I’ve always used a proper per-entry salt string when hashing passwords for database storage. For my needs, storing the salt in the DB next to the hashed password has always worked fine. However, some people recommend that the salt be stored separately from the database. Their argument is that if the database is compromised, an … Read more
Is hashing a password twice before storage any more or less secure than just hashing it once? What I’m talking about is doing this: $hashed_password = hash(hash($plaintext_password)); instead of just this: $hashed_password = hash($plaintext_password); If it is less secure, can you provide a good explanation (or a link to one)? Also, does the hash function … Read more
Locked. This question and its answers are locked because the question is off-topic but has historical significance. It is not currently accepting new answers or interactions. It looks like we’ll be adding CAPTCHA support to Stack Overflow. This is necessary to prevent bots, spammers, and other malicious scripted activity. We only want human beings to … Read more
I’m trying to redirect all insecure HTTP requests on my site (e.g. http://www.example.com) to HTTPS (https://www.example.com). How can I do this in .htaccess file? By the way, I’m using PHP. 29 Answers 29
When building SPA style applications using frameworks like Angular, Ember, React, etc. what do people believe to be some best practices for authentication and session management? I can think of a couple of ways of considering approaching the problem. Treat it no differently than authentication with a regular web application assuming the API and and … Read more
License keys are the defacto-standard as an anti-piracy measure. To be honest, this strikes me as (in)Security Through Obscurity, although I really have no idea how license keys are generated. What is a good (secure) example of license key generation? What cryptographic primitive (if any) are they using? Is it a message digest? If so, … Read more
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for … Read more
This question already has answers here: Is a HTTPS query string secure? (9 answers) Closed 3 years ago. Do querystring parameters get encrypted in HTTPS when sent with a request? 4 Answers 4
Closed. This question is opinion-based. It is not currently accepting answers. Want to improve this question? Update the question so it can be answered with facts and citations by editing this post. Closed 5 years ago. Improve this question I am an IT student and I am now in the 3rd year in university. Until … Read more
I have two HTTP services running on one machine. I just want to know if they share their cookies or whether the browser distinguishes between the two server sockets. 8 Answers 8
