Search Results

Search found 4187 results on 168 pages for 'secure erase'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 125/168 | < Previous Page | 121 122 123 124 125 126 127 128 129 130 131 132  | Next Page >

  • MD5 password twice

    - by NoviceCoding
    I know MD5's safety is under question lately and this is the reason a lot of people are using salt (I dont understand this at all btw) but I was wondering if you wanted to easily implement a safe system in php can you just md5 something twice? like test 098f6bcd4621d373cade4e832627b4f6 fb469d7ef430b0baf0cab6c436e70375 So basically: $val = 'test'; $val = md5($val); $val = md5($val); Would that solve the whole rainbow security stuff? Is there an easy/noob proof way of making secure database passwords in php?

    Read the article

  • How to structure web application with part of it being secured (SSL)

    - by spirytus
    What is the common pattern to structure web application where part of it has to be secured. So lets say I have page_a and page_b which do not need to be secured, although should display login information (login fields or login details once user logged in). This web app. also would have secured pages (admin, checkout or similar) secure_page_c and secure_page_d. My questions are: What is the common folder structure for such assuming I code in php with no frameworks? Also how shall I deal with session variables in case user navigates lets say from secure_page_b to non secure page_a or vice versa? What else might be a problem and should be considered when coding that kind of app in php? Thank you all for any suggestions

    Read the article

  • Should I use "id" or "unique username"?

    - by roa3
    I am using PHP, AS3 and mysql. I have a website. A flash(as3) website. The flash website store the members' information in mysql database through php. In "members" table, i have "id" as the primary key and "username" as a unique field. Now my situation is: When flash want to display a member's profile. My questions: Should Flash pass the member "ID" or "username" to php to process the mysql query? Is there any different passing the "id" or "username"? Which one is more secure? Which one you recommend? I would like to optimize my website in terms of security and performance.

    Read the article

  • Are SqlCipher open cursors a security concern?

    - by user1178479
    I'm using SqlCipher with content providers. Right now, when I want to lock the app I just clear out the cached password. However, the app can continue to work with any open cursors. This means that re-opening the app grants access to the sensitive data. I fix this issue on the surface by redirecting to a login screen if the app doesn't have passwords. However, I'm concerned if there are any security issues with these open cursors or if I should just continue to block UI access and not worry? SqlCipher's docs say that it reads/writes encrypted pages on the fly, as opposed to decrypting the entire DB, this makes me think that open cursors are still secure. The main concern here is that someone loses their phone and then a knowledgeable individual can use these open cursors to extract sensitive data.

    Read the article

  • How to add authentication property for login to directory path when running batch file in WCF?

    - by blankon91
    I have class in my WCF service to execute batch file. when I test to run the batch file in shared directory, everything is fine, the batch was executed, but when I try to run the batch file from secure diretory, I get error "ACCESS DENIED". How to add login property so I can access my secured directory to execute my batch file? here is my code: public string ExecuteBat() { string hasil = ""; ProcessStartInfo processInfo = new ProcessStartInfo(@"D:\Rpts\SSIS_WeeklyFlash_AAF_1.bat"); processInfo.CreateNoWindow = true; processInfo.UseShellExecute = false; Process process = Process.Start(processInfo); process.WaitForExit(); if (process.ExitCode == 0) { hasil = "BAT EXECUTED!"; } else { hasil = "EXECUTE BAT FAILED"; } return hasil; }

    Read the article

  • Securing input of private / protected methods?

    - by ts
    Hello, normally, all sane developers are trying to secure input of all public methods (casting to proper types, validating, sanitizing etc.) My question is: are you in your code validating also parameters passed to protected / private methods? In my opinion it is not necessary, if you securize properly parameters of public methods and return values from outside (other classes, db, user input etc...). But I am constantly facing frameworks and apps (ie. prestashop to name one) where validation is often repeated in method call, in method body and once again for securize returned value - which, I think, is creating performace overhead and is also a sign of bad design.

