Search Results

Search found 4187 results on 168 pages for 'secure erase'.

Page 124/168 | < Previous Page | 120 121 122 123 124 125 126 127 128 129 130 131  | Next Page >

• How are CD Keys generated?

  - by The Rook

  CD Keys are the defacto-standard as an anti-piracy measure. To be honest this strikes me as Security Though Obscurity, although I really have no idea how CD Keys are generated. What is a good (secure) example of CD Key generation? What cryptographic primitive (if any) are they using? Is it a message digest? If so what data would they be hashing? What methods do developers employ to make it difficult for crackers to build their own key generators?

  Read the article

• Best practice for web server user/group permissions

  - by Poe

  What's the best practice in a secure manner to setup the user/group and permissions? Here's what we currently have; web server runs as www/www. Fastcgi Php runs as www/www. User's shell/ftp account is username/username. We want the user to be able to have full access to all files, including those created by the web server 'www' from the shell or ftp. Similarly, we want the scripts run by fastcgi/php to be able to create files in user created directories and modify user created files.

  Read the article

• protect (encrypt) password in the web.config file (asp.net)

  - by Hazro City

  <system.net> <mailSettings> <smtp from="[email protected]" deliveryMethod="Network"> <network clientDomain="www.domain.com" host="smtp.live.com" defaultCredentials="false" port="25" userName=" [email protected] " password="password" enableSsl="true" /> </smtp> </mailSettings> </system.net> This is the case where I need encryption for my password. I searched and googled much on the web but I can’t be able to encrypt anymore. Can anyone help me do this in a simple but secure way.

  Read the article

• Why wouldn't I be able to establish a trust relationship for a SSL/TLS channel?

  - by Abe Miessler

  I have a piece of .NET code that is erroring out when it makes a call to HTTPWebRequest.GetRequestStream. Here is the error message: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. I've read a few things that suggest that I might need a certificate on the machine running the code, but i'm not sure if that's true or how to do it. If I need to get a certificate, how do I do it? Code: var request = (HttpWebRequest)HttpWebRequest.Create(requestUrl); //my url request.Method = StringUtilities.ConvertToString(httpMethod); // Set the http method GET, POST, etc. if (postData != null) { request.ContentLength = postData.Length; request.ContentType = contentType; using (var dataStream = request.GetRequestStream()) { dataStream.Write(postData, 0, postData.Length); } }

  Read the article

• What should i do to practise?

  - by simion

  Hi guys I start a year long industrial placement in september where i will be coding in java predominantly. I am going to use the summer to brush up on my java as in year one of the degree java was the main language taught for OOP modules. However this year i have had no java exposure except for an algorithms module, which was one of eight, so as you can see i am probably getting really rusty!. What i wanted to know is, how does the "real world" java programming differ from university coding and what do you suggest i brush up on that would be different to my normal workings. As a start i definatley need to get familiar with a professional IDE like netbeans, opoosed to havign used BlueJ throughout but more specifically what coding practises should i get more familiar with I appreciate they wont expect me to be a qualified full developer and will give me time, but i would like to hit the ground running as it were, with me having full hopes to secure a perminant position after i finish my degree. Thanks for reading

  Read the article

• What is the current standard for authenticating Http requests (REST, Xml over Http)?

  - by CodeToGlory

  The standard should solve the following Authentication challenges like- Replay attacks Man in the Middle Plaintext attacks Dictionary attacks Brute force attacks Spoofing by counterfeit servers I have already looked at Amazon Web Services and that is one possibility. More importantly there seems to be two most common approaches: Use apiKey which is encoded in a similar fashion like AWS but is a post parameter to a request Use Http AuthenticationHeader and use a similar signature like AWS. Signature is typically obtained by signing a date stamp with an encrypted shared secret. This signature is therefore passed either as an apiKey or in the Http AuthenticationHeader. I would like to know weigh both the options from the community, who may have used one or more and would also like to explore other options that I am not considering. I would also use HTTPS to secure my services.

