How do I safely store a password in a file??
 

My program requires password to open some features. The password can be set by an administrator. My app stores the password in a file. But, if the file was deleted or damaged, the app loose the password. Another scenario is if the file was replaced with original file then the password will be empty. Any suggestions about storing a password in a file?

edited : My app has a feature. The feature is protected by a password that can be set by a admin (owner of the PC). Guest should enter password to disable that feature. OS : Windows

http://www.stackoverflow.com/questions/3785577/

        

There are 2 answer(s) to this question.


You can't protect the file from being deleted. In that case just don't allow any user to log in to your application (same applies if the password is empty).

If you store passwords in a file (or anywhere really) you should hash them (e.g. using md5 or sha1). So they can't be read in plaintext. To check the password during login just do (basic example in php):

$password = file_get_contents('password.file'); // Outside webroot of course
if(md5($_POST['password']) == $password) {
    // Login OK
}

What kind of program ? Which platform ? Windows, mac, linux, android ?

Files can always be deleted or replaced, one way or another. You can put it somewhere "safer" where the user can't find it easily, but if depends of the platform.

Related Questions

Password protection of SAS Code
Password protection of SAS Code Is there a way to password protect SAS CODE within SAS? Or, if not, what is the easiest / quickest way to apply some kind of password protection? I am referring to scripts run from local Windows PCs (ie not batch). The scripts are stored on a standard network drive... (Ideally the solution would not involve a Microsoft product such as Word or Excel!!) As our organisation does not permit password protection on folders, we are thinking of going with a third party program: http://www.tropsoft.com/privateencryptor/prodinfo.htm Probably overkill, but gives... session that calls the SCL. If the correct password is provided, the SCL code runs the embedded SAS code. Users can't snoop the password, nor the program code essentials from the program due to the NOSOURCE option. Note that this is not state of the art, high security password protection! It's a quick
Password/Key protection
Password/Key protection hi I am implementing paymentgateways and I need to protect its key and password for security reason. also some webservices keys and password in asp.net. Please help me to do as mention. waiting for your valuable thought. Thanking You. You can encrypt/decrypt using RSA Encryption. It's a secure way and uses Public/Private keys. In JavaScript use http://ohdave.com/rsa/ And in asp.net you can use this: http://www.dotnetspider.com/resources/692-RSA-Encryption-C.aspx
.net password protection
.net password protection need coding in .net for protecting a file using password? That is very, very vague. You can enforce ACLs on files using File.SetAccessControl; beyond that, you'll need to be more specific. For example, you might want to look at System.Security.Cryptography. Microsoft have an article on encrypting a file using C#. http://support.microsoft.com/kb/307010 Well, can you give some more details? The simplest thing you could do is to use the .NET encryption APIs and choose some symmetric key algorithm whereby you would encrypt the file and the "password" would simply be the symmetric key
password protection of pdf files
password protection of pdf files we have a requirement to protect pdf files using a password, are there any java based open source tools which will help us in this regard? you can do it with iText PDF for java: some examples: http://1t3xt.info/examples/browse/?page=example&id=42 I would recommend using the iText java PDF library. Inside iText, there is a class called PdfEncrypter which should let you password protect a PDF file. FOP library also allows encryption: http://xmlgraphics.apache.org/fop/0.94/pdfencryption.html
PHP Password Protection
PHP Password Protection Hey guys, I'm making a site and it needs to have user authentication. Currently, I'm using HTTP/Basic Auth for proof of concept/development, but this is not good in production for obvious reasons(ugly, insecure, can't read from mysql db, sucky). So, I know how to do some basic auth stuff, like getting in the username and password, salting it, and matching it against the database, but what I don't know is how to do sessions and making the scripts actually protected(right now index.php is the login page and sends you to startpage.php if you pass, but you could just go straight to startpage.php and you would be "breaking in"). Thanks, deftonix Have a look at this article. This is a really big question. So I'll just post this screen-cast that goes trough all of that : http://net.tutsplus.com/videos/screencasts/how-to-build-a-login-system-for-a-simple-website
Password protection for shared folder!
Password protection for shared folder! Hi! I am using this functions for sharing folder: Protected Sub CreateShare(ByVal path As String, ByVal shareName As String) ' Create a ManagementClass object Dim managementClass As New ManagementClass("Win32_Share") ' Create ManagementBaseObjects for in and out parameters Dim inParams As ManagementBaseObject = managementClass.GetMethodParameters("Create") Dim outParams As ManagementBaseObject ' Set the input parameters inParams("Description") = "IdeaServer" inParams("Name") = shareName...} Return SecurityDescriptor End Function Now what I want is to set password to this shared folder, that only user that know password can open this folder? How can I do that? Thanks
PHP password protection question?
PHP password protection question? How do I use the sha512 function for PHP? Can I replace all my md5 funtions with the sha512 function? Do I have to download something if so what? Can any one provide examples? Thanks! The hash() function, provided with PHP >= 5.1, should be able to generate sha512 hashes -- you can verify this calling the hash_algos() function, that lists the supported hashing algorithms. For example, you could use : $sha512 = hash('sha512', "Hello, World!"); var_dump($sha512); And you'd get : string '374d794a95cdcfd8b35993185fef9ba368f160d8daf432d08ba9f1ed1e5abe6cc69291e0fa2fe0006a52570ef18c19def4e617c33ce52ef0a6e5fbe318cb0387' (length=128) And, on my system, the following portion of code : $supported = hash_algos(); var_dump($supported); Indicates that 42 hashing algorithms are supported : array 0 => string 'md2' (length=3) ... 6 =>
Password protection for ASP.NET web pages?
