Search Results

Search found 9715 results on 389 pages for 'bad passwords'.

Page 134/389 | < Previous Page | 130 131 132 133 134 135 136 137 138 139 140 141  | Next Page >

  • What's a good way to encrypt data using an asymmetric key, that's available to both java and ruby?

    - by Michael Campbell
    I have a customer that wants to encrypt some data in his database (not passwords; this needs actual encryption, not hashing). The application which will be doing the encrypting/writing is in Java, but the process which will DECRYPT it is behind a secure firewall, and is written in ruby. The idea was to use a public/private key scheme; the java system would encrypt it with the public key, then the process on his local box would use the private key to decrypt it as needed. I'm looking for any experience anyone has doing something like that; my main question is what sorts of libraries on java and ruby can interoperate with the same keys and data.

    Read the article

  • PHP 5.3, using old authentication?

    - by Geir
    Hi. We're setting up a new webserver with PHP5.3 and are getting the "Error: could not connect: mysqlnd cannot connect to MySQL 4.1+ using old authentication ?" error message. After some google'ing I've found that we should set old passwords = 0 in my.cnf and reset the password(s). But we still have webservers running php 4.x & 5.2 that access the same mysql server (different users & databases), how will these be affected by this ? Will the mysql server be compatible with all the different PHP versions ? Thanks.

    Read the article

  • ASP MVC: Keeping track of logged in users.

    - by user323395
    I'm creating a ASP MVC application. And because of the complex authorization i'm trying to build my own login system. (So i'm not using asp membership providers, and related classes). Now i'm able to create new accounts in the database with hashed passwords. But how do i keep track that a user is logged in. Is generating a long random number and putting this with the userID in the database and cookie enough? Sorry for my rather bad english! Ty in advance :)

    Read the article

  • String encryption only with numbers?

    - by HH
    Suppose your bank clerk gives you an arbitrary password such as hel34/hjal0@# and you cannot remember it without writing it to a paper. Dilemma: you never write passwords to paper. So you try to invent an encryption, one-to-one map, where you write only a key to a paper, only numbers, and leave the rest junk to your server. Of course, the password can consist of arbitrary things. Implemention should work like hel34/hjal0#@ ---- magic ----> 3442 and to other way: 3442 ---- server magic ---> hel34/hjal0#@ [Update] mvds has the correct idea, to change the base, how would you implement it?

    Read the article

  • How can we store password other than plain text?

    - by Eric
    I've found numerous posts on stackoverflow on how to store user passwords. However, I need to know what is the best way to store a password that my application needs to communicate with another application via the web? Currently, our web app needs to transmit data to a remote website. To upload the data, our web app reads the password from a text file and creates the header with payloads and submits via https. This password in plain text on the file system is the issue. Is there any way to store the password more securely? Thanks!

    Read the article

  • What is the MVC version of this code?

    - by Ian Boyd
    i'm trying to wrap my head around how to enterprise up my code: taking a simple routine and splitting it up into 5 or 6 methods in 3 or 4 classes. i quickly came up three simple examples of code how i currently write it. Could someone please convert these into an MVC/MVP obfuscated version? Example 1: The last name is mandatory. Color the text box red if nothing is entered. Color it green if stuff is entered: private void txtLastname_TextChanged(object sender, EventArgs e) { //Lastname mandatory. //Color pinkish if nothing entered. Greenish if entered. if (txtLastname.Text.Trim() == "") { //Lastname is required, color pinkish txtLastname.BackColor = ControlBad; } else { //Lastname entered, remove the coloring txtLastname.BackColor = ControlGood; } } Example 2: The first name is optional, but try to get it. We'll add a bluish tint to this "try to get" field: private void txtFirstname_TextChanged(object sender, EventArgs e) { //Firstname can be blank. //Hint them that they should *try* to get it with a bluish color. //If they do enter stuff: it better be not all spaces. if (txtFirstname.Text == "") { //Nothing there, hint it blue txtFirstname.BackColor = ControlRequired; } else if (txtFirstname.Text.Trim() == "") { //They entered spaces - bad user! txtFirstname.BackColor = ControlBad; } else { //Entered stuff, remove coloring txtFirstname.BackColor = SystemColors.Window; } } Example 3 The age is totally optional. If an age is entered, it better be valid: private void txtAge_TextChanged(object sender, EventArgs e) { //Age is optional, but if entered it better be valid int nAge = 0; if (Int32.TryParse(txtAge.Text, out nAge)) { //Valid integer entered if (nAge < 0) { //Negative age? i don't think so txtAge.BackColor = ControlBad; } else { //Valid age entered, remove coloring txtAge.BackColor = SystemColors.Window; } } else { //Whatever is in there: it's *not* a valid integer, if (txtAge.Text == "") { //Blank is okay txtAge.BackColor = SystemColors.Window; } else { //Not a valid age, bad user txtAge.BackColor = ControlBad; } } } Every time i see MVC code, it looks almost like random splitting of code into different methods, classes, and files. i've not been able to determine a reason or pattern to their madness. Without any understanding of they why it's being one some way, it makes no sense. And using the words model, view, controller and presenter, like i'm supposed to know what that means, doesn't help. The model is your data. The view shows data on screen. The controller is used to carry out the users actions And oranges taste orangy. Here's my attempt at splitting things up in order to make the code more difficult to follow. Is this anywhere close to MVC? private void txtFirstname_TextChanged(object sender, EventArgs e) { FirstnameTextChangedHandler(sender, e); } private void FirstnameTextChangedHandler(sender, e) { string firstname = GetFirstname(); Color firstnameTextBoxColor = GetFirstnameTextBoxColor(firstname); SetFirstNameTextBoxColor(firstnameTextBoxColor); } private string GetFirstname() { return txtFirstname.Text; } private Color GetFirstnameTextBoxColor(string firstname) { //Firstname can be blank. //Hint them that they should *try* to get it with a bluish color. //If they do enter stuff: it better be not all spaces. if (firstname == "") { //Nothing there, hint it blue return GetControlRequiredColor(); } else if (firstname.Trim() == "") { //They entered spaces - bad user! return GetControlBadColor(); } else { //Entered stuff, remove coloring return GetControlDefaultColor(); } } private Color GetControlRequiredColor() { return ControlRequired; } private Color GetControlBadColor() { return ControlBad; } private Color GetControlGoodColor() { return ControlGood; } //am i doin it rite i've obfuscated the code, but it's still altogether. The next step in the MVC obfuscation, i gather, is to hide the code in 3 or 4 different files. It's that next step that i don't understand. What is the logical separation of which functions are moved into what other classes? Can someone translate my 3 simple examples above into full fledged MVC obfuscation? Edit: Not ASP/ASP.NET/Online. Pretend it's on a desktop, handheld, surface, kiosk. And pretend it's language agnostic.

