, I was wondering if it is safe to store a password in an AES container encrypted with the password itself. In case my question…
Schnusch
  • 31
  • 3
1 2 3 4
5
6