Search Results

Search found 4220 results on 169 pages for 'generating passwords'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 126/169 | < Previous Page | 122 123 124 125 126 127 128 129 130 131 132 133  | Next Page >

  • Apache in MAC OS X

    - by Michal K.
    I have problems with apache on MAC OS Lion 10.7.5. I have VirtualHosts: <VirtualHost *:80> ServerName devel.dev DocumentRoot /var/www </VirtualHost> <VirtualHost *:80> ServerName test.dev DocumentRoot /var/www <Directory "/var/www"> Options Indexes FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> </VirtualHost> I have configured httpd.conf to ServerRoot = /usr/htdocs (empty directory). test.dev and devel.dev says always "It works!". Why ? In /var/www I have index.php which contains only one letter "k" (for tests). Edit, more info: I have restart apache milion times. File with VirtualHosts is included. error.log: [Tue Oct 02 20:03:55 2012] [notice] caught SIGTERM, shutting down [Tue Oct 02 20:03:55 2012] [warn] mod_bonjour: Cannot stat template index file '/System/Library/User Template/English.lproj/Sites/index.html'. [Tue Oct 02 20:03:55 2012] [notice] Digest: generating secret for digest authentication ... [Tue Oct 02 20:03:55 2012] [notice] Digest: done [Tue Oct 02 20:03:55 2012] [notice] Apache/2.2.22 (Unix) DAV/2 PHP/5.3.15 with Suhosin-Patch configured -- resuming normal operations When I stop apache, localhost still displays It works!

    Read the article

  • Cannot Install Windows 7 SP1 (64-bit)

    - by Clever Human
    I have tried every way I know how to get Windows 7 SP1 to install. It fails every time. Below is what looks like the relevant contents of the CBS.Log file. If there are further details that would help or more information I can gather, I will get it. 2011-08-15 10:32:52, Info CBS Startup: Package: Package_for_KB976902~31bf3856ad364e35~amd64~~6.1.1.17514 completed startup processing, new state: Installed, original: Installed, targeted: Installed. hr = 0x80070490 2011-08-15 10:32:52, Info CBS WER: Generating failure report for package: Package_for_KB976932~31bf3856ad364e35~amd64~~6.1.1.17514, status: 0x80070490, failure source: CBS Other, start state: Partially Installed, target state: Installed, client id: SP Coordinater Engine 2011-08-15 10:32:52, Info CBS Failed to query DisableWerReporting flag. Assuming not set... [HRESULT = 0x80070002 - ERROR_FILE_NOT_FOUND] 2011-08-15 10:32:52, Info CBS Failed to add %windir%\winsxs\pending.xml to WER report because it is missing. Continuing without it... 2011-08-15 10:32:52, Info CBS Failed to add %windir%\winsxs\pending.xml.bad to WER report because it is missing. Continuing without it... 2011-08-15 10:32:52, Info CBS SQM: Reporting package change completion for package: Package_for_KB976932~31bf3856ad364e35~amd64~~6.1.1.17514, current: Partially Installed, original: Partially Installed, target: Installed, status: 0x80070490, failure source: CBS Other, failure details: "(null)", client id: SP Coordinater Engine, initiated offline: False, execution sequence: 517, first merged sequence: 517 2011-08-15 10:32:52, Info CBS SQM: Upload requested for report: PackageChangeEnd_Package_for_KB976932~31bf3856ad364e35~amd64~~6.1.1.17514, session id: 101457924, sample type: Standard 2011-08-15 10:32:52, Info CBS SQM: Ignoring upload request because the sample type is not enabled: Standard I have downloaded the service pack and ran it from the EXE, I have installed it from Windows Update, I have ran all the "troubleshooting" trouble shots I could find. Nothing has worked so far. Any advice would be appreciated.

    Read the article

  • How can I diagnose what's causing Outlook 2007 when sending an attachment to fail with error 800CCC0F even though the message was sent?

    - by James
    As the title suggests, I've got an issue where outlook 2007 is reporting it failed to send email with error 800ccc0f (unexpectedly terminated connection) but only with attachments. The email is actually sent, but outlook keeps retrying (stays in the outbox), generating more emails to the original recipient (which do get delivered) I've got QMail on the server side supporting a half dozen domains. It doesn't appear to matter which account I send from. I can successfully send attachments via alternate mail clients (webmail, thunderbird) while outlook is failing, or send messages without attachments; so it's seemingly not the accounts themselves or serverside, which leaves outlook as the culprit. There doesn't appear to be any pattern to the failures, and it's not consistent (I successfully sent an attachment as recently as 3 weeks ago) so I'm at a loss as to where to look. Qmail logs don't look any different between successes and failures. Has anybody seen this before/have a solution? UPDATE : It appears it's only PDF files that this occurs with, so I'm even more stumped. I can send html/docx/txt and zip, UNLESS the zip file contains a pdf ... whiskey tango foxtrot

