Search Results

Search found 4062 results on 163 pages for 'secure government ficam sicam'.

Page 120/163 | < Previous Page | 116 117 118 119 120 121 122 123 124 125 126 127  | Next Page >

• analyzing hashes

  - by calccrypto

  Is anyone willing to devote some time to helping me analyze a (hopefully cryptographically secure) hash? I honestly have no idea what im doing, so i need someone to show me how to, to teach me. almost all of the stuff ive found online have been really long, tedious, and vague the code is in python because for some reason i dont know c/c++. all i know about the hash: 1. there are no collisions (so far) and 2. differences between two similar inputs results in wildly different differences and please dont tell me that if i dont know what im doing, i shouldnt be doing it.

  Read the article

• PHP Captcha without session

  - by Anton N

  Ok, here is an issue: in the project i'm working on, we can't rely on server-side sessions for any functionality. The problem is that common captcha solutions from preventing robotic submits require session to store the string to match captcha against. The question is - is there any way to solve the problem without using sessions? What comes to my mind - is serving hidden form field, containing some hash, along with captcha input field, so that server then can match these two values together. But how can we make this method secure, so that it couldn't be used to break captcha easily.

  Read the article

• How can I know if a file has been changed in .NET C#?

  - by Anthony D

  I have an application that requires a secure way to store its configuration. There are users that can change the configuration. I need some sort of signature scheme where I can verify that the config file has not changed with out a valid user. I had thought about using RSA, where the private key is encrypted with the users password, and the public key is used to sign the config. However there is nothing to prevent someone from changing the user file and adding their own public key, thus circumventing my security. Any ideas?

  Read the article

• How to handle User Authentication for program in client’s local machine?

  - by Daniel

  Which user authentication scheme could be used at following scenario? 1.Application A developed by my company is installed at user's local computer. 2.Users login at my company's website. 3.If login is successful, access to the application A in user's local machine is granted. The development environment is .NET. Is there a secure way to authenticate the user to access the application? I've thought about encrypting the login information entered at the website, and then sending that information to the program at user's local machine for authentication. but I think as long as the client program has the decrypting ability, it is vulnerabe to decompiling,etc. Thanks in advance!

  Read the article

• .NET Compact Framework Connection String encryption/securing

  - by Crazydog

  I'm writing an application in C# for a smart device running Windows Mobile 6.1. It's pretty basic. Just querying a database and getting results. Nothing too fancy. This program is only going to be deployed internally, but we still want to be secure with our SQL connection info. What's the best way I should go about encrypting/securing my connection string in the program? I've seen examples for .NET programs using AppSettings, but I'm not seeing a Setting stab in my Solution properties. This is my first time developing an application in C#/Visual Studio 2008, so there might be some kind of setting I'm missing. Thanks for the help.

  Read the article

• Securing an ajax request

  - by asdasdsa

  i have a website that uses session cookies for security. it works fine and all, but any ajax requests right now are not secure. example being lets say a user is on a page. they can only get to this page if they are logged in with a session - so far so good. but now the ajax request they ask for is ajaxpages/somepage.php?somevar=something&anothervar=something if any other user decides to just go to that link themselves (without a session) they still get the same ajax output that was meant for logged in people. so obviously im going to have to pass session data across when i send an ajax request. anyone have any tips for the best way of doing this? ive never done this before and would rather use trusted methods than make up my own.

  Read the article

• .htaccess redirect https to http not working

  - by Ira Rainey

  I am trying to catch any https traffic to the front of my site so: https://www.domain.com is redirected to: http://www.domain.com However other subdomains need to be redirected elsewhere. For the most part this is all working, apart from the https - http redirection. Here's my .htaccess file at the moment: RewriteEngine On RewriteCond %{HTTPS} on RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} RewriteCond %{HTTP_HOST} ^domain\.com [NC] RewriteRule ^(.*)$ http://www.domain.com/$1 [L,R=301] RewriteCond "%{HTTP_HOST}" !^www.* [NC] RewriteCond "%{HTTP_HOST}" ^([^\.]+).*$ RewriteRule ^(.*)$ https://secure.domain.com/a/login/%1 [L,R=301] It would seem that this bit: RewriteCond %{HTTPS} on RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} isn't working as I would imagine. In fact it doesn't seem to redirect at all. In another subdirectory I have the opposite in effect which works fine: RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} so my thinking is the opposite should have done the job, but seemingly not. Any thoughts anyone?

