Search Results

Search found 1306 results on 53 pages for 'csrf protection'.

Page 13/53 | < Previous Page | 9 10 11 12 13 14 15 16 17 18 19 20  | Next Page >

  • Storing And Using Microsoft User Account Credentials in MS SQL Srv 2008 Database

    - by instantmusic
    I'm not exactly positive how to word this for the sake of the title so please forgive me. Also I can't seem to figure out how to even google this question, so I'm hoping that I can get a lead in the right direction. Part of my software(VB.NET App) requires the ability to access/read/write a shared network folder. I have an option for the user to specify any credentials that might be needed to access said folder. I want to store these credentials given in the MS SQL Database as part of the config(I have a table which contains configuration). My concern is that the password for the user account will be unencrpyted. Yet, if I encrypt the password the VB.NET App And/Or database will be unable to use the credentials for file i/o operations unless the Password is unencrypted before use. I'm fishing for suggestions on how to better handle this situation.

    Read the article

  • Encrypt php code

    - by riad
    Hi all, I create a software using php. Now need to sale this software .So, I need to encrypt my code that nobody can view my source code. can anybody help me to do: 1. Encrypt my PHP code but software functioning will remaining same. 2. Also I need to bind the software for a particular authorized pc & it will not run any other pc except my authentication. How can I do that? encrypt using LAN MAC address? or any other idea? pls help!

    Read the article

  • How to read a password encrypted key with java?

    - by Denis
    Hi, This is very simple question. I have private key stored in file in PKCS8 DER format and protected by password. What is the easiest way to read it? Here is the code I use to load unencrypted one: InputStream in = new FileInputStream(privateKeyFilename); byte[] privateKeydata = new byte[in.available()]; in.read(privateKeydata); in.close(); KeyFactory privateKeyFactory = KeyFactory.getInstance("RSA"); PKCS8EncodedKeySpec encodedKeySpec = new PKCS8EncodedKeySpec(privateKeydata); PrivateKey privateKey = privateKeyFactory.generatePrivate(encodedKeySpec); Please, Help!!!

    Read the article

  • Protecting an Application's Memory From Tampering

    - by Changeling
    We are adding AES 256 bit encryption to our server and client applications for encrypting the TCP/IP traffic containing sensitive information. We will be rotating the keys daily. Because of that, the keys will be stored in memory with the applications. Key distribution process: Each server and client will have a list of initial Key Encryption Key's (KEK) by day If the client has just started up or the server has just started up, the client will request the daily key from the server using the initial key. The server will respond with the daily key, encrypted with the initial key. The daily key is a randomly generated set of alphanumeric characters. We are using AES 256 bit encryption. All subsequent communications will be encrypted using that daily key. Nightly, the client will request the new daily key from the server using the current daily key as the current KEK. After the client gets the new key, the new daily key will replace the old daily key. Is it possible for another bad application to gain access to this memory illegally or is this protected in Windows? The key will not be written to a file, only stored in a variable in memory. If an application can access the memory illegally, how can you protect the memory from tampering? We are using C++ and XP (Vista/7 may be an option in the future so I don't know if that changes the answer).

    Read the article

  • Javascript form validation on client side without server side - is it safe?

    - by Vitali Ponomar
    Supose I have some form with javascript client side validation and no server side validation. If user disable javascript in his browser there will no be submit button so he can not send me any data without js enabled. But I do not know is there any way to change my validation instructions from client browser so he could send me untrusted data and make some damage to my database. Thanks in advance and sorry for my (possibly) obvious question!!!

    Read the article

  • How to remove music/videos DRM protection and convert to Mobile Devices such as iPod, iPhone, PSP, Z

    - by tonywesley
    The music/video files you purchased from online music stores like iTunes, Yahoo Music or Wal-Mart are under DRM protection. So you can't convert them to the formats supported by your own mobile devices such as Nokia phone, Creative Zen palyer, iPod, PSP, Walkman, Zune… You also can't share your purchased music/videos with your friends. The following step by step tutorial is dedicated to instructing music lovers to how to convert your DRM protected music/videos to mobile devices. Method 1: If you only want to remove DRM protection from your protected music, this method will not spend your money. Step 1: Burn your protected music files to CD-R/RW disc to make an audio CD Step 2: Find a free CD Ripper software to convert the audio CD track back to MP3, WAV, WMA, M4A, AAC, RA… Method 2: This guide will show you how to crack drm from protected wmv, wma, m4p, m4v, m4a, aac files and convert to unprotected WMV, MP4, MP3, WMA or any video and audio formats you like, such as AVI, MP4, Flv, MPEG, MOV, 3GP, m4a, aac, wmv, ogg, wav... I have been using Media Converter software, it is the quickest and easiest solution to remove drm from WMV, M4V, M4P, WMA, M4A, AAC, M4B, AA files by quick recording. It gets audio and video stream at the bottom of operating system, so the output quality is lossless and the conversion speed is fast . The process is as follows. Step 1: Download and install the software Step 2: Run the software and click "Add…" button to load WMA or M4A, M4B, AAC, WMV, M4P, M4V, ASF files Step 3: Choose output formats. If you want to convert protected audio files, please select "Convert audio to" list; If you want to convert protected video files, please select "Convert video to" list. Step 4: You can click "Settings" button to custom preference for output files. Click "Settings" button bellow "Convert audio to" list for protected audio files Click "Settings" button bellow "Convert video to" list for protected video files Step 5: Start remove DRM and convert your DRM protected music and videos by click on "Start" button. What is DRM? DRM, which is most commonly found in movies and music files, doesn't mean just basic copy-protection of video, audio and ebooks, but it basically means full protection for digital content, ranging from delivery to end user's ways to use the content. We can remove the Drm from video and audio files legally by quick recording.