Password protection for ASP.NET web pages? I am trying to implement the simplest shared 'files' folder for a website but wish to have a 'reasonable' level of access control - i.e no casual multimegabyte uploads from passing hoi-polloi. Users are given a password etc. They then log-in, once credentials are successfully checked, they are given one of two possible access rights - read-only (RO) or read-write (RW) access to the files. 'write' in this context means they can upload files. User management/registration/password reminders can all be handled manually - no code required at this point. What is the best way to do this: Write a secret in the session variables? Store some kind of time-limited session key as a local cookie? Check the local database for some kind of session key? (heading for the too complex) use pukka .NET authentication mechanisms Any constructive suggestions
JKS protection
JKS protection Are JKS (Java Key Store) files encrypted? Do they provide full protection for encryption keys, or do I need to rely solely on access control? Is there a way to ensure that the keys are protected? I'm interested in the gritty details, including algorithm, key management, etc. Is any of this configurable? They are encrypted. The algorithm is provider dependent. The provider will return the key/certificate based on a password. If you need strong security, find a keystore provider that uses a strong encryption. To be more precise: PrivateKeys and SecretKeys within a JKS file are encrypted with their own password. Integrity of trusted certificates is protected with a MAC using the key store password. The file as a whole is not encrypted, and an attacker can list its entries without the key store password
How password protection of Excel VBA code works?
How password protection of Excel VBA code works? This question is related to my previous one. Can you explain or give a link to an explanation of how Excel VBA code password protection actually works in versions prior to 2007, and what is the difference in 2007? Does it actually encrypt the code and how Excel executes the code if it is encrypted? How password removal software for excel works? VBA security is widely considered to be pretty poor. The VBA code isn't compiled, and the source is available in the excel file. The password protection is pretty easy to circumvent. As I understand... PASSWORD Hash value of the password; 0 = no password PROT4REV Shared workbook: 1 = protected PROT4REVPASS Hash value of the shared password; 0 = no password The password block stores a 16-bit hash value, calculated from the worksheet or workbook protection password
How to remove .htaccess password protection from a subdirectory
How to remove .htaccess password protection from a subdirectory I have password protected my entire website using .htaccess but I would like to expose one of the sub directories so that it can be viewed without a password. How can I disable htaccess password protection for a sub directory? Specifically what is the .htaccess syntax. Here is my .htaccess file that is placed in the root of my ftp AuthName "Site Administratrion" AuthUserFile /dir/.htpasswd AuthGroupFile /dev/null AuthName secure AuthType Basic require user username1 order allow,deny allow from all You need to add another .htaccess file to the subdirectory that overrides the authentication. .htaccess cascades upwards, i.e. it will look in the current folder, then go up a level and so on. You need to create a new .htaccess in the concerned directory and include "Satisfy Any" directive
How to improve protection on a MS Access MDB besides password protection?
How to improve protection on a MS Access MDB besides password protection? Hi guys, i have a mdb access which is password protected but that can be easily cracked by a free tool found in google within like 1second. Besides paying for some expensive tools, is there a good way in how to protect a ms.... Note that the OED has recently removed its copy protection. Also consider the future: some network admin in 10 years may need to legitimately get access to the data, and using a simple password will show the data should be protected, but still allow circumvention. What about updating from MDB... be great. thanks :) Saving the data in an encrypted format would be a solution. If the password "fails" the cracker has to decrypt the data as well Access is an old database, why not SQL Express 2005 (witch is for free)? you will get plenty more about security and inside your application you use
Cakephp Password Protection with htaccess and htpasswd - howto?
Cakephp Password Protection with htaccess and htpasswd - howto? How can I password protect my website during development with htaccess in Cakephp? which htaccess file do I have to change? what do I have to write in the htaccess where do I put the .htpasswd? I searched google.../to/.htpasswd AuthGroupFile /dev/null require valid-user Now create the .htpasswd-File in /app/webroot/ and drop something like this in: admin:PASSWORD The "PASSWORD" is a transformed version of your real password, I created it with this tool: http://tools.dynamicdrive.com/password/ I think.../path/to/.htpasswd yourusername Make sure you read the above howto anyway! http://snook.ca/archives/servers/password%5Fprotect%5Fadmin/ The first link has information on using .htaccess security from within cake apps. The comments include a >hackish< workaround on how to do this for only
How to implement password protection for individual files?
How to implement password protection for individual files? I'm writing a little desktop app that should be able to encrypt a data file and protect it with a password (i.e. one must enter the correct password to decrypt). I want the encrypted data file to be self-contained and portable, so... way to do it? Step 1: User enters plain-text password, e.g. "MyDifficultPassword" Step 2: App hashes the user-password and uses that value as the symmetric key to encrypt/decrypt the data file. e.g. "MyDifficultPassword" --> "HashedUserPwdAndKey". Step 3: App hashes the hashed value from step 2 and saves the new value in the data file header (i.e. the unencrypted part of the data file) and uses that value to validate the user's password. e.g. "HashedUserPwdAndKey" --> "HashedValueForAuthentication" Basically I'm extrapolating from the common way to implement web-site passwords (when
Secure directory password protection without .htaccess
Secure directory password protection without .htaccess Hi, I was going to use .htaccess to password protect a directory for a php script I'm writing, as I do not trust my PHP skills to create a secure login, but I found out you cannot use relative paths for AuthUserFile and I could not generalize this. If you could direct me to a secure PHP login script to password protect a directory I would be very grateful. Thanks. You can use absolute paths to the AuthUserFile, and arrange to put that file in a place not accessible to the web server. I've done that for many years. Works fine. One thing you can do is keep all your "secret" files in a directory outside of the server's webroot. All access to these files can then be routed through a single PHP-script inside your directory. Something like this: http://www.example.com/protected-directory/access.php?file=/foo/document.doc