  Read the article

• How to transfer large files from desktop to server ( .NET)

  - by rahulchandran

  I am writing a .NET 2.0 based desktop client that will send large files ( well largish under 2GB) to a server. Need to develop the server as well. Server can be on any technology It should be secure so an underlying SSL stream is needed What are my options. Any obvious caveats etc I should be aware of To my mind the simplest solution is to open a tcp\ip connection over SSL to the server and send n packets each of size M bytes and then have the server append the chunks to the file and finally send an EOF packet as well IS this horrible. Will the perf suck on the server with all these disk writes What are any other clever options. I am limited to .NET 2.0 on the client if I did move to a WCF client will it buy be something magical and cool for this scenario Thanks

  Read the article

• MD5 password twice

  - by NoviceCoding

  I know MD5's safety is under question lately and this is the reason a lot of people are using salt (I dont understand this at all btw) but I was wondering if you wanted to easily implement a safe system in php can you just md5 something twice? like test 098f6bcd4621d373cade4e832627b4f6 fb469d7ef430b0baf0cab6c436e70375 So basically: $val = 'test'; $val = md5($val); $val = md5($val); Would that solve the whole rainbow security stuff? Is there an easy/noob proof way of making secure database passwords in php?

  Read the article

• What's a good way to encrypt data using an asymmetric key, that's available to both java and ruby?

  - by Michael Campbell

  I have a customer that wants to encrypt some data in his database (not passwords; this needs actual encryption, not hashing). The application which will be doing the encrypting/writing is in Java, but the process which will DECRYPT it is behind a secure firewall, and is written in ruby. The idea was to use a public/private key scheme; the java system would encrypt it with the public key, then the process on his local box would use the private key to decrypt it as needed. I'm looking for any experience anyone has doing something like that; my main question is what sorts of libraries on java and ruby can interoperate with the same keys and data.

  Read the article

• Android programming: Authentication and data exchange with Java EE

  - by Konsumierer

  I am having a Java application running in a Tomcat server using Spring, Hibernate, etc. and a two web interfaces, one implemented in Tapestry 5 and the other one using Flex with BlazeDS and Spring-BlazeDS. In my first android application I would now like to log in to the server and retrieve some data. I´m wondering how I could achieve this in a secure way. First of all I need to know which technology is the best to retrieve data from the server and how can I restrict the access to users only that have been successfully authenticated. With what I read until now I would try to implement a HTTPServlet on the server and make server calls via HTTP Client. In the servlet I could probably use the HTTPSession to check if the request comes from an authenticated user. And the data I would try to send serialized (JSON). Unfortunately, I´ve never done those things and maybe I´m on the wrong way and there are more comfortable solutions.

  Read the article

• C# Keeping DLLs with the associated library

  - by SimonN

  We have a library built on the back of eldos' Secure Black Box. We use copy local to ensure that the appropriate runtime DLLs are included. If we now reference our library in another project with a copy local our library is copied into the bin folder of our main project but the Eldos SBB libraries aren't. We could reference SBB in the main project but there are no direct calls to SBB so any time the code is refactored the references may be removed as unused. What is the best way of handling this issue? Simon

  Read the article

• How to structure web application with part of it being secured (SSL)

  - by spirytus

  What is the common pattern to structure web application where part of it has to be secured. So lets say I have page_a and page_b which do not need to be secured, although should display login information (login fields or login details once user logged in). This web app. also would have secured pages (admin, checkout or similar) secure_page_c and secure_page_d. My questions are: What is the common folder structure for such assuming I code in php with no frameworks? Also how shall I deal with session variables in case user navigates lets say from secure_page_b to non secure page_a or vice versa? What else might be a problem and should be considered when coding that kind of app in php? Thank you all for any suggestions

  Read the article

• Should I use "id" or "unique username"?