    Read the article

  • imagecreatefromjpeg() stops working after server upgrade

    - by John Conde
    We have a server located at a local company's place of business running Solaris/Apache/PHP. They recently did an update to Solaris, Apache, and PHP (security update patches, etc.). Unfortunately it has caused the image manipulation portion of our software to break. imagecreatefromjpeg() is now generating the following error: Warning: imagecreatefromjpeg() [function.imagecreatefromjpeg]: '/path/to/file/filename.jpg' is not a valid JPEG file in /path/to/file/Image.class.php on line XX No PHP code was changed during the server upgrade and it was fully functional before the software upgrades. I checked the files being passed to imagecreatefromjpeg() and they are indeed valid (they open successfully in both image editing software and in my browser). I checked the permissions of the directory from which the files are being opened and they do have read permission. GD library is enabled. I'm not sure what else I can check. Based on the scenario above I am guessing something changed in the software but I don't know what it could be. PHP was version 5.2.5 and is now 5.2.13. I appreciate any guidance as to what could be cause of this issue.

    Read the article

  • ZFS Storage Appliance ? ldap ??????

    - by user13138569
    ZFS Storage Appliance ? Openldap ????????? ???ldap ?????????????? Solaris 11 ? Openldap ????????????? ??? slapd.conf ??ldif ?????????? user01 ??????? ?????? slapd.conf # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/nis.schema # Define global ACLs to disable default read access. # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org pidfile /var/openldap/run/slapd.pid argsfile /var/openldap/run/slapd.args # Load dynamic backend modules: modulepath /usr/lib/openldap moduleload back_bdb.la # moduleload back_hdb.la # moduleload back_ldap.la # Sample security restrictions # Require integrity protection (prevent hijacking) # Require 112-bit (3DES or better) encryption for updates # Require 63-bit encryption for simple bind # security ssf=1 update_ssf=112 simple_bind=64 # Sample access control policy: # Root DSE: allow anyone to read it # Subschema (sub)entry DSE: allow anyone to read it # Other DSEs: # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # Directives needed to implement policy: # access to dn.base="" by * read # access to dn.base="cn=Subschema" by * read # access to * # by self write # by users read # by anonymous auth # # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., "access to * by * read") # # rootdn can always read and write EVERYTHING! ####################################################################### # BDB database definitions ####################################################################### database bdb suffix "dc=oracle,dc=com" rootdn "cn=Manager,dc=oracle,dc=com" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw secret # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /var/openldap/openldap-data # Indices to maintain index objectClass eq ?????????ldif???? dn: dc=oracle,dc=com objectClass: dcObject objectClass: organization dc: oracle o: oracle dn: cn=Manager,dc=oracle,dc=com objectClass: organizationalRole cn: Manager dn: ou=People,dc=oracle,dc=com objectClass: organizationalUnit ou: People dn: ou=Group,dc=oracle,dc=com objectClass: organizationalUnit ou: Group dn: uid=user01,ou=People,dc=oracle,dc=com uid: user01 objectClass: top objectClass: account objectClass: posixAccount objectClass: shadowAccount cn: user01 uidNumber: 10001 gidNumber: 10000 homeDirectory: /home/user01 userPassword: secret loginShell: /bin/bash shadowLastChange: 10000 shadowMin: 0 shadowMax: 99999 shadowWarning: 14 shadowInactive: 99999 shadowExpire: -1 ldap?????????????ZFS Storage Appliance??????? Configuration SERVICES LDAP ??Base search DN ?ldap??????????? ???? ldap ????????? user01 ???????????????? ???????????? user ????????? Unknown or invalid user ?????????????????? ????????????????Solaris 11 ???????????? ????????????? ldap ????????getent ??????????????? # svcadm enable svc:/network/nis/domain:default # svcadm enable ldap/client # ldapclient manual -a authenticationMethod=none -a defaultSearchBase=dc=oracle,dc=com -a defaultServerList=192.168.56.201 System successfully configured # getent passwd user01 user01:x:10001:10000::/home/user01:/bin/bash ????????? user01 ?????????????? # mount -F nfs -o vers=3 192.168.56.101:/export/user01 /mnt # su user01 bash-4.1$ cd /mnt bash-4.1$ touch aaa bash-4.1$ ls -l total 1 -rw-r--r-- 1 user01 10000 0 May 31 04:32 aaa ?????? ldap ??????????????????????????!