  Read the article

• Visual Studio Publish using Web Deploy gives SSL Exception?

  - by user1267778

  Im trying to use Web Deploy with arvixe hosting. I enabled Publishing with the host but I get SSL exception when I hit publish. Is anybody familiar with the following exception: Error 59 Web deployment task failed.(Could not complete the request to remote agent URL 'https://yew.arvixe.com:8172/msdeploy.axd?site=mywebsite.com'.) Could not complete the request to remote agent URL 'https://yew.arvixe.com:8172/msdeploy.axd?site=mywebsite.com'. The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. The remote certificate is invalid according to the validation procedure. 0 0 myapplication_MVC4 Thanks

  Read the article

• Rainbow Tables: How to improve upon them??

  - by CVS-2600Hertz-wordpress-com

  I recently obtained the l0pht-CD for windows and tried it out on my PC and It WORKS!! http://2600hertz.wordpress.com/2009/12/22/100-windows-xp-vista-7-password-recovery/ I have also read http://kestas.kuliukas.com/RainbowTables/ I'm designing a "Login-Simulator" that stores pwd-s in a similar manner. The current implementation will be vulnerable to the above attack. Plz could anyone illustrate (in as simple terms as possible), how to strengthen the rainbow tables against such an attack. MY GOAL : Build "Login-Simulator" to be as secure as possible. (Read Hacking Competition ;-) ) Thank You.

  Read the article

• SSL: can the secret key be sniffed before the actual encryption begins?

  - by Jorre

  I was looking into SSL and some of the steps that are involved to set up an encrypted connection between a server and a client computer. I understand that a server key and certificate is sent to the browser, and that a secret code is being calculated, like they say in the following video: http://www.youtube.com/watch?v=iQsKdtjwtYI around 5:22, they talk about a master secret code that is being calculated to start talking in an encrypted way. My question now is: before the connection is actually encrypted (the handshake phase), all communication between the server and the client can be sniffed by a packet sniffer. Isn't it then possible to sniff the encryption key or other data that is used to set up a secure connection?

  Read the article

• What the difference between zend framework and Wordpress as framework ?

  - by justjoe

  i only know wordpress and start to seek another alternative framework, zend. i heard hearsay that zend's better from others framework. if you're "a serous coder", or try to act like one, you need to use it on building your web app. some said zend is better. But it's subjective. It's fast ans secure. But nobody tell me the reason or at leas compare it with with wordpress. ultimate question : Do zend have theme or plugin just like wordpress ? any hint will be helpful

  Read the article

• analyzing hashes

  - by calccrypto

  Is anyone willing to devote some time to helping me analyze a (hopefully cryptographically secure) hash? I honestly have no idea what im doing, so i need someone to show me how to, to teach me. almost all of the stuff ive found online have been really long, tedious, and vague the code is in python because for some reason i dont know c/c++. all i know about the hash: 1. there are no collisions (so far) and 2. differences between two similar inputs results in wildly different differences and please dont tell me that if i dont know what im doing, i shouldnt be doing it.

  Read the article

• Validating/Allowing YouTube Embed Code

  - by mellowsoon

  Hi, hopefully this is a simple question. I have a simple custom forum on my site written in PHP. For security reasons I don't allow any HTML in the forum posts. I only allow certain BBCode tags. I would however like to allow embedded YouTube videos. So my question is this: What's the best (most secure) way to validate the YouTube embed code? YouTube is currently using iframes to embed videos, but obviously I can't just allow the iframe tag. I also need to ensure the src of the iframe is a YouTube URL, and ensure there's no other malicious bits of code in the iframe code.

  Read the article

• PHP Captcha without session

  - by Anton N

  Ok, here is an issue: in the project i'm working on, we can't rely on server-side sessions for any functionality. The problem is that common captcha solutions from preventing robotic submits require session to store the string to match captcha against. The question is - is there any way to solve the problem without using sessions? What comes to my mind - is serving hidden form field, containing some hash, along with captcha input field, so that server then can match these two values together. But how can we make this method secure, so that it couldn't be used to break captcha easily.

