This is the downside of symmetric-key challenge-response style authentication – you don’t put the secret on the wire, but you have to store the secret at both ends. (HMACs are symmetric key systems). Note though that it’s not a password – it’s a shared secret. There’s a fundamental difference here – a password is generally … Read more
You just need to use the usermanager to find the user by name. If you have a record then just sign them in. public ActionResult StupidCompanyLogin() { return View(); } [HttpPost] //[ValidateAntiForgeryToken] – Whats the point? F**k security public async Task<ActionResult> StupidCompanyLogin(string name) { var user = await UserManager.FindByNameAsync(name); if (user != null) { await … Read more
Store the password+salt as a hash and the salt. Take a look at how Django does it: basic docs and source. In the db they store <type of hash>$<salt>$<hash> in a single char field. You can also store the three parts in separate fields. The function to set the password: def set_password(self, raw_password): import random … Read more
The unique key for kSecClassGenericPassword is composed of; kSecAttrAccount kSecAttrService To check for its existence, query the keychain store with only these attributes (including kSecReturnAttributes flag). Including kSecAttrLabel and kSecAttrAccessible will exclude any existing item with the same unique key, but with different attributes. Once you have confirmed its (non)existence, add the additional attributes and … Read more
I used a background service to check which application is in the foreground (which means that application is being used by the user). Then I check to see whether I need to lock the application or not. To find the list of all installed applications (excluding system applications): PackageManager packageManager = getPackageManager(); Intent mainIntent = … Read more
It’s a simple two step process In your .htaccess put AuthType Basic AuthName “restricted area” AuthUserFile /path/to/the/directory/you/are/protecting/.htpasswd require valid-user use http://www.htaccesstools.com/htpasswd-generator/ or command line to generate password and put it in the .htpasswd Note 1: If you are using cPanel you should configure in the security section “Password Protect Directories” EDIT: If this didn’t work … Read more
Don’t store you password in your source code, store it in a protected section within you App.Config (or Web.Config). See Encrypting Configuration File Sections Using Protected Configuration section in this Microsoft Doc This works by encrypting the encryption keys using built-in Windows stuff, locked to the MAC address and various other undocumented things. This will … Read more
You should be able to do this using the combination of mod_env and the Satisfy any directive. You can use SetEnvIf to check against the Request_URI, even if it’s not a physical path. You can then check if the variable is set in an Allow statement. So either you need to log in with password, … Read more