    Read the article

  • Swift Mailer email sending problem

    - by air
    i have downloaded Swift Mailer from their website and try to send simple email with following code <?php require_once 'lib/swift_required.php'; $transport = Swift_SmtpTransport::newInstance('smtp.example.org', 25) ->setUsername('your username') ->setPassword('your password') ; $mailer = Swift_Mailer::newInstance($transport); //Create a message $message = Swift_Message::newInstance('Wonderful Subject') ->setFrom(array('[email protected]' => 'John Doe')) ->setTo(array('[email protected]', '[email protected]' => 'A name')) ->setBody('Here is the message itself') ; //Send the message $result = $mailer->send($message); ? once i run the page it gives error Warning: fsockopen() [function.fsockopen]: php_network_getaddresses: getaddrinfo failed: No such host is known. in E:\web_sites\swift_mail\lib\classes\Swift\Transport\StreamBuffer.php on line 233 Warning: fsockopen() [function.fsockopen]: unable to connect to smtp.fiveocean.net:25 (php_network_getaddresses: getaddrinfo failed: No such host is known. ) in E:\web_sites\swift_mail\lib\classes\Swift\Transport\StreamBuffer.php on line 233 Fatal error: Uncaught exception 'Swift_TransportException' with message 'Connection could not be established with host smtp.fiveocean.net [php_network_getaddresses: getaddrinfo failed: No such host is known. #0]' in E:\web_sites\swift_mail\lib\classes\Swift\Transport\StreamBuffer.php:235 Stack trace: #0 E:\web_sites\swift_mail\lib\classes\Swift\Transport\StreamBuffer.php(70): Swift_Transport_StreamBuffer->_establishSocketConnection() #1 E:\web_sites\swift_mail\lib\classes\Swift\Transport\AbstractSmtpTransport.php(101): Swift_Transport_StreamBuffer->initialize(Array) #2 E:\web_sites\swift_mail\lib\classes\Swift\Mailer.php(74): Swift_Transport_AbstractSmtpTransport->start() #3 E:\web_sites\swift_mail\test.php(33): Swift_Mailer->send(Object(Swift_Message)) #4 {main} thrown in E:\web_sites\swift_mail\lib\classes\Swift\Transport\StreamBuffer.php on line 235 if i remove the line $result = $mailer->send($message); then page execute and no error message display, as soon as i add above line to send email, i got error. my outgoing server, port and user id & passwords are correct in my file. Thanks

    Read the article

  • Websphere 7 simple realm (like tomcat-users.xml)

    - by Heavy Bytes
    I am trying to port a J2EE app from Tomcat to Websphere and I'm not too familiar with Websphere. The only problem I am having is authorization (I use basic-authentication in my web.xml). In Tomcat I use the tomcat-users.xml file to define my users/passwords and to what roles they belong. How do I do this "simply" in Websphere? When deploying the EAR to Websphere it also asks me to map my role from web.xml to a user or group. Do I have to set up some sort of realm? Custom user registry? Thanks. UPDATE: I configured a Standalone custom registry, however I can't get a log-in prompt for username/password. It works just fine in Tomcat, and it doesn't in Websphere. Code from web.xml <security-constraint> <web-resource-collection> <web-resource-name>basic-auth security</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>HELLO_USER</role-name> </auth-constraint> <user-data-constraint>NONE</user-data-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> </login-config> <security-role> <role-name>HELLO_USER</role-name> </security-role>

    Read the article

  • ASP.NET Membership ChangePassword control - Need to check for previous password

    - by Steve
    Hi guys, I have a new table that hold old passwords, I need to check if there is a match. If there is a match I need the ChangePassword contol to NOT change the password. I need to tell the user that this password was used and pic a new one. I can't seem to be able to interrupt the control from changing the password. Maybe I am using the wrong event. Here is a piece of my code, or how I wish it would work. I appreciate all your help. protected void ChangePassword1_ChangedPassword(object sender, EventArgs e) { MembershipUser user = Membership.GetUser(); string usrName = ""; if (user != null) { string connStr = ConfigurationManager.ConnectionStrings["LocalSqlServer"].ConnectionString; SqlConnection mySqlConnection = new SqlConnection(connStr); SqlCommand mySqlCommand = mySqlConnection.CreateCommand(); mySqlCommand.CommandText = "Select UserName from OldPasswords where UserName = 'test'"; mySqlConnection.Open(); SqlDataReader mySqlDataReader = mySqlCommand.ExecuteReader(CommandBehavior.Default); while (mySqlDataReader.Read()) { usrName = mySqlDataReader["UserName"].ToString(); if (usrName == user.ToString()) { Label1.Text = "Match"; } else { Label1.Text = "NO Match!"; } }

    Read the article

  • Single Sign On for Web Application and Application in Virtual Directory

    - by Stefan
    To enable single sign-on for a web application and a web application in a virtual directory, I set the machinekey in both apps to the same: <machineKey validationKey="xxx" decryptionKey="yy" validation="SHA1" /> The single sign on works just fine, but existing users can't sign in any more; their passwords are rejected. The machinekey used to be this in the parent application: <machineKey validationKey="xxx,IsolateApps" decryptionKey="yy,IsolateApps" validation="SHA1" /> I tried other ways to make single sign on work, but it just won't as long as the keys contain "IsolateApps". What am I missing? I should add that the in the membership provider, passwordFormat is set to "Encrypted". So I assume the password was encrypted using the key that contained "IsolateApps" and now when it tries to validate the password it's using the key without the "IsolateApps". Still not sure how to solve that problem. Is there maybe a way that I can set the encryption keys for the password separately from the one that is used for the authentication cookie?

