I want to blurr password while taking screenshot due to security purpose is there any way to do it. Also i don't want to restrict the user from taking screenshot.
Can we get event before capturing screenshot so i can hide my password?
Or other way for doing this?
Help will be appreciated.
This will have to be done after taking the screenshot, however, when storing passwords it is common practice only to save the hash of the password so that if the password file is stolen then the attackers will still not be able to see what the passwords were
Related
I would need a readout of joomlas user password in plain style to give special users the ability to send a mail in a custom module with login details like:
https://mydomain/login?user=testuser
password = testuserpassword
For that reason I need the plain passowrd out of the DB. Is there a way to show/read out password from joomla-db in plain style?
Thx in advanced!
Joomla saves the passwords in the database using a one way encryption mechanism, which means that you cannot know what the password is.
I am sure what you're doing can be done in a different method - if you want to login users automatically once they click on a link then you can have a different authentication plugin that will use a random, unique, one-time-use, and time-sensitive hash that will be associated with a Joomla user account.
You need to create a plugin with function after joomla user save
you need to store password in another table with user id and then you can use with sql query to get password.
This is a bad idea for the following reasons:
email is sent in plain text
email often is stored on several systems along the way to your mailbox
email often is stored on your computer in plain text or other unencrypted format
many copies may exist in many places, even after "deletion"
even encrypted email can be broken in to, given enough computing time
your account's security may have been compromised even before you read your email (changing the password will not help in this case)
However, you definitely can email the user their password upon initial registration by going to Global Configuration > Users and setting Send Password to "Yes" (default setting in Joomla 3.x).
If you are looking for a way to send this password after the registration event, as others have mentioned, you are out of luck. What Joomla! provides is a secure password reset functionality to reset a password to something the user can remember. This will be the best approach for you, as well.
Resources: Sending Passwords in Email, Stop Joomla Sending Passwords in Emails
I want to show the password from database which is encrypted.
How to show envrypted password in admin dashboard page?
I have seen laravel documentation fo rehashing but i am not understanding it
Laravel hashes passwords, which is irreversible. You pretty much can't ever see a password once it's been hashed and stored in the database, and this is by design. It isn't encrypted, and thus, cannot be decrypted.
When someone signs in to the application, their password is HASHED, and then compared with the hash in the database. This is done so that a password can not be stolen from the database.
Now, I don't know your application or your circumstances, but I would consider it very bad practice to allow even an admin access to users' passwords (there shouldn't be a reason in the world they need to see those).
Here's a great video on the matter.
But if you REALLY still need this to happen, consider a making a custom authentication driver that at least uses encryption instead of hashing (but again, probably a bad idea). I found a few different tutorials with a quick google search.
I have an app which asks the user for a username and password which I want to be saved (so the user doesn't have to reenter his data on every launch).
Of course I need to acces the username and password on the next application start. Can you tell me how to do it?
One more thing: the username (and pw) is saved in the AppDelegate but I need it in a different class later..
The proper place to keep a username/password is in the keychain. It's made easier with open source wrappers such as SSKeychain.
The way I suspect you want to do it is with NSUserDefaults, which you can read about in the Preferences and Settings User Guide.
Either way you can get at the information quite easily from elsewhere in your application.
But you really should do it the first way.
Give it a try and come back and ask a more specific question if you can't get it to work.
I'm writing a very simple login system for a Rails app. I'm using RESTful authentication. It's a fairly conventional setup, where I'm sending the email and password to authenticate the user.
Here, I used REMEMBER ME?, if same user again wanna login then by using cookie, user can re-login. Now thing is like, I want to print email and password in its respective text-box. Email is inserted into the textbox but I am facing a problem to show password in text-field.
At the time of login, such condition is used
#person.password_hash == BCrypt::Engine.hash_secret(#password, #person.password_salt)
How can I get my password in text form?
[irony]Why are you even hashing them if you want to display it in text form?[/irony]
But to be serious: hashing is one way operation, you can't revert it.
http://en.wikipedia.org/wiki/Hash_function
Therefore you can't display user password (and btw - you shouldn't do it anyway, it's violation of the security principles).
When writing "remember me" feature, look at way devise is doing it: http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Rememberable If you want that feature to be really safe, there is some amount of work required to code it.
After a lot of searching the web, I found that BCrypt::Engine.hash_secret is one-way encryption of password. This means there is no way to reverse the process. So if you are trying to make password text from BCrypt::Engine.hash_secret, you cannot do it.
I was just looking for a todolist service over the net. I encountered this tadalist site http://tadalist.com/. Now I was making an account for myself. On this page it asked me to enter email address again and password again. Many sites where I have created an account this thing is done of asking the user to re-enter details.
I don't get the purpose of specifically asking the user to enter email address or the password or any other field.
I can always copy paste and get through this field's duplicate. Why do they have such a thing. As I see it we need to do client side validation for correct entries which is really unnecessary operations as I see it. Why is it done? Pretty sure there's good enough reason for it.
its to make sure that you don't have typo in your password or email address.
imagine that you had a typo on your password, you won't be able to login to the site anymore, unless you reset your password.
its same for email. if you make a typo in your email address, potentially your details can be sent to another email address.
its not good idea to copy and paste in this kind of situation. its better to type them again to make sure they are entered correctly.
I'm pretty sure the idea behind making you repeat emails is to reduce input errors. When you input your email, you might make a typing error. Forcing you to slow down and look again at what you typed will presumably lower typos, even if you don't retype and just copy and paste. For passwords, you can't see what you type, so retyping will definitely help there.