  - by roa3

  I am using PHP, AS3 and mysql. I have a website. A flash(as3) website. The flash website store the members' information in mysql database through php. In "members" table, i have "id" as the primary key and "username" as a unique field. Now my situation is: When flash want to display a member's profile. My questions: Should Flash pass the member "ID" or "username" to php to process the mysql query? Is there any different passing the "id" or "username"? Which one is more secure? Which one you recommend? I would like to optimize my website in terms of security and performance.

  Read the article

• tomcat 6.0.18 HTTPS not working

  - by user180152

  Hi, I am trying to configure tomcat for HTTPS on localhost. I am using self signed certification. I added folowing line of code to server.xml. <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" debug="0" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" SSLEngine="on" keystoreFile="path-to-keystore" keystorePass="password" /> I am getting following error in browser: An error occurred during a connection to localhost:8443. Peer reports it experienced an internal error. (Error code: ssl_error_internal_error_alert) Can anybody guide me to proper direction. Thanks.

  Read the article

• RequireHttpsAttribute and Encrypted Request Data

  - by goatshepard

  I have a controller action that is accepting sensitive data. public ActionResult TakeSensitiveData(SensitiveData data){ data.SaveSomewhere(); } To ensure the data is secure I want to be certain requests are made using HTTPS (SSLv3, TLS 1). One of the approaches I've considered using was the RequireHttpsAttribute on my action: [RequireHttps] public ActionResult TakeSensitiveData(SensitiveData data){ data.SaveSomewhere(); } However, upon testing this I fiddler revealed that an HTTP request made to the action is 302 redirected to HTTPS. My question is this: If I've made a request that is 302 redirected to HTTPS haven't I already sent the sensitive data over HTTP before the redirect?

  Read the article

• How do I download a file from an FTP server using FTP over SSL using .NET?

  - by atconway

  My post title almost states it all: How do I download a file from an FTP server using FTP over SSL using .NET? I have read a bit and there are several 3rd party components to purchase that wrap up this functionality. The deal is, this is a very specefic need and is not going to grow much, so if downloading a file from an FTP server using FTP over SSL can be done using the .NET Framework (i.e. System.Net namespace or something), then that would be best. I don't need a ton of functionality, but if for some reason coding against a secure FTP server is a nightmare or not doable through the .NET Framework BCL that would be nice to know, as a 3rd party .dll might be best. Thank you!

  Read the article

• Security Policy not working, as3

  - by VideoDnd

  How to I get my security policy working? My parent swf parses an XML doc and loads 2 children. It throws a 2148 security error, and only works in the Flash IDE. PARENT SWF flash.system.Security.loadPolicyFile("crossdomain.xml"); I've referenced my security file from my swf. I Also published my parent swf as 'network only' and put all the crossdomain.xml and everything else in the same folder. I need to click on the animations and have them place from a local computer at a kiosk. Any suggestions? POLICY FILE <?xml version=\"1.0\"?> <!DOCTYPE cross-domain-policy SYSTEM \"/xml/dtds/cross-domain-policy.dtd\"> <cross-domain-policy> <site-control permitted-cross-domain-policies=\"master-only\"/> <allow-access-from domain=\"*\" to-ports=\"*\" secure=\"false\" /> </cross-domain-policy>"

  Read the article

• Securing input of private / protected methods?

  - by ts

  Hello, normally, all sane developers are trying to secure input of all public methods (casting to proper types, validating, sanitizing etc.) My question is: are you in your code validating also parameters passed to protected / private methods? In my opinion it is not necessary, if you securize properly parameters of public methods and return values from outside (other classes, db, user input etc...). But I am constantly facing frameworks and apps (ie. prestashop to name one) where validation is often repeated in method call, in method body and once again for securize returned value - which, I think, is creating performace overhead and is also a sign of bad design.

  Read the article

• how to stop lightbox from closeing after submit button is clicked?