    Read the article

  • How to reproduce System.Security.Cryptography.SHA1Managed result in Python

    - by joetyson
    Here's the deal: I'm moving a .NET website to Python. I have a database with passwords hashed using the System.Security.Cryptography.SHA1Managed utility. I'm creating the hash in .NET with the following code: string hashedPassword = Cryptographer.CreateHash("MYHasher", userInfo.Password); The MYHasher block looks like this: <add algorithmType="System.Security.Cryptography.SHA1Managed, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=blahblahblah" saltEnabled="true" type="Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.HashAlgorithmProvider, Microsoft.Practices.EnterpriseLibrary.Security.Cryptography, Version=3.0.0.0, Culture=neutral, PublicKeyToken=daahblahdahdah" name="MYHasher" /> So for a given password, I get back and store in the database a 48 byte salted sha1. I assume the last 8 bytes are the salt. I have tried to reproduce the hashing process in python by doing a sha1(salt + password) and sha1(password + salt) but I'm having no luck. My question to you: How are the public keys being used? How is the password rehashed using the salt. How is the salt created? (e.g., When I say saltEnabled="true", what extra magic happens?) I need specific details that don't just reference other .NET libraries, I'm looking for the actual operational logic that happens in the blackbox. Thanks!

    Read the article

  • Passing a string in Html.ActionLink in MVC 2

    - by 109221793
    I have completed the MVC Music Store application, and now am making my own modifications for practice, and also to prepare me to do similar tasks in my job. What I have done, is create a view that displays the current list of users. I have done this as I want to be able to change the passwords of users should they forget them. Here is a snippet from my view: <% foreach (MembershipUser user in Model) { %> <tr> <td><%: Html.ActionLink(user.UserName, "changeUserPassword", "StoreManager", new { username = user.UserName }) %></td> <td><%: user.LastActivityDate %></td> <td><%: user.IsLockedOut %></td> </tr> <% }%> What I want to know, is it possible to pass the username through the actionlink as I have done above. I have registered the following route in the global.asax.cs file, however I am unsure if I have done it correctly: routes.MapRoute( "AdminPassword", //Route name "{controller}/{action}/{username}", //URL with parameters new { controller = "StoreManager", action = "changeUserPassword", username = UrlParameter.Optional }); Here is my GET action: public ActionResult changeUserPassword(string username) { ViewData["username"] = username; return View(); } I have debugged through the code to find that ViewData["username"] = username doesn't populate so it looks like either I have not registered the routes properly, or I simply cannot pass the username using the actionlink like I have. I'd be grateful if someone could point me in the right direction.

    Read the article

  • ADODB Connection String: Workgroup Information file is Missing?

    - by Mohgeroth
    I have a few data sources in access that I need to connect to programatically to do things with behind the scenes and keep visibility away from users. Said datasource has a password 'pass' as I'm going to call it here. Using this connection method I get an error attempting to use the open method Dim conn as ADODB.Connection Set ROBBERS.conn = New ADODB.Connection conn.open "Provider=Microsoft.Jet.OLEDB.4.0;" _ & "Data Source=\\pep-home\projects\billing\autobilling\DPBilling2.mdb;" _ & "Jet OLEDB:Database Password=pass;", "admin", "pass" "Cannot start your application. The workgroup information file is missing or opened exclusively by another user." Due to planning to move into 2007, we are not using nor have ever used a workgroup identification file through access. The database password on the data source was set through the Set Databa Password which had to be done on an exclusive open. Ive spent a good while changing around my connection options, where to put the passwords etc and either cannot find the right format, or (why I'm asking here) I think there may be some other unknown that I must setup to do this. Anyone out there got some useful information?