    Read the article

  • What is the best way to password protect folder/page using php without a db or username

    - by Salt Packets
    What is the best way to password protect folder using php without a database or user name but using. Basically I have a page that will list contacts for organization and need to password protect that folder without having account for every user . Just one password that gets changes every so often and distributed to the group. I understand that it is not very secure but never the less I would like to know how to do this. In the best way. It would be nice if the password is remembered for a while once user entered it correctly.

    Read the article

  • Convert ASP.NET membership system to secure password storage

    - by wrburgess
    I have a potential client that set up their website and membership system in ASP.NET 3.5. When their developer set up the system, it seems he turned off the security/hashing aspect of password storage and everything is stored in the clear. Is there a process to reinstall/change the secure password storage of ASP.NET membership without changing all of the passwords in the database? The client is worried that they'll lose their customers if they all have to go through a massive password change. I've always installed with security on by default, thus I don't know the effect of a switchover. Is there a way to convert the entire system to a secure password system without major effects on the users?

    Read the article

  • How do you protect your software from illegal distribution?

    - by petr k.
    I am curious about how do you protect your software against cracking, hacking etc. Do you employ some kind of serial number check? Hardware keys? Do you use any third-party solutions? How do you go about solving licensing issues? (e.g. managing floating licenses) EDIT: I'm not talking any open source, but strictly commercial software distribution...

    Read the article

  • Using a randomly generated token for flood control.

    - by James P
    Basic setup of my site is: user enters a message on the homepage, hits enter and the message is sent though a AJAX request to a file called like.php where it echo's a link that gets sent back to the user. I have made the input disable when the user presses enter, but there's nothing stopping the user from just constantly flooding like.php with POST request and filling up my database. Someone here on SO told me to use a token system but didn't mention how. I've seen this being done before and from what I know it is effective. The only problem I have is how will like.php know it's a valid token? My code is this at the moment: $token = md5(rand(0, 9999) * 1000000); and the markup: <input type="hidden" name="token" value="<?php echo $token ?>" /> Which will send the token to like.php through POST. But how will like.php know that this is a valid token? Should I instead token something that's linked to the user? Like their IP address? Or perhaps token the current minute and check that it's the same minute in like.php... Any help on this amtter would be greatly appreciated, thanks. :)

    Read the article

  • Suggestions for library to hash passwords in JAVA

    - by DutrowLLC
    What JAVA library should I be using to Hash passwords for storage in a database? I was hoping to just take the plain text password, add a random salt, then store the salt and the hashed password in the database. Then when a user wanted to log in, I could just take their submitted password, add the random salt from their account information, hash it and see if it equates to the stored hash password with their account information.

    Read the article

  • Creating a PHP call home "time bomb" to protect my interests

    - by RC
    Hi everyone, I produced a PHP web app for a client some months back that is hosted on their own server. I have still not been paid for this work, and they are giving me the runaround. It turns out that I still have remote admin access to their server, so I can make code changes. What I was thinking of doing was to move the core kernel off-site onto one of my own servers, and program in some kind of callback or include that gets the kernel (critical functions) from my server. Give it two weeks or so for their backups to catch this change, and then pull the plug and exercise leverage. If I do this, they will pay immediately, because the site is a critical one for a very large and influential client of theirs. What is the most effective and easiest way of doing this? What code do I use? Thanks for any pointers.

    Read the article

  • How do you handle passwords or credentials for standalone applications?

    - by Abel Morelos
    Let's say that you have a standalone application (a Java application in my case) and that this application has a configuration file (a XML file in my case) where you store the credentials (user and password) for a bunch of databases you need to connect. Everything works great, but now you discover (or your are given a new requirement like me) that you have to put this application in a different server and that you can't have these credentials in the configuration files because of security and/or compliance considerations. I'm considering to use data sources hosted in the application server (a WAS server), but I think this could have poor performance and maybe it's not the best approach since I'm connecting from a standalone application. I was also considering to use some sort of encryption, but I would like to keep things as simple as possible. How would you handle this case? Where would you put these credentials or protect them from being compromised? Or how would you connect to your databases in this scenario?

