password-protection

问题 I want to make a webpage which has download option for a pdf, but i want it password protected i.e. if someone clicks on that link he has to enter username and password and if he directly open the link "www.example.com/~folder_name/abc.pdf" then server ask for password first and then allow to download Edit: I want user to view the file in browser, not to force it to download here is my code <?php /* authentication script goes here*/ $file = 'http://example.com/folder_name/abc.pdf'; //header(

问题 I want to make a webpage which has download option for a pdf, but i want it password protected i.e. if someone clicks on that link he has to enter username and password and if he directly open the link "www.example.com/~folder_name/abc.pdf" then server ask for password first and then allow to download Edit: I want user to view the file in browser, not to force it to download here is my code <?php /* authentication script goes here*/ $file = 'http://example.com/folder_name/abc.pdf'; //header(

问题 Is it okay and isn't useless? It could be saved in another table or even another database. What do you think? P.S. For higher security, I have the constant salt "peanuts" too. It's constant value saved in configuration file (not in database). So if hacker want to somehow hack password, he need access to file server and database as well. 回答1: Yes, it's okay to store the per-user salt in the same table which stores the password hash ( not the password itself ) - even if the adversary gets

问题 I've been trying to add a watermark to a password protected pdf (protect to write only) with fpdf and fpdi. It works on normal pdfs but when it is password protected it gives this error: FPDF error: This document (upd/509ae4a4044df9a43e03e09b4cf772b0.pdf) probably uses a compression technique which is not supported by the free parser shipped with FPDI. It makes sense that it isn't possible to write on the document but while searching I've seen similar problems getting resolved. Thanks in

问题 Is it possible to password protect a page without db access? I may have only few pages. But I should be able to change password and also save sessions etc. And I want a secure way as it's for production site! How is it to store in a config.php after md5: <?php username="admin"; password="1a1dc91c907325c69271ddf0c944bc72"; ?> If this is a good idea, is there a way to restrict access to this php from only one script called check.php or something? 回答1: Sure, why not? You can use flat files in

问题 I want to create a cronjob that every X time goes to open a webpage. This webpage is password protected by .htaccess (user=admin, passwor=pass). The instruction I give is the following: wget --user=admin --password='pass' http://www.mywebsite.com/test.php But cron gives me the following error: --2012-05-02 10:14:01-- http://www.mywebsite.com/test.php Resolving www.mywebsite.com... IP Connecting to www.mywebsite.com|IP|:80... connected. HTTP request sent, awaiting response... 401 Authorization

问题 I want to create a cronjob that every X time goes to open a webpage. This webpage is password protected by .htaccess (user=admin, passwor=pass). The instruction I give is the following: wget --user=admin --password='pass' http://www.mywebsite.com/test.php But cron gives me the following error: --2012-05-02 10:14:01-- http://www.mywebsite.com/test.php Resolving www.mywebsite.com... IP Connecting to www.mywebsite.com|IP|:80... connected. HTTP request sent, awaiting response... 401 Authorization

问题 What would be the correct regex , to satisfy the following password criteria: Must include at least 1 lower-case letter. Must include at least 1 upper-case letter. Must include at least 1 number. Must include at least 1 special character (only the following special characters are allowed: !#% ). Must NOT include any other characters then A-Za-z0-9!#% (must not include ; for example). Must be from 8 to 32 characters long. This is what i tried, but it doesn't work: ^(?=.*?[a-z])(?=.*?[A-Z])(?=.

问题 I am creating a webpage bit by bit, testing parts of the webpage ideas. I want to learn how to session protect a page. I have already password protected a page seccsesfully, but anybody can access the page by typing in the url. i want to session protect my page so no one can do that. i have three pages: index.html, which has the form which sends the the password.php, the password.php, which makes sure that the password and username are correct using "if statments"(here is the "if statment")

问题 Fact A. Based on Pigeonhole Principle, every hash functions has infinite number of collisions, even if none is found yet. Fact B. Re-hashing a hash, like hash(hash(password)) is not more secure than hash(password), actually hash(hash(password)) open up a collision attack that is not possible with hash(password). Fact C. Based on B, by increasing iterations, we reach a point that most passwords and salts will return same constant hash value. I mean probability of colliding will be high, even