    Read the article

  • C# wrapper and Callbacks

    - by fergs
    I'm in the process of writing a C# wrapper for Dallmeier Common API light (Camera & Surviellance systems) and I've never written a wrapper before, but I have used the Canon EDSDK C# wrapper. So I'm using the Canon wrapper as a guide to writing the Dallmeier wrapper. I'm currently having issues with wrapping a callback. In the API manual it has the following: dlm_connect int(unsigned long uLWindowHandle, const char * strIP, const char* strUser1, const char* strPwd1, const char* strUser2, const char* strPwd2, void (*callback)(void *pParameters, void *pResult, void *pInput), void * pInput) Arguments - ulWindowhandle - handle of the window that is passed to the ViewerSDK to display video and messages there - strUser1/2 - names of the users to log in. If only single user login is used strUser2 is - NULL - strPwd1/2 - passwords of both users. If strUser2 is NULL strPwd2 is ignored. Return This function creates a SessionHandle that has to be passed Callback pParameters will be structured: - unsigned long ulFunctionID - unsigned long ulSocketHandle, //handle to socket of the established connection - unsigned long ulWindowHandle, - int SessionHandle, //session handle of the session created - const char * strIP, - const char* strUser1, - const char* strPwd1, - const char* strUser2, - const char * strPWD2 pResult is a pointer to an integer, representing the result of the operation. Zero on success. Negative values are error codes. So from what I've read on the Net and Stack Overflow - C# uses delegates for the purpose of callbacks. So I create a my Callback function : public delegate uint DallmeierCallback(DallPparameters pParameters, IntPtr pResult, IntPtr pInput); I create the connection function [DllImport("davidapidis.dll")] public extern static int dlm_connect(ulong ulWindowHandle, string strIP, string strUser1, string strPwd1, string strUser2, string strPwd2, DallmeierCallback inDallmeierFunc And (I think) the DallPParameters as a struct : [StructLayout(LayoutKind.Sequential)] public struct DallPParameters { public ulong ulfunctionID; public ulong ulsocketHandle; public ulong ulWindowHandle; ... } All of this is in my wrapper class. Am I heading in the right direction or is this completely wrong?

    Read the article

  • A Question about .net Rfc2898DeriveBytes class?

    - by IbrarMumtaz
    What is the difference in this class? as posed to just using Encoding.ASCII.GetBytes(string object); I have had relative success with either approach, the former is a more long winded approach where as the latter is simple and to the point. Both seem to allow you to do the same thing eventually but I am struggling to the see the point in using the former over the latter. The basic concept I have been able to grasp is that you can convert string passwords into byte arrays to be used for e.g a symmetric encryption class, AesManaged. Via the RFC class but you get to use SaltValues and password when creating your rfc object. I assume its more secure but still thats an uneducated guess at best ! Also that it allows you to return byte arrays of a certain size, well something like that. heres a few examples to show you where I am coming from? byte[] myPassinBytes = Encoding.ASCII.GetBytes("some password"); or string password = "P@%5w0r]>"; byte[] saltArray = Encoding.ASCII.GetBytes("this is my salt"); Rfc2898DeriveBytes rfcKey = new Rfc2898DeriveBytes(password, saltArray); The 'rfcKey' object can now be used towards setting up the the .Key or .IV properties on a Symmetric Encryption Algorithm class. ie. RijndaelManaged rj = new RijndaelManaged (); rj.Key = rfcKey.Getbytes(rj.KeySize / 8); rj.IV = rfcKey.Getbytes(rj.Blocksize / 8); 'rj' should be ready to go ! The confusing part ... so rather than using the 'rfcKey' object can I not just use my 'myPassInBytes' array to help set-up my 'rj' object???? I have tried doing this in VS2008 and the immediate answer is NO ! but have you guys got a better educated answer as to why the RFC class is used over the other alternative I have mentioned above and why????

    Read the article

  • Apache & SVN on Ubuntu - Post-commit hook fails silently, pre-commit hook "Permission Denied"

    - by Andy R
    I've been struggling for the past couple days to get post-commit email notifications working on my SVN server (running via HTTP with Apache2 on Ubuntu 9.10). SVN commits work fine, but for some reason the hooks are not being properly executed. Here are the configuration settings: - Users access the repo via HTTP with the apache dav_svn module (I created users/passwords via htpasswd in a dav_svn.passwd file). dav_svn.conf: <Location /svn/repos> DAV svn SVNPath /home/svn/repos AuthType Basic AuthName "Subversion Repository" AuthUserFile /etc/apache2/dav_svn.passwd Require valid-user </Location> I created a post-commit hook file that writes a simple message to a file in the repository root: /home/svn/repos/hooks/post-commit: #!/bin/sh REPOS="$1" REV="$2" /bin/echo 'worked' > ${REPOS}/postcommit.log I set the entire repository to be owned by www-data (the apache user), and assigned 755 permissions to the post-commit script when I test the post-commit script using the www-data user in an empty environment, it works: sudo -u www-data env - /home/svn/repos/hooks/post-commit /home/svn/repos 7 But when I commit on a client machine, the commit is successful, but the post-commit script does not seem to be executed. I also tried running a simple script for the pre-commit hook, and I get an error, even with an empty pre-commit script: "Commit failed (details follow): Can't create null stdout for hook '/home/svn/repos/hooks/pre-commit': Permission denied" I did a few searches on Google for this error and I presume that this is an issue with the apache user (www-data) not having adequate permissions, specifically to execute /dev/null. I also read that the reason post-commit fails silently is because that it doesn't report with stdout. Anyway, I've also tried giving the apache user (www-data) ownership of the entire repository, and edited the apache virtualhost to allow operations on the server root, and I'm still getting permission denied /etc/apache2/sites-available/primarydomain.conf <Directory /> Options FollowSymLinks AllowOverride None Order allow,deny Allow from all </Directory> Any ideas/suggestions would be greatly appreciated! Thanks