    Read the article

  • Running Services.msc as a different User C#

    - by Simon Mark Smith
    Hi, I have a requirement to create a simple windows forms application that allows an admin user to manage the Services on remote servers. We don't want to give the admins the usernames and passwords to the servers so these will be encrypted and stored in a database. My question is whether or not it is possible to spawn a Services.msc window when impersonating one of the users stored within the database? I have looked at the ProcessStartInfo class but because Services.msc is not an executable it does not seem to like executing this. Any ideas on a simple way of doing the actual impersonation and loading of Services.msc - say off a button click? Thanks

    Read the article

  • Security when writing a PHP webservice?

    - by chustar
    I am writing a web service in PHP for the first time and had ran into some security problems. 1) I am planning to hash passwords using md5() before I write them to the database (or to authenticate the user) but I realize that to do that, I would have to transmit the password in plaintext to the server and hash it there. Because of this I thought of md5()ing it with javascript client side and then rehashing on the server but then if javascript is disabled, then the user can't login, right? 2) I have heard that anything that when the action is readonly, you should use GET but if it modifies the database, you should use POST. Isn't post just as transparent as GET, just not in the address bar?

    Read the article

  • OpenSocial and its usages

    - by Paul Knopf
    I have looked for some explanation on the exact usages for the set of standards known as OpenSocial. I need some clarification if I can use OpenSocial like the following. I would like to create one library used to community with an OpenSocial api for use in my website that will not 'behave' like an application described by common sites like facebook and myspace. I'm not making a myspace of facebook application, I'm creating my own website and I want users to be able to find friends. I would like to allow users to store usernames and passwords for various OpenSocial-supported social networks. I would also like to use the api to sync events from my web site to their specified social network. I would also like to allow my users to view a list of friends and invite them. Is it possible to create one library that supports OpenSocial and simple "point" to and social network that supports it to get a list of friends and etc?

    Read the article

  • Are SqlCipher open cursors a security concern?

    - by user1178479
    I'm using SqlCipher with content providers. Right now, when I want to lock the app I just clear out the cached password. However, the app can continue to work with any open cursors. This means that re-opening the app grants access to the sensitive data. I fix this issue on the surface by redirecting to a login screen if the app doesn't have passwords. However, I'm concerned if there are any security issues with these open cursors or if I should just continue to block UI access and not worry? SqlCipher's docs say that it reads/writes encrypted pages on the fly, as opposed to decrypting the entire DB, this makes me think that open cursors are still secure. The main concern here is that someone loses their phone and then a knowledgeable individual can use these open cursors to extract sensitive data.

    Read the article

  • MySQL User AutoIncrement Permissions Restriction

    - by psayre23
    I have two databases that need to have their auto increment ids on various tables synced. Right now, I have a PHP function that checks the current auto increment id for both tables and then sets the lowest to the highest. If there is a better way to do this, I'm all ears. I really don't want to give the web user alter permissions, as a SQL injection could clear all passwords (or something else silly). Is there any way to restrict a MySQL user to changing auto increment without opening it up to alter statements?

    Read the article

  • Seeking FOSS user admin code

    - by Mawg
    It must be a fairly standard wheel, so I'd rather not reinvent it. Create/modify/delete users. Ditto their passwords & maybe enforce password change every X days. Also, create groups, like "sales", "support", etc and add/remove users. The only unique part should be what they have permission to do (visit certain parts of the site after login, etc) And I'd like to store admin data in an ODBC compliant database (MySql to start with, but I may move on). Is this a new wheel? There doesn't seem to be much of anything on SourceForge, but if I could find something established and trusted I wouldn't even mind paying a few $100 as a trade of for the time needed to develop & test it.

    Read the article

  • PHP Security checklist (injection, sessions etc)

    - by NoviceCoding
    So what kind of things should a person using PHP and MySql be focused on to maximize security. Things I have done: -mysql_real_escape_string all inputs -validate all inputs after escaping em -Placed random alpha numerics before my table names -50character salt + Ripemd passwords Heres where I think I am slacking: -I know know nothing about sessions and securing them. How unsafe/safe is it if all you are doing is: session_start(); $_SESSION['login']= $login; and checking it with: session_start(); if(isset($_SESSION['login'])){ -I heard something about other forms of injection like cross site injection and what not... -And probably many other things I dont know about. Is there a "checklist"/Quicktut on making php secure? I dont even know what I should be worried about.I kinda regret now not building off cakephp since I am not a pro.

    Read the article

  • Hook to make Subversion Read Only for specific users

    - by Shane
    We have an existing