Related password protection Video tutorials from Youtube.


ESET NOD32 Antivirus 4 + Seria
ESET NOD32 Antivirus 4 Free + Serials for life 1. download ESET NOD32 Antivirus 4 from thepiratebay.
ESET NOD32 Antivirus 4 + Serials
ESET NOD32 Antivirus 4 Free + Serials for life 1. download ESET NOD32 Antivirus 4 from thepiratebay.org (thepiratebay.org or from ESET website (www.eset.com 2. install either one and enter serials to register up to a certain date Username: EAV-40506477 Password: sccfxbnv4t Expiry Date: 4/25/2011 3. When license expires, simply go to hhuu.net for new licenses that are constantly updated Tip: ESET may block hhuu.net when you try to go to it, if this happens just temporarily disable ESET to get a serial, then enable protection again. Enjoy and feel free to comment with any questions or tips! Tags: ESET eset NOD 32 antivirus 4 keygen serials username password virus protection code serial crack piratebay legit official lifetime for life updated security free torrent download slideshow educational downloads "graphics software" laptop charts hacking "new single" technology computers programs full version

Protect Your Mac From SPIES! -
Want to lock your Mac with a single shortcut, including password protection? On today's Tekzilla Dai
Protect Your Mac From SPIES! - Tekzilla Daily Tip
Want to lock your Mac with a single shortcut, including password protection? On today's Tekzilla Daily, Veronica shows you how to do just that, without third party software!

ESET Nod32 Antivirus 4 Usernam
1. DOWNLOAD: tnij.org or fastyshare.com or sharecash.org 2. Run program and click Create Key (userna
ESET Nod32 Antivirus 4 Username & Password 2011
1. DOWNLOAD: tnij.org or fastyshare.com or sharecash.org 2. Run program and click Create Key (username + password) 3. Enjoy! ESET products remain the best virus protection available in 2010, whether it's ESET NOD32 Antivirus or ESET Smart Security (built with the same ThreatSense® engine as ESET NOD32 Antivirus). Direct comparisons, including competitive, detection and performance advantages against other antivirus solutions tell the story better than we ever could. ESET NOD32 Antivirus uses a powerful combination of advanced heuristic technologies and automatic updates of malware signature databases, detecting and eliminating a rapidly growing number of unknown threats. Make your online experience safer. Enjoy all your favorite online activities, including sharing music, video, and other files with your friends, while protected by ESET's award-winning technology, now uniquely engineered for the Mac platform. Includes complimentary online Mac safety training. Gamers have always been particularly vulnerable to attacks because of their prolonged online activity and use of peer to peer networks. But now that you are being specifically targeted by phishing scams and password stealers, protection has never been more important.