    Read the article

  • tomcat 6.0.18 HTTPS not working

    - by user180152
    Hi, I am trying to configure tomcat for HTTPS on localhost. I am using self signed certification. I added folowing line of code to server.xml. <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" debug="0" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" SSLEngine="on" keystoreFile="path-to-keystore" keystorePass="password" /> I am getting following error in browser: An error occurred during a connection to localhost:8443. Peer reports it experienced an internal error. (Error code: ssl_error_internal_error_alert) Can anybody guide me to proper direction. Thanks.

    Read the article

  • Do you leave Windows Automatic Updates enabled on your production IIS server?

    - by Nobody
    If you were running a 24/7 website on Windows Server 2003 (IIS6). Would you leave the Windows automatic update feature enabled or would you turn it off? When enabled, you always get the latest security patches and bug fixes automatically as soon as they're available, which is the most secure choice. However, the machine will sometimes get automatically rebooted to apply the updates leading to a couple of minutes of downtime in the middle of the night. Also, I've seen rare occasions where the machine does not restart correctly resulting in further downtime. If auto updates are off, when do you apply the patches? I guess you have to use a load balancer with multiple web servers and rotate them out of the production site, apply patches manually, and put them back in. This can be logistically inconvenient when the load balancer is managed by a hosting company. You will also have machines in production that don't always have the latest security patches and you have to routinely spend time deciding which patches to apply and when.

    Read the article

  • Security Policy not working, as3

    - by VideoDnd
    How to I get my security policy working? My parent swf parses an XML doc and loads 2 children. It throws a 2148 security error, and only works in the Flash IDE. PARENT SWF flash.system.Security.loadPolicyFile("crossdomain.xml"); I've referenced my security file from my swf. I Also published my parent swf as 'network only' and put all the crossdomain.xml and everything else in the same folder. I need to click on the animations and have them place from a local computer at a kiosk. Any suggestions? POLICY FILE <?xml version=\"1.0\"?> <!DOCTYPE cross-domain-policy SYSTEM \"/xml/dtds/cross-domain-policy.dtd\"> <cross-domain-policy> <site-control permitted-cross-domain-policies=\"master-only\"/> <allow-access-from domain=\"*\" to-ports=\"*\" secure=\"false\" /> </cross-domain-policy>"

    Read the article

  • how to stop lightbox from closeing after submit button is clicked?

    - by Mahmoud
    hey all i am using lightbox to show an enlarge image of the thumbnail images, where in each enlarged image there is a submit button, when that button is clicked it addes to jcart and refreshes the pages, for demo please visit secure.sabayafrah.com username = mahmud password = mahmud now as you can see when you click at the thumbnail lightbox well show you an enlarge image in a bubble, where there is an submit image below the enlarged image if it was clicked it must add to cart and not refresh the page. i am using jcart as add to cart and lightbox to enlarge the images i asked so many people and all suggested that i use jquery live but i never used ajax so i am stuck here is it possible if yes is their a demo or a code well do this feature

    Read the article

  • Remembering Form information

    - by Pete Herbert Penito
    Hi everyone! I'm sorry if this has been asked before but I feel my situation is a little different... I have a huge form (like 50 questions involving checkboxes, drop downs, text boxes and textareas) When a user submits a form and the validation page throws an error, is there an easy way to keep the info they entered? My intitial form is on form.php and then the form action is form_posted.php, before anything is run on form_posted.php I have my validation code which sends the user back to form.php with an error number (eg. form.php?error=3) if there was a problem with any in particular. This is done with header("form.php?error=3") so on form.php do the posted variables exist? even tho the page wasn't specifically sent with any posted variables. Also if this is the case, is it completely secure to be making the value of a textbox what it was before? like <input type="text" value="php echo $_POSTED["username"] ?>">

    Read the article

  • ssl security information on internet explorer 6

    - by user309984
    Hi all, I dont want that my webpage show security information about this page contains both secure and nonsecure... this only happen in ie6, i am testing with the program ietester. I know that the problem is in file mootools-1.11-uncompressed.js in this line if(!$("ie_ready")){var C=(window.location.protocol=="https:")?"://0":"javascript:void(0);";document.write('<\/script');$("ie_ready").onreadystatechange=function(){if(this.readyState=="complete"){A();}};}}else{window.addListener("load",A);document.addListener("DOMContentLoaded",A); i already try change the ://0 by https://0 and javascript: and javascript:false and # but the problem continues, when i remove this line from the mootools file the warning doesnt show but the code that i have to show some calendar doesnt work also, because i have something like /* and this doesnt work if i remove that line, can anyone help me??