    Read the article

  • Using a password to generate two distinct hashes without reducing password security

    - by Nevins
    Hi there, I'm in the process of designing a web application that will require the storage of GPG keys in an encrypted format in a database. I'm planning on storing the user's password in a bCrypt hash in the database. What I would like to be able to do is to use that bCrypt to authenticate the user then use the combination of the stored bCrypt hash and another hash of the password to encrypt and decrypt the GPG keys. My question is whether I can do this without reducing the security of the password? I was thinking I may be able to use something like an HMAC-SHA256 of a static string using the password and a salt as the secret key. Is there a better way to do this that I haven't thought of? Thanks

    Read the article

  • Generate key for a software developed using vb.net

    - by Pandiya Chendur
    Hai guys, I ve developed a salary calculating software using vb.net.... Its working fine and i ve converted it to an exe file... My drawback is it can be copied and pasted in another system very easily... I want to generate a key for the exe file and while installing the key should be used and when installation is completed ,the key should not be used again... Is this ya secured one or give me some ideas how it can be done....

    Read the article

  • htpasswd, secure specific files in zend framework

    - by AKFourSeven
    Hi I have been bashing my head against the wall with this riddle and cannot find the way to solve this. I would like to secure couple of files to restrict access to certain pages but my attempts so far are unsuccessful. I do not want to use Zend Auth as it is a very small web site doing simple stuff. Here is a sample of what I have done: AuthUserFile /path/to/my/.htpasswd AuthName "Admin Restriction" AuthType Basic <Files file.phtml> require valid-user </Files> Is there any way to achieve this ?

    Read the article

  • Protect Files from Git

    - by Tanner
    I'm using Git with WindRiver to manage a project of mine. The code is being managed, however the project files (such as .cproject, .project, .wrmakefile, and .wrproject) are not. However when I switch branches, Git deletes those files spite them being in .gitignore, thereby removing my ability to compile the code without having to revert commits or keeping a backup. So, is there a way to say to Git - ignore these files and don't touch them no matter what?

    Read the article

  • Storing And Using Microsoft User Account Credentials in SQL Server 2008 database

    - by user337501
    I'm not exactly positive how to word this for the sake of the title so please forgive me. Also I can't seem to figure out how to even google this question, so I'm hoping that I can get a lead in the right direction. Part of my software(VB.NET App) requires the ability to access/read/write a shared network folder. I have an option for the user to specify any credentials that might be needed to access said folder. I want to store these credentials given in the SQL Server database as part of the config (I have a table which contains configuration). My concern is that the password for the user account will be unencrpyted. Yet, if I encrypt the password the VB.NET App And/Or database will be unable to use the credentials for file i/o operations unless the Password is unencrypted before use. I'm fishing for suggestions on how to better handle this situation.

    Read the article

  • Serial numbers generation without user data

    - by Sphynx
    This is a followup to this question. The accepted answer is generally sufficient, but requires user to supply personal information (e.g. name) for generating the key. I'm wondering if it's possible to generate different keys based on a common seed, in a way that program would be able to validate if those keys belong to particular product, but without making this process obvious to the end user. I mean it could be a hash of product ID plus some random sequence of characters, but that would allow user to guess potential new keys. There should be some sort of algorithm difficult to guess.

    Read the article

  • Torrents: Can I protect my software by sending wrong bytes?

    - by Martijn Courteaux
    Hi, It's a topic that everyone interests. How can I protect my software against stealing, hacking, reverse engineering? I was thinking: Do my best to protect the program for reverse engineering. Then people will crack it and seed it with torrents. Then I download my own cracked software with a torrent with my own torrent-software. My own torrent-software has then to seed incorrect data (bytes). Of course it has to seed critical bytes. So people who want to steal my software download my wrong bytes. Just that bytes that are important to startup, saving and loading data, etc... So if the stealer download from me (and seed it later) can't do anything with it, because it is broken. Is this idea relevant? Maybe, good torrent-clients check hashes from more peers to check if the packages (containing my broken bytes) I want to seed are correct or not? Thanks

    Read the article

  • Protect my PHP App

    - by Abs
    Hello all, I have developed an app and its written in PHP (with a bunch of SQL scripts), this app will be used by a few small companies. For them to use it, I will have to install Apache and SQL Server for them. Every method I have thought has fallen short of what I need. I was actually just hoping to use ZendGuard or IonCube but they don't support PHP 5.3.x. Is there a simpler method where I can maybe store a key in the database and make the app run only when it knows its on that server? Maybe create a key based on some random numbers/letters and the machine name, sql server host name and encode/decode this when ever the system is in use? Thanks all for any help or ideas

    Read the article

< Previous Page | 9 10 11 12 13 14 15 16 17 18 19 20  | Next Page >