    Read the article

  • Password Cracking Windows Accounts

    - by Kevin
    At work we have laptops with encrypted harddrives. Most developers here (on occasion I have been guilty of it too) leave their laptops in hibernate mode when they take them home at night. Obviously, Windows (i.e. there is a program running in the background which does it for windows) must have a method to unencrypt the data on the drive, or it wouldn't be able to access it. That being said, I always thought that leaving a windows machine on in hibernate mode in a non-secure place (not at work on a lock) is a security threat, because someone could take the machine, leave it running, hack the windows accounts and use it to encrypt the data and steal the information. When I got to thinking about how I would go about breaking into the windows system without restarting it, I couldn't figure out if it was possible. I know it is possible to write a program to crack windows passwords once you have access to the appropriate file(s). But is it possible to execute a program from a locked Windows system that would do this? I don't know of a way to do it, but I am not a Windows expert. If so, is there a way to prevent it? I don't want to expose security vulnerabilities about how to do it, so I would ask that someone wouldn't post the necessary steps in details, but if someone could say something like "Yes, it's possible the USB drive allows arbitrary execution," that would be great! EDIT: The idea being with the encryption is that you can't reboot the system, because once you do, the disk encryption on the system requires a login before being able to start windows. With the machine being in hibernate, the system owner has already bypassed the encryption for the attacker, leaving windows as the only line of defense to protect the data.

    Read the article

  • Padding is invalid and cannot be removed

    - by Ajay
    I have hosted an asp.net 2.0 site. Everyday, i am getting an error "Padding is invalid and cannot be removed" 2-3 times. Backend used is sql server 2005. the site is controlled via plesk 9.2 CP. Pooling is enabled with timeout as 120 Minutes, in IIS. Can it be the reason for this? I have not used any encryption except for the stored passwords(MD5) The error message is : " Base Exception = : Padding is invalid and cannot be removed. - Source : System.Web - TargetSite :Void ThrowError(System.Exception, System.String, System.String, Boolean)Message : Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster. " & System Log (Application) says " Event code: 4009 Event message: Viewstate verification failed. Reason: The viewstate supplied failed integrity check. Event detail code: 50203 ViewStateException information: Exception message: Invalid viewstate. Port: 31235 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) " I have hosted it in a dedicated server and not in a web farm. Will keeping a static machine key help resolve this issue? Please guide me on this.

    Read the article

  • Smack API giving error while logging into Tigase Server setup locally

    - by Ameya Phadke
    Hi, I am currently developing android XMPP client to communicate with the Tigase server setup locally.Before starting development on Android I am writing a simple java code on PC to test connectivity with XMPP server.My XMPP domain is my pc name "mwbn43-1" and administrator username and passwords are admin and tigase respectively. Following is the snippet of the code I am using class Test { public static void main(String args[])throws Exception { System.setProperty("smack.debugEnabled", "true"); XMPPConnection.DEBUG_ENABLED = true; ConnectionConfiguration config = new ConnectionConfiguration("mwbn43-1", 5222); config.setCompressionEnabled(true); config.setSASLAuthenticationEnabled(true); XMPPConnection con = new XMPPConnection(config); // Connect to the server con.connect(); con.login("admin", "tigase"); Chat chat = con.getChatManager().createChat("aaphadke@mwbn43-1", new MessageListener() { public void processMessage(Chat chat, Message message) { // Print out any messages we get back to standard out. System.out.println("Received message: " + message); } }); try { chat.sendMessage("Hi!"); } catch (XMPPException e) { System.out.println("Error Delivering block"); } String host = con.getHost(); String user = con.getUser(); String id = con.getConnectionID(); int port = con.getPort(); boolean i = false; i = con.isConnected(); if (i) System.out.println("Connected to host " + host + " via port " + port + " connection id is " + id); System.out.println("User is " + user); con.disconnect(); } } When I run this code I get following error Exception in thread "main" Resource binding not offered by server: at org.jivesoftware.smack.SASLAuthentication.bindResourceAndEstablishSession(SASLAuthenticatio n.java:416) at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java:331) at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:395) at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:349) at Test.main(Test.java:26) I found this articles on the same problem but no concrete solution here Could anyone please tell me the solution for this problem.I checked the XMPPConnection.java file in the Smack API and it looks the same as given in the link solution. Thanks, Ameya