    Read the article

  • How to securely stream video from amazon S3

    - by JP.
    I have couple of copyright videos available on my S3 buckets. I want to stream them on my website, but at the same time. I don't want the users to rip the video from the video player. I tried to google about it but still i am not confident on this, coz i do not know the intricacies of options available like Server Side encryption None/ AES-256 2) A very interesting option is under Metadata tab - It shows couple of keys & Values. How can i use them to secure my video content? 3) Add more meta data and related options?

    Read the article

  • PHP Security checklist (injection, sessions etc)

    - by NoviceCoding
    So what kind of things should a person using PHP and MySql be focused on to maximize security. Things I have done: -mysql_real_escape_string all inputs -validate all inputs after escaping em -Placed random alpha numerics before my table names -50character salt + Ripemd passwords Heres where I think I am slacking: -I know know nothing about sessions and securing them. How unsafe/safe is it if all you are doing is: session_start(); $_SESSION['login']= $login; and checking it with: session_start(); if(isset($_SESSION['login'])){ -I heard something about other forms of injection like cross site injection and what not... -And probably many other things I dont know about. Is there a "checklist"/Quicktut on making php secure? I dont even know what I should be worried about.I kinda regret now not building off cakephp since I am not a pro.

    Read the article

  • How long can a hash left out in the open be considered safe?

    - by Xeoncross
    If I were to leave a SHA2 family hash out on my website - how long would it be considered safe? How long would I have before I could be sure that someone would find a collision for it and know what was hashed? I know that the amount of time would be based on the computational power of the one seeking to break it. It would also depend on the string length, but I'm curious just how secure hashes are. Since many of us run web-servers we constantly have to be prepared for the day when someone might make it all the way to the database which stores the user hashes. So, move the server security out of the way and then what do you have? This is a slightly theoretical area for many of the people I have talked with, so I would love to actually have some more information about average expectations for cracking.

    Read the article

  • Windows Server 2003

    - by user229133
    I have a website that is using Windows Server 2003. The site is called https://mysite.com/ and at ip address 111.1.1.1. Now when I log into the site all my relative links that are generated using NavURL (<%# NavURL("Images/Menu/img.gif")%) are saying "http://111.1.1.1/Images/Menu/img.gif" instead of "https://mysite.com/Images/Menu/img.gif". This is causing an error because it needs to be secure. I'm sure there is a setting on the server somewhere to point to the name and not the ip, but I don't know where. Thanks for your help.

    Read the article

  • How much effort does it take to spoof an Ip Address in a call to a webservice?

    - by Rory Becker
    I don't want to know how... Just how complicated.... I'm thinking of securing a webservice or 2 based on the incoming client ipaddress of the caller. Is this in any way secure? Surely if the IPaddress was being spoofed then the result would have to be sent back to the address that was being spoofed and therefore not reach the spoofer? Update: Ok so from what I can tell.... I should create a Gettoken() method which checks the IPaddress and passes out a cryptographically significant token with a timeout to any valid IP address. This is then required by any other method before any kind of side effect is allowed. Since an Attacker can't (likely) get the token without having a valid IP, he will be unable to validly call any of my "dangerous" webmethods ?

    Read the article

  • MySQL/PHP: How to insert logged in user id into another table that is gathering data from a form tha

    - by Lisa
    For the first time I am needing to join information from two tables and am quite nervous about doing it without any advice first. Basically, I am building a secure site that is accessed by authorised users. I have my login table with user_id, username, password Once the user is on the site, they have the option of inputting data into another table called input. At the moment this table only captures the information that is entered, not the user_id or username of the inputter. I would like the form to be able to input the user_id and/or username from the login table into the input table. Please could somebody talk me through this process? I am sure that once this is amended, I will then be able to use the table to only allow the logged in user to access the information that he or she have inputted, is that correct? Many thanks

    Read the article

  • PHP - How to determine if request is coming from a specific file.

