|
From what I've heard from others, App Store is such a PITA to work with, it takes a lot of effort to get your code working based on how you are supposed to use the the tools. Conversely, as a user downloading something from an app store, I've never had a problem.
And package managers should be at the bottom of the list too. Rarely does that process work without some pain point. Actually, I have better experiences with PM's on Linux than I do with Window's NuGet.
Marc
|
|
|
|
|
We're going from a [private] github repo.
It deploys, it builds and anything that doesn't work is my fault.
veni bibi saltavi
|
|
|
|
|
Nagy Vilmos wrote: anything that doesn't work is my fault
Ain't that a general truth ?
|
|
|
|
|
Nagy Vilmos wrote: ginhub repo FTFY
|
|
|
|
|
If you in the projected path of the storm, be safe.
I have a co-worker in North Carolina who has moved inland; his area is probably going to take a hard hit.
In South Carolina, I should be far enough inland to only have rain, but, the East Coast is being evacuated ahead of the storm.
Things can be replaced; lives are lost forever.
|
|
|
|
|
Hmm, Any idea which place in NC. I have few relatives who live in Wilmington and are on world tour and returning this weekend..
cheers,
Super
------------------------------------------
Too much of good is bad,mix some evil in it
|
|
|
|
|
He lives in Southport; works out of Wilmington.. or close to there.
|
|
|
|
|
Wilmington is projected to get slapped pretty hard, as is the whole coast. The storm has diverted east more than expected, but anyone on coastal NC needs to be cautious.
"There are three kinds of lies: lies, damned lies and statistics."
- Benjamin Disraeli
|
|
|
|
|
So we have a new password policy here at work and one of the rules is you cannot change it into something that is too similar to the previous one.
Question: How is that determined since the hashing value should change significantly if you change just one letter ?
|
|
|
|
|
When resetting your password you usually need to enter your existing password so the code has both and can compare.
If you're not asking for the existing password then the system either stores passwords in plain text or in encrypted form.
|
|
|
|
|
Well, we don't need to re-enter the old password and assuming it does not save it in clear text, how is it comparing the old (encrypted) password to the new (encrypted) one?
example:
OLD
password text: god_123
encryped: &#HDSW
NEW
password text: god_124
encrypted: )#@^Y@
it should not save the text version and it should not be able to compare the encrypted version, right?
[EDIT]We are "logged in" though, (LDAP), but I'm assuming, equally, the password is not saved in memory either...[/EDIT]
|
|
|
|
|
Your questions sound a bit fishy... Are you sure you're not trying get us to help you crack the system???
Anything that is unrelated to elephants is irrelephant Anonymous
- The problem with quotes on the internet is that you can never tell if they're genuine Winston Churchill, 1944
- I'd just like a chance to prove that money can't make me happy. Me, all the time
|
|
|
|
|
Ha ha, no. They had an attack here at work last year and since then we're forced to use increased security policies, but we're doubting the effect of some of the measures...
|
|
|
|
|
In Active Directory, there is a GPO that you can activate to force passwords storage in plain text.
I cannot imagine any situation where that would be suitable, though.
On the other hand, the security breach concerning passwords must not be observed only through their storage on the servers; humans themselves may represent a non negligeable risk when it comes to password security (writing them down on a sticky note, always following the same pattern, references to family, friends, pets, etc.).
Loneliness and cheeseburgers are a dangerous mix.
|
|
|
|
|
I have a little black A6 notebook, one of the ubiquitous ones with hard covers and a red spine, and I am ceasing the practice of using only a few passwords, and setting a new one for each account. Then every new user-password pair is written into that book. My passwords, except on their systems, can only be found in one place, and nowhere online.
And if I buy the farm, friends and family can look up needed passwords in that book, without having to subscribe anywhere online, or know any other password. I think that book has one of the highest levels of all password storage security strategies that exist.
Oh yes, and I never say them out aloud as I write them, in case someone, somewhere, somehow, is listening in on me.
|
|
|
|
|
V. wrote: how is it comparing the old (encrypted) password to the new (encrypted) one?
It decrypts it first, encryption is two-way. So it takes "&#HDSW" from the database as your old password and decrypts it to "god_123". It then compares that to the new password you've entered.
|
|
|
|
|
LDAP stores password in history using HASH, no two way encryption there...
The only password may be stored as cleartext is the current one...
Skipper: We'll fix it.
Alex: Fix it? How you gonna fix this?
Skipper: Grit, spit and a whole lotta duct tape.
|
|
|
|
|
All of my passwords at work are stored as plain text.
... In a text file named "passwords.txt" on my desktop.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
Same with me - I have 9 pre-created passwords (we have 8 stored in history) stored as plain text...
Skipper: We'll fix it.
Alex: Fix it? How you gonna fix this?
Skipper: Grit, spit and a whole lotta duct tape.
|
|
|
|
|
Cool. I have a file with the very same name.
That's what they get for making us change passwords every 90 days, unable to reuse the last 24 passwords, and they must be sufficiently gobbledy-gook.
|
|
|
|
|
That's an idea: we should assemble a CP password.txt file, for general use in the MoronicKneeJerkPasswordPolicy domain. It would save us the trouble of creating our own.
[edit]
If you think 90 days is bad, I worked at one place that had a holiday-booking webapp where they required a new password every 30 days.
How often do you book holidays, for Arbuthnot's sake!
Essentially, every time you opened the app, you had to change your password.
[/edit]
[edit2]
Holiday = vacation, to blasted colonials.
[/edit2]
I wanna be a eunuchs developer! Pass me a bread knife!
modified 5-Oct-16 16:52pm.
|
|
|
|
|
I used to keep mine, hand-written, on a scrappy piece of paper in my desk drawer
|
|
|
|
|
You work for the government, don't you?
|
|
|
|
|
Oh, yeah. Always an adventure.
|
|
|
|
|
He hasn't said what password system this is though.
|
|
|
|