    Read the article

  • Secure Password Storage and Transfer

    - by Andras Zoltan
    I'm developing a new user store for my organisation and am now tackling password storage. The concepts of salting, HMAC etc are all fine with me - and want to store the users' passwords either salted and hashed, HMAC hashed, or HMAC salted and hashed - not sure what the best way will be - but in theory it won't matter as it will be able to change over time if required. I want to have an XML & JSON service that can act as a Security Token Service for client-side apps. I've already developed one for another system, which requires that the client double-encrypts a clear-text password using SHA1 first and then HMACSHA1 using a 128 unique key (or nonce) supplied by the server for that session only. I'd like to repeat this technique for the new system - upgrading the algo to SHA256 (chosen since implementations are readily available for all aforementioned platforms - and it's much stronger than SHA1) - but there is a problem. If I'm storing the password as a salted hash in the user-store, the client will need to be sent that salt in order to construct the correct hash before being HMACd with the unique session key. This would completely go against the point of using a salt in the first place. Equally, if I don't use salt for password storage, but instead use HMAC, it's still the same problem. At the moment, the only solution I can see is to use naked SHA256 hashing for the password in the user store, so that I can then use this as a starting point on both the server and the client for a more secure salted/hmacd password transfer for the web service. This still leaves the user store vulnerable to a dictionary attack were it ever to be accessed; and however unlikely that might be - assuming it will never happen simply doesn't sit well with me. Greatly appreciate any input.

    Read the article

  • PHP, We have sessions, and cookies....I love cookies, but they are blowing my mind right now.

    - by Matt
    I am not sure how to go about accessing the variable I need to set on a cookie... I was thinking about using the $_POST global but I dont know how based on my design if it will work. I am using a master page type design seperating index.php from my function includes and database information and individual pages (that will be returned to an include in index.php based on a $_GET) Okay so back to my question. What is the most efficient way to set a cookie on a design that has a main page that everything will branch from. How would I pull the value. Is $_POST a good enough way to go about it? Also...by saying it must be the first thing sent...does that mean I cannot run any serverside scripts before that? I could definately utilize a login query I think but I dont want to write code just to be dissapointed based on my lack of time and knowledge. I did search for answers...I know this most likely feels like a generic question that could be answered in a difference place...but I know I will get an accurate and professional answer here...so I dont want to bet on the half answers I found otherwise. Of course I will sanitize everything and not store any sensitive information (passwords,address,phone,or anything really for that matter besides some kind of session ID and the username) If this is confusing I am sorry but I am on a gov computer...and they lock these tighter than ft knox...so getting my code on here will be a chore until I get back to my room. Thanks, Matt

    Read the article

  • How can I get browser to prompt to save password?

    - by Eric
    Hey, I'm working on a web app that has a login dialog that works like this: User clicks "login" Login form HTML is loaded with AJAX and displayed in DIV on page User enters user/pass in fields and clicks submit. It's NOT a <form> -- user/pass are submitted via AJAX If user/pass are okay, page reloads with user logged in. If user/pass are bad, page does NOT reload but error message appears in DIV and user gets to try again. Here's the problem: the browser never offers the usual "Save this password? Yes / Never / Not Now" prompt that it does for other sites. I tried wrapping the <div> in <form> tags with "autocomplete='on'" but that made no difference. Is it possible to get the browser to offer to store the password without a major rework of my login flow? thanks Eric p.s. to add to my question, I'm definitely working with browers that store passwords, and I've never clicked "never for this site" ...this is a technical issue with the browser not detecting that it's a login form, not operator error :-)

    Read the article

  • ASP.NET: Custom MembershipProvider with a custom user table

    - by blahblah
    I've recently started tinkering with ASP.NET MVC, but this question should apply to classic ASP.NET as well. For what it's worth, I don't know very much about forms authentication and membership providers either. I'm trying to write my own MembershipProvider which will be connected to my own custom user table in my database. My user table contains all of the basic user information such as usernames, passwords, password salts, e-mail addresses and so on, but also information such as first name, last name and country of residence. As far as I understand, the standard way of doing this in ASP.NET is to create a user table without the extra information and then a "profile" table with the extra information. However, this doesn't sound very good to me, because whenever I need to access that extra information I would have to make one extra database query to get it. I read in the book "Pro ASP.NET 3.5 in C# 2008" that having a separate table for the profiles is not a very good idea if you need to access the profile table a lot and have many different pages in your website. Now for the problem at hand... As I said, I'm writing my own custom MembershipProvider subclass and it's going pretty well so far, but now I've come to realize that the CreateUser doesn't allow me to create users in the way I'd like. The method only takes a fixed number of arguments and first name, last name and country of residence are not part of them. So how would I create an entry for the new user in my custom table without this information at hand in CreateUser of my MembershipProvider?