    - by John
    I have fileA.php on SERVER_A and fileB.php on SERVER_B fileB.php makes a curl request to fileA.php for it's contents How can fileA.php determine that the request is coming specifically from fileB.php? -- I was thinking about sending the $_SERVER['SCRIPT_NAME'] in fileB.php to fileA.php but since someone can go into fileB.php or any file in general and just do $_SERVER['SCRIPT_NAME'] = 'fileB.php'; it's not really that secure. So how can I determine, for security reasons, that the request is coming from a specific file on a different server?

    Read the article

  • Ternary operators and variable reassignment in PHP

    - by TomcatExodus
    I've perused the questions on ternary operators vs. if/else structures, and while I understand that under normal circumstances there is no performance loss/gain in using ternary operators over if/else structures, I've not seen any mention of this situation. Language specific to PHP (but any language agnostic details are welcome) does the interpreter reassign values in situations like this: $foo = 'bar' $foo = strlen($foo) > 3 ? substr($foo, 0, 3) : $foo; Since this would evaluate to $foo = $foo; is this inefficient, or does the interpreter simply overlook/discard this evaluation? On a side note, what about: !defined('SECURE') ? exit : null;

    Read the article

  • Problem with session based login after moving relevent files to site root

    - by YsoL8
    Hello I have a site which I have been testing in a sub-folder of my clients site-root. I had no log in problems during testing, but then I moved the new site files from a sub-directory to the main site root, and now I'm losing my logged in state after almost every page refresh in secure areas. I am running a $_session based login system that refreshes the session id on every page load, with a comparison value stored in the MySQL database. Does anyone have suggestions for what could be causing this problem?

    Read the article

  • Connecting PHP Server and Android?

    - by user3439988
    I am trying to create a simple test application to transfer data back and forth between my server and Android device. The following are the things I aim for: Ability to upload data and files to the server. To be able to view my files on the server. To be able to download the files from the server to my android device. Ability of the server to send me updates on the files or notifications to my phone. I need a safe and secure way to do these things. I have tried these: HTTPPost requests onto the server and echoing the output accordingly and capturing the HTTPresponse and parsing it. For files I have tried using MultipartEntity, but I think that has been deprecated.

    Read the article

  • Using Forms authentication with remote auth system?

    - by chobo
    I am working on a website that uses a remote websites database to check for authentication (they are both share some database tables, but are separate website...) Right now I check the username and password against the remote websites account / member table, if there is a match I create a session. Questions: Is this secure? On authenticated pages I just check if a session of a specific type exists.Is it possible for someone to create an empty session or something that could bypass this? Is it possible to use Forms authentication with this setup? Right now if a user is authenticated I just get an object back with the username, email and id.

    Read the article

  • Forcibly clear memory in java

    - by MBennett
    I am writing an application in java that I care about being secure. After encrypting a byte array, I want to forcibly remove from memory anything potentially dangerous such as the key used. In the following snippet key is a byte[], as is data. SecretKeySpec secretKeySpec = new SecretKeySpec(key, "AES"); Cipher cipher = Cipher.getInstance("AES"); cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec); byte[] encData = cipher.doFinal(data, 0, data.length); Arrays.fill(key, (byte)0); As far as I understand, the last line above overwrites the key with 0s so that it no longer contains any dangerous data, but I can't find a way to overwrite or evict secretKeySpec or cipher similarly. Is there any way to forcibly overwrite the memory held by secretKeySpec and cipher, so that if someone were to be able to view the current memory state (say, via a cold boot attack), they would not get access to this information?

    Read the article

  • @Secured not working

    - by user3640507
    I am new to spring and trying to implement Role based authorization with the help of @Secured annotation. I have a method which is specifically for ADMIN and I have written @Secured ("ROLE_ADMIN") to secure it. @Secured ("ROLE_ADMIN") public void HelloUser(String name) { System.out.println("Hello ADMIN"); } Now when I call this method by creating a class object it gets called eventhough user dont have ADMIN authority But when I dont create an object and use @autowired annotation instead then it works i.e User is not allowed to access this method. In my security.xml as well as servlet.xml I have added <global-method-security secured-annotations="enabled" /> Can some one please tell me where I am going wrong or is this the natural behaviour in spring ?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 121 122 123 124 125 126 127 128 129 130 131 132  | Next Page >