  - by Mahmoud

  hey all i am using lightbox to show an enlarge image of the thumbnail images, where in each enlarged image there is a submit button, when that button is clicked it addes to jcart and refreshes the pages, for demo please visit secure.sabayafrah.com username = mahmud password = mahmud now as you can see when you click at the thumbnail lightbox well show you an enlarge image in a bubble, where there is an submit image below the enlarged image if it was clicked it must add to cart and not refresh the page. i am using jcart as add to cart and lightbox to enlarge the images i asked so many people and all suggested that i use jquery live but i never used ajax so i am stuck here is it possible if yes is their a demo or a code well do this feature

  Read the article

• Are SqlCipher open cursors a security concern?

  - by user1178479

  I'm using SqlCipher with content providers. Right now, when I want to lock the app I just clear out the cached password. However, the app can continue to work with any open cursors. This means that re-opening the app grants access to the sensitive data. I fix this issue on the surface by redirecting to a login screen if the app doesn't have passwords. However, I'm concerned if there are any security issues with these open cursors or if I should just continue to block UI access and not worry? SqlCipher's docs say that it reads/writes encrypted pages on the fly, as opposed to decrypting the entire DB, this makes me think that open cursors are still secure. The main concern here is that someone loses their phone and then a knowledgeable individual can use these open cursors to extract sensitive data.

  Read the article

• I'm trying to implement 2 factor authentication on the cheap. How would I do that?

  - by Biff MaGriff

  Ok so I need 2 of the 3. Something the user knows. Something the user has. Something the user is. I have a system that is exposed to the internet and we need clients to connect in a secure manner to satisfy our security standards. I'm thinking when a user registers to use our system we send them an application that they install on their home system. The application generates a key based on a timed randomness algorithm. Our application server has the same algorithm so when the user submits their credentials with the key we know that they are a legitimate user. Is this a valid method of 2 factor authentication? What is another way of doing this? Are there any pitfalls that I should be aware of? Thanks for your help!

  Read the article

• How much effort does it take to spoof an Ip Address in a call to a webservice?

  - by Rory Becker

  I don't want to know how... Just how complicated.... I'm thinking of securing a webservice or 2 based on the incoming client ipaddress of the caller. Is this in any way secure? Surely if the IPaddress was being spoofed then the result would have to be sent back to the address that was being spoofed and therefore not reach the spoofer? Update: Ok so from what I can tell.... I should create a Gettoken() method which checks the IPaddress and passes out a cryptographically significant token with a timeout to any valid IP address. This is then required by any other method before any kind of side effect is allowed. Since an Attacker can't (likely) get the token without having a valid IP, he will be unable to validly call any of my "dangerous" webmethods ?

  Read the article

• How to securely stream video from amazon S3

  - by JP.

  I have couple of copyright videos available on my S3 buckets. I want to stream them on my website, but at the same time. I don't want the users to rip the video from the video player. I tried to google about it but still i am not confident on this, coz i do not know the intricacies of options available like Server Side encryption None/ AES-256 2) A very interesting option is under Metadata tab - It shows couple of keys & Values. How can i use them to secure my video content? 3) Add more meta data and related options?

  Read the article

• Do you leave Windows Automatic Updates enabled on your production IIS server?

  - by Nobody

  If you were running a 24/7 website on Windows Server 2003 (IIS6). Would you leave the Windows automatic update feature enabled or would you turn it off? When enabled, you always get the latest security patches and bug fixes automatically as soon as they're available, which is the most secure choice. However, the machine will sometimes get automatically rebooted to apply the updates leading to a couple of minutes of downtime in the middle of the night. Also, I've seen rare occasions where the machine does not restart correctly resulting in further downtime. If auto updates are off, when do you apply the patches? I guess you have to use a load balancer with multiple web servers and rotate them out of the production site, apply patches manually, and put them back in. This can be logistically inconvenient when the load balancer is managed by a hosting company. You will also have machines in production that don't always have the latest security patches and you have to routinely spend time deciding which patches to apply and when.

  Read the article

< Previous Page | 116 117 118 119 120 121 122 123 124 125 126 127  | Next Page >