    Read the article

  • I get an Exception when trying to implement reset password with Authlogic

    - by Tam
    Hi, I'm using Ruby on Rails 2.3.5 and Ruby 1.9 and implmeneted Authlogic as my authentication engine. Authlogic works fine. But now I have been trying to implement password reset using the following tutorial: http://www.binarylogic.com/2008/11/16/tutorial-reset-passwords-with-authlogic/ But I'm getting the following exception when I type mysite.com/password_resets/new Processing PasswordResetsController#new (for 127.0.0.1 at 2010-03-13 01:09:45) [GET] Completed in 9ms (DB: 0) | 200 [http://localhost/password_resets/new] [2010-03-13 01:09:45] ERROR TypeError: can't convert Array into String /Users/tammam56/.rvm/gems/ruby-1.9.1-p378/gems/activesupport-2.3.5/lib/active_support/core_ext/string/output_safety.rb:34:in `concat' /Users/tammam56/.rvm/gems/ruby-1.9.1-p378/gems/activesupport-2.3.5/lib/active_support/core_ext/string/output_safety.rb:34:in `concat_with_safety' /Users/tammam56/.rvm/gems/ruby-1.9.1-p378/gems/rack-1.0.1/lib/rack/handler/webrick.rb:63:in `block in service' /Users/tammam56/.rvm/gems/ruby-1.9.1-p378/gems/actionpack-2.3.5/lib/action_controller/response.rb:158:in `each' /Users/tammam56/.rvm/gems/ruby-1.9.1-p378/gems/actionpack-2.3.5/lib/action_controller/response.rb:158:in `each' /Users/tammam56/.rvm/gems/ruby-1.9.1-p378/gems/actionpack-2.3.5/lib/action_controller/string_coercion.rb:16:in `send' /Users/tammam56/.rvm/gems/ruby-1.9.1-p378/gems/actionpack-2.3.5/lib/action_controller/string_coercion.rb:16:in `method_missing' /Users/tammam56/.rvm/gems/ruby-1.9.1-p378/gems/actionpack-2.3.5/lib/action_controller/reloader.rb:22:in `method_missing' /Users/tammam56/.rvm/gems/ruby-1.9.1-p378/gems/rack-1.0.1/lib/rack/handler/webrick.rb:62:in `service' /Users/tammam56/.rvm/rubies/ruby-1.9.1-p378/lib/ruby/1.9.1/webrick/httpserver.rb:111:in `service' /Users/tammam56/.rvm/rubies/ruby-1.9.1-p378/lib/ruby/1.9.1/webrick/httpserver.rb:70:in `run' /Users/tammam56/.rvm/rubies/ruby-1.9.1-p378/lib/ruby/1.9.1/webrick/server.rb:183:in `block in start_thread' Honestly I'm not sure where to start debugging for this. Is it because I'm using Ruby 1.9? some people seem to be having trouble with Authlogic and Ruby 1.9: http://isitruby19.com/authlogic Please advise me how to go about solving/debugging this issues? Thanks, Tam

    Read the article

  • Where are the real risks in network security?

    - by Barry Brown
    Anytime a username/password authentication is used, the common wisdom is to protect the transport of that data using encryption (SSL, HTTPS, etc). But that leaves the end points potentially vulnerable. Realistically, which is at greater risk of intrusion? Transport layer: Compromised via wireless packet sniffing, malicious wiretapping, etc. Transport devices: Risks include ISPs and Internet backbone operators sniffing data. End-user device: Vulnerable to spyware, key loggers, shoulder surfing, and so forth. Remote server: Many uncontrollable vulnerabilities including malicious operators, break-ins resulting in stolen data, physically heisting servers, backups kept in insecure places, and much more. My gut reaction is that although the transport layer is relatively easy to protect via SSL, the risks in the other areas are much, much greater, especially at the end points. For example, at home my computer connects directly to my router; from there it goes straight to my ISPs routers and onto the Internet. I would estimate the risks at the transport level (both software and hardware) at low to non-existant. But what security does the server I'm connected to have? Have they been hacked into? Is the operator collecting usernames and passwords, knowing that most people use the same information at other websites? Likewise, has my computer been compromised by malware? Those seem like much greater risks. What do you think?

    Read the article

  • Restrict access to connection pool in Weblogic?

    - by Andrew White
    In short, how can I restrict access to connection pool X based on application name or JAR name? A simple use case might help... A business web-app (call it WEB_APP_A) uses pool Y to do basic look-up SQL. Some users of this web-app have access to also update some sensitive data in the database. This code is provided by a JAR file (call it HR_JAR) that can be dropped in where needed. This JAR uses pool X for all of it's connections. We don't want developers of WEB_APP_A using pool X. We only want HR_JAR using pool X. This is to keep devs of WEB_APP_A from accidentally or intentionally abusing the access pool X provides. Some considerations: This is legacy code so HR_JAR is here to stay We are running on Weblogic 9.2 We can not keep passwords in any from in the source code We have researched weblogic user level authn/authz for JDBC resources but then this begs the question; how do we secure the user creds we use to become a user per app/jar? Ideas? Thoughts? I can elaborate more on what I have tried, but I wanted fresh ideas.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 122 123 124 125 126 127 128 129 130 131 132 133  | Next Page >