Regex for password PHP [duplicate]

^\S*(?=\S{8,})(?=\S*[a-z])(?=\S*[A-Z])(?=\S*[\d])\S*$ From the fine folks over at Zorched. ^: anchored to beginning of string \S*: any set of characters (?=\S{8,}): of at least length 8 (?=\S*[a-z]): containing at least one lowercase letter (?=\S*[A-Z]): and at least one uppercase letter (?=\S*[\d]): and at least one number $: anchored to the end of the string To include … Read more

Should server/database config files, including passwords, be stored in source control?

There’s no single “silver bullet” answer here and it would all greatly depend on details. First of all, I consider best practice to separate all source code from configuration in separate repository. So, source code remains source code, but it’s installation or deployment (with configuration, passwords, etc) is the whole other thing. This way you’ll … Read more

JOptionPane to get password

Yes, it is possible using JOptionPane.showOptionDialog(). Something like this: JPanel panel = new JPanel(); JLabel label = new JLabel(“Enter a password:”); JPasswordField pass = new JPasswordField(10); panel.add(label); panel.add(pass); String[] options = new String[]{“OK”, “Cancel”}; int option = JOptionPane.showOptionDialog(null, panel, “The title”, JOptionPane.NO_OPTION, JOptionPane.PLAIN_MESSAGE, null, options, options[1]); if(option == 0) // pressing OK button { char[] … Read more

Make Android WebView not store cookies or passwords

You can use this to prevent cookies from being stored and clean cookies already stored: CookieSyncManager.createInstance(this); CookieManager cookieManager = CookieManager.getInstance(); cookieManager.removeAllCookies(callback); cookieManager.setAcceptCookie(false); WebView webview = new WebView(this); WebSettings ws = webview.getSettings(); ws.setSaveFormData(false); ws.setSavePassword(false); // Not needed for API level 18 or greater (deprecated)

What is the easiest way to encrypt a password when I save it to the registry?

You don’t decrypt authentication passwords! Hash them using something like the SHA256 provider and when you have to challenge, hash the input from the user and see if the two hashes match. byte[] data = System.Text.Encoding.ASCII.GetBytes(inputString); data = new System.Security.Cryptography.SHA256Managed().ComputeHash(data); String hash = System.Text.Encoding.ASCII.GetString(data); Leaving passwords reversible is a really horrible model. Edit2: I thought … Read more

How to use Keychain for saving password like GenericKeychain sample code

You can use the Security framework #import <Security/Security.h> To save a username and password for a server: -(void) saveUsername:(NSString*)user withPassword:(NSString*)pass forServer:(NSString*)server { // Create dictionary of search parameters NSDictionary* dict = [NSDictionary dictionaryWithObjectsAndKeys:(__bridge id)(kSecClassInternetPassword), kSecClass, server, kSecAttrServer, kCFBooleanTrue, kSecReturnAttributes, nil]; // Remove any old values from the keychain OSStatus err = SecItemDelete((__bridge CFDictionaryRef) dict); // … Read more

Secure Password Hashing [closed]

Salt your hash with secure random salt of at least 128bits or longer, to avoid a rainbow attack and use BCrypt, PBKDF2 or scrypt. PBKDF2 comes with NIST approval. To quote: Archive.org: http://chargen.matasano.com/chargen/2007/9/7/enough-with-the-rainbow-tables-what-you-need-to-know-about-s.html The problem is that MD5 is fast. So are its modern competitors, like SHA1 and SHA256. Speed is a design goal of … Read more

How to make Chrome remember password for an AJAX form?

I have found a dirty workaround for this problem, by inserting an invisible iframe and targeting the form to it: <iframe src=”https://stackoverflow.com/blank.html” id=”loginTarget” name=”loginTarget” style=”display:none”> </iframe> <form id=”loginForm” action=”https://stackoverflow.com/blank.html” method=”post” target=”loginTarget”></form> The corresponding JavaScript: $(‘#loginForm’).submit(function () { $.post(‘/login’, $(this).serialize(), function (data) { if (data.status == ‘SUCCESS’) { window.location = data.redirectUrl; } }) }) The trick … Read more