Citysoftware Lacie 1TB Network
www.CitySoftware.com.au Anthony Gives a Demonstration on the LaCie Network Storage 1TB Go To: www.ci
Citysoftware Lacie 1TB Network Storage Product demonstration
www.CitySoftware.com.au Anthony Gives a Demonstration on the LaCie Network Storage 1TB Go To: www.citysoftware.com.au For more details. Lacie 1TB Network Space Features: Remote FTP Local Network Storage Password Protection Media Streamed directly to your Xbox 360, PS3 , Media Player. Cost Effective solution for all Home's & Small Offices.

C++ Programming Tutorial 4: Pa
This is how to password protect your program. If you don't get how to do certain things in the video
C++ Programming Tutorial 4: Password Protected Program - Easy
This is how to password protect your program. If you don't get how to do certain things in the video, watch the previous tutorials. Source Code: www.mediafire.com

Javascript Tutorial 1 - Passwo
A very simple script for password protection. Don't use this for highly sensitive information - it's
Javascript Tutorial 1 - Password Protection For Your Webpages (HD)
A very simple script for password protection. Don't use this for highly sensitive information - it's not completely secure, though it will stop any novices from gaining entry to your page. Here's a link to the script: www.tutorialforums.freeforums.org ---- www.dreamwarez.co.uk

Keka Mac App
In this video I'm introducing an application I found recently called Keka, and it offers more advanc
Keka Mac App
In this video I'm introducing an application I found recently called Keka, and it offers more advanced extraction and archival techniques when compared to other applications such as the unarchiver in Mac OS X. It offers splitting archived files as well as the reverse, lets you archive into a number of file types when compared to the built in finder archiver, which only archives into zip format. Password protection is also a feature, and best of all (I forgot to mention this in the video) it's completely free! Growl support is built in, which is quite useful. You can find the app here: www.kekaosx.com You can find me on twitter at www.twitter.com/picotweet and my blog's at www.picotweet.blogspot.com By the way when I was spelling out the URL I said "x" in the video since I'm referring to the letter "x" and not "mac os ten." Thanks for watching.

Data Privacy: Your Digital Lif
www.SafeHouseExplorer.com A hilarious and whimsical satire about the perils which can befall our per
Data Privacy: Your Digital Life
www.SafeHouseExplorer.com A hilarious and whimsical satire about the perils which can befall our personal and private information in this digital age when we don't take steps to protect it using free encryption software for hard disks, Flash drives and USB memory sticks. SafeHouse Explorer is free encryption software for Windows which can password protect and hide your secret files on any hard drive or memory stick. Super simple. Nothing to learn. Just download and start using it.

Antivirus Software Tech Suppor
Software CD page: antivirus-software.tech.officelive.com antivirus-software.tech.officelive.com The
Antivirus Software Tech Support
Software CD page: antivirus-software.tech.officelive.com antivirus-software.tech.officelive.com The Total Internet Security CD is a service we provide for website visitors who would prefer to have an installation CD rather than doing all the downloads online, and like the idea of having tech support when needed. All of the software you need to give your computer real protection from virus infections, spyware, adware, trojans, etc. is on this CD. A good firewall and other effective tools to protect your online privacy are included, with protection against fraud, phishing, scams, keyloggers, and hackers. You will have a selection of over twenty top rated security products to choose from. This is permanent software, not some trial version that you have to pay for later.* We have included the best software products tested by independent labs and security experts. Any software that we send you also had to pass our tests for quality and effectiveness before we approve it. 1. Five top rated antivirus products. You get to use the one you like the best for as long as you want. 2. Five of the best anti-malware products. 3. Three of the most secure firewalls, so you can use the one that works best on your computer. 4. The most secure web browsers for Windows, plus security ad-ons. 5. Your personal privacy sheild and password encrypting tools. 6. Anti-fraud and anti-phishing filters for your web browsers. 7. A tune up utility for your computer. 8. Easy installation instructions ...

Post you comment here

Your Name (*) :
Your Email :
Subject (*):
Your Comment (*):
  Reload Image
 
 

There are 0 comment(s) to this page.



The questions and answers taken from stackoverflow.com's public data dump which is licensed under the cc-wiki license.
Logo, website design and layout ©2011 CodingTiger.com