  Read the article

• How can I know if a file has been changed in .NET C#?

  - by Anthony D

  I have an application that requires a secure way to store its configuration. There are users that can change the configuration. I need some sort of signature scheme where I can verify that the config file has not changed with out a valid user. I had thought about using RSA, where the private key is encrypted with the users password, and the public key is used to sign the config. However there is nothing to prevent someone from changing the user file and adding their own public key, thus circumventing my security. Any ideas?

  Read the article

• .NET Compact Framework Connection String encryption/securing

  - by Crazydog

  I'm writing an application in C# for a smart device running Windows Mobile 6.1. It's pretty basic. Just querying a database and getting results. Nothing too fancy. This program is only going to be deployed internally, but we still want to be secure with our SQL connection info. What's the best way I should go about encrypting/securing my connection string in the program? I've seen examples for .NET programs using AppSettings, but I'm not seeing a Setting stab in my Solution properties. This is my first time developing an application in C#/Visual Studio 2008, so there might be some kind of setting I'm missing. Thanks for the help.

  Read the article

• Securing an ajax request

  - by asdasdsa

  i have a website that uses session cookies for security. it works fine and all, but any ajax requests right now are not secure. example being lets say a user is on a page. they can only get to this page if they are logged in with a session - so far so good. but now the ajax request they ask for is ajaxpages/somepage.php?somevar=something&anothervar=something if any other user decides to just go to that link themselves (without a session) they still get the same ajax output that was meant for logged in people. so obviously im going to have to pass session data across when i send an ajax request. anyone have any tips for the best way of doing this? ive never done this before and would rather use trusted methods than make up my own.

  Read the article

• How to handle User Authentication for program in client’s local machine?

  - by Daniel

  Which user authentication scheme could be used at following scenario? 1.Application A developed by my company is installed at user's local computer. 2.Users login at my company's website. 3.If login is successful, access to the application A in user's local machine is granted. The development environment is .NET. Is there a secure way to authenticate the user to access the application? I've thought about encrypting the login information entered at the website, and then sending that information to the program at user's local machine for authentication. but I think as long as the client program has the decrypting ability, it is vulnerabe to decompiling,etc. Thanks in advance!

  Read the article

• .htaccess redirect https to http not working

  - by Ira Rainey

  I am trying to catch any https traffic to the front of my site so: https://www.domain.com is redirected to: http://www.domain.com However other subdomains need to be redirected elsewhere. For the most part this is all working, apart from the https - http redirection. Here's my .htaccess file at the moment: RewriteEngine On RewriteCond %{HTTPS} on RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} RewriteCond %{HTTP_HOST} ^domain\.com [NC] RewriteRule ^(.*)$ http://www.domain.com/$1 [L,R=301] RewriteCond "%{HTTP_HOST}" !^www.* [NC] RewriteCond "%{HTTP_HOST}" ^([^\.]+).*$ RewriteRule ^(.*)$ https://secure.domain.com/a/login/%1 [L,R=301] It would seem that this bit: RewriteCond %{HTTPS} on RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} isn't working as I would imagine. In fact it doesn't seem to redirect at all. In another subdirectory I have the opposite in effect which works fine: RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} so my thinking is the opposite should have done the job, but seemingly not. Any thoughts anyone?

