Putting passwords in a properties file?
in [Java Help]
|
Prev: Some projects were hidden because they exist in the workspace directory
Next: light weight types
From: Lothar Kimmeringer on 29 Sep 2009 04:28 senatov wrote: > it is a good idea and standard solution to write in config file > not a password self , but his controll summ, hash number etc etc. > > It's much more convinient to use. Problem is that databases etc. don't accept hashes of passwords but only the real stuff. Regards, Lothar -- Lothar Kimmeringer E-Mail: spamfang(a)kimmeringer.de PGP-encrypted mails preferred (Key-ID: 0x8BC3CD81) Always remember: The answer is forty-two, there can only be wrong questions!
From: Leif Roar Moldskred on 29 Sep 2009 04:34 Kenneth P. Turvey <evoturvey(a)gmail.com> wrote: > > For web based apps I don't know why using personal certificates never > caught on. If a browser vendor made it easy to generate the > certificates, then we wouldn't need all this password stuff. Basically because there isn't any standarised system to manage and back up such certificates nor any way to transparently take them with you when you move to another computer. A system based on some kind of USB token / USB stick would be suitable, I think, but suffers the catch-22 that they wouldn't be very useful until they were widely adopted by the industry and that they wouldn't be likely to be widely adopted until they were very useful. -- Leif Roar Moldskred
From: Kenneth P. Turvey on 29 Sep 2009 11:07 On Tue, 29 Sep 2009 10:26:36 +0200, Lothar Kimmeringer wrote: > Kenneth P. Turvey wrote: > >> For web based apps I don't know why using personal certificates never >> caught on. If a browser vendor made it easy to generate the >> certificates, then we wouldn't need all this password stuff. > > In a One Man One PC world this is practicable but as soon as you work > with more than one PC - let alone smartphones - you try that once and > never again if the service in question is of minor importance. Passwords could be a backup system of authentication. You could even provide ways to generate passwords when you need them, the way we do now for password resets. Certificates would provide everyone with single sign on if they were widely supported. -- Kenneth P. Turvey <evoturvey(a)gmail.com>
From: Dave Searles on 29 Sep 2009 12:53 Leif Roar Moldskred wrote: > Kenneth P. Turvey <evoturvey(a)gmail.com> wrote: >> For web based apps I don't know why using personal certificates never >> caught on. If a browser vendor made it easy to generate the >> certificates, then we wouldn't need all this password stuff. > > Basically because there isn't any standarised system to manage and back > up such certificates nor any way to transparently take them with you > when you move to another computer. > > A system based on some kind of USB token / USB stick would be suitable, > I think, but suffers the catch-22 that they wouldn't be very useful > until they were widely adopted by the industry and that they wouldn't > be likely to be widely adopted until they were very useful. There's also the problem that certificate signing authorities charge money, and not just a small amount of it, and not just a one-time fee either. If self-signed certs were allowed, that problem would go away and so would the how-to-start-over and how-to-isolate problems. Self-signed certs would be pseudonymous identities, and it would be feasible to use different ones at different sites if you decided it was none of site A's beeswax that you also used site B or whatever.
From: jebblue on 30 Sep 2009 01:45
On Tue, 29 Sep 2009 10:28:58 +0200, Lothar Kimmeringer wrote: > senatov wrote: > >> it is a good idea and standard solution to write in config file not a >> password self , but his controll summ, hash number etc etc. >> >> It's much more convinient to use. > > Problem is that databases etc. don't accept hashes of passwords but only > the real stuff. What about Base 64 encoding of the hash? -- // This is my opinion. |