I'm creating a system the provides users with access to a database where each user has an account with a password. For security reasons, I'd like to ensure that their password is not the same as the one they use to log in to Windows (server 2008 R2 with Windows 7 clients). I don't want to know every user's system password, rather just that the password they're trying to set is not identical to it.
Essentially, I'd like to be able to write a function that I can call it like so:
If IsSystemPassword(txtPass.Text) = False Then
'hash password and save it to database
Else
'return error and ask for new password
End If
Is this possible? Thanks in advance.
Related
I have a website for university timetable connected to microsoft sql server, there I have django table auth_user. Users can't register by themselves, university provides them with username and password. So in the table auth_user I have to fill data manually, but how can I fill the field which is responsible for password since it has to be hashed? I found only way to set password is to log in as admin, and change passwords in admin site, but that is not quite correct in terms of working with database as if I had to fill more than 100 students, it would be tiresome to do so. Maybe there is another approach to fill passwords directly in the database?
You can set the password for a user in Django by using the set_password method
from django.contrib.auth.models import User
u = User.objects.get(username='john')
u.set_password('new password')
u.save()
I am trying to create logins for my server. I type in the login name, password, set appropriate settings.
Then I re-open the properties window by double-clicking the login in MyDatabase/security/logins directory.
As you may notice, the number of letters in the password is different. Any idea why is it different, or what the "new" password look like?
The password in the Login Properties window is only masked to for security purposes. For example, if the exact number of characters in the password was displayed this would make it less difficult for someone else attempting to figure out the password is to determine this. The password of the logins that you created will be the same password that you set when you made the login regardless of what is displayed in that window.
Scenario : I am trying to create custom log in functionality for liferay 6.1
In this, first I am asking email to user and I am checking, is this user is existing or new one. If it is existing then I will ask to fill password otherwise will ask him to create account.
My problem is, How to compare user given password and password exist in DB. User given password is plain text and DB saved password is in encoded form.
Any pointers on this will be helpful..Thanks in Advance.
There's a utility class for password comparison.
PasswordTrackerLocalServiceUtil#isSameAsCurrentPassword(userId, newClearTextPwd)
In My VB.NET Application and Crystal Reports(Version For VS2010)
Due to some reasons, I don't want to pass Login Credentials Runtime using Code. I want to store them design time in such a way that It never prompt for UserID, Password, Server... etc.
Also, It should not prompt for these credentials After I deploy My Application.
Please Provide some solution in this regard.
Thank you.
You cannot save the password inside the report. The best approach in your case is to use Integrated Security and to handle the user permissions inside the database. In this case your security will be not compromised and there is no need of any code. If you don't want to do this then the only possible solution is to use an ODBC file and to edit it with notepad to add line like this:
PWD=YourPasswordHere
Keep in mind tat this will expose your password in plain text.
You do specify the database to the report while you are making it, so you just need to feed with the UserID and Password, I am not too sure how it works in VB but in Windows Forms and WPF we use this
private void ConfigureCrystalReports()
{
rpt= new ReportDocument();
rpt.Load(reportPath);
ConnectionInfo connectionInfo = new ConnectionInfo();
connectionInfo.DatabaseName = "Database";
connectionInfo.UserID = "sa";
connectionInfo.Password="password";
SetDBLogonForReport(connectionInfo,rpt);
CrystalReportViewer1.ReportSource = rpt;
}
Something like this should work for you too.
While you cannot save the password in the report, you can go into your ODBC connection and save your password on the connection itself.
This way, whenever you run any report that connects to that ODBC path, it will run without prompting for a password or username.
I have been looking for the past few hours on how to user the phpBB login script on a custom site. I think I'm just not searching for the right things.
A while ago, I created a phpBB site and have over 900 members registered through phpBB. I am currently face-lifting this site and redoing the user registration along with all of the other custom code I have.
My problem is, I want the users to be able to log in as usual, though I want to input them into my new database so everything can run smoothly. I mainly need their username, password and old ID#, but I don't know how to use phpBB's password authentication or where to find it
The statement needs to look something like this:
On Login, grab username and password variables:
if the username is not in MY database, check phpBB database.
If the username is in phpBB database, check to see if the password is correct **(This is the part I don't know how to do)**
If the password is correct, input the username, user ID and the password (encrypted my way) into MY database
Login
If the password is incorrect - error
if the username is NOT in phpBB database - continue
if the username is not in MY database - input username and encrypted pass into my DB
login
Where can I find a script to authenticate the phpBB user's passwords? I don't care how the script is done, I know that's a secret, I just need to be able to authenticate passwords so that I can make sure it's the same user
I do have access to the phpBB database, I just need a way to authenticate their password
I would rather delete the quesion, but here's the answer:
Check here: http://sunnyis.me/blog/secure-passwords/
and when you download the PasswordHash.php, change all of the $P$ to $H$. It will work. Strange how it creates a password, every time it creates, it's different. But the CHECK part of it makes sure it checks it correctly, no matter what hashed pass it creates.