  Read the article

• How to transfer large files from desktop to server ( .NET)

  - by rahulchandran

  I am writing a .NET 2.0 based desktop client that will send large files ( well largish under 2GB) to a server. Need to develop the server as well. Server can be on any technology It should be secure so an underlying SSL stream is needed What are my options. Any obvious caveats etc I should be aware of To my mind the simplest solution is to open a tcp\ip connection over SSL to the server and send n packets each of size M bytes and then have the server append the chunks to the file and finally send an EOF packet as well IS this horrible. Will the perf suck on the server with all these disk writes What are any other clever options. I am limited to .NET 2.0 on the client if I did move to a WCF client will it buy be something magical and cool for this scenario Thanks

  Read the article

• MD5 password twice

  - by NoviceCoding

  I know MD5's safety is under question lately and this is the reason a lot of people are using salt (I dont understand this at all btw) but I was wondering if you wanted to easily implement a safe system in php can you just md5 something twice? like test 098f6bcd4621d373cade4e832627b4f6 fb469d7ef430b0baf0cab6c436e70375 So basically: $val = 'test'; $val = md5($val); $val = md5($val); Would that solve the whole rainbow security stuff? Is there an easy/noob proof way of making secure database passwords in php?

  Read the article

• What's a good way to encrypt data using an asymmetric key, that's available to both java and ruby?

  - by Michael Campbell

  I have a customer that wants to encrypt some data in his database (not passwords; this needs actual encryption, not hashing). The application which will be doing the encrypting/writing is in Java, but the process which will DECRYPT it is behind a secure firewall, and is written in ruby. The idea was to use a public/private key scheme; the java system would encrypt it with the public key, then the process on his local box would use the private key to decrypt it as needed. I'm looking for any experience anyone has doing something like that; my main question is what sorts of libraries on java and ruby can interoperate with the same keys and data.

  Read the article

• Android programming: Authentication and data exchange with Java EE

  - by Konsumierer

  I am having a Java application running in a Tomcat server using Spring, Hibernate, etc. and a two web interfaces, one implemented in Tapestry 5 and the other one using Flex with BlazeDS and Spring-BlazeDS. In my first android application I would now like to log in to the server and retrieve some data. I´m wondering how I could achieve this in a secure way. First of all I need to know which technology is the best to retrieve data from the server and how can I restrict the access to users only that have been successfully authenticated. With what I read until now I would try to implement a HTTPServlet on the server and make server calls via HTTP Client. In the servlet I could probably use the HTTPSession to check if the request comes from an authenticated user. And the data I would try to send serialized (JSON). Unfortunately, I´ve never done those things and maybe I´m on the wrong way and there are more comfortable solutions.

  Read the article

• How to structure web application with part of it being secured (SSL)

  - by spirytus

  What is the common pattern to structure web application where part of it has to be secured. So lets say I have page_a and page_b which do not need to be secured, although should display login information (login fields or login details once user logged in). This web app. also would have secured pages (admin, checkout or similar) secure_page_c and secure_page_d. My questions are: What is the common folder structure for such assuming I code in php with no frameworks? Also how shall I deal with session variables in case user navigates lets say from secure_page_b to non secure page_a or vice versa? What else might be a problem and should be considered when coding that kind of app in php? Thank you all for any suggestions

  Read the article

• C# Keeping DLLs with the associated library

  - by SimonN

  We have a library built on the back of eldos' Secure Black Box. We use copy local to ensure that the appropriate runtime DLLs are included. If we now reference our library in another project with a copy local our library is copied into the bin folder of our main project but the Eldos SBB libraries aren't. We could reference SBB in the main project but there are no direct calls to SBB so any time the code is refactored the references may be removed as unused. What is the best way of handling this issue? Simon

  Read the article

• Should I use "id" or "unique username"?

  - by roa3

  I am using PHP, AS3 and mysql. I have a website. A flash(as3) website. The flash website store the members' information in mysql database through php. In "members" table, i have "id" as the primary key and "username" as a unique field. Now my situation is: When flash want to display a member's profile. My questions: Should Flash pass the member "ID" or "username" to php to process the mysql query? Is there any different passing the "id" or "username"? Which one is more secure? Which one you recommend? I would like to optimize my website in terms of security and performance.

  Read the article

< Previous Page | 120 121 122 123 124 125 126 127 128 129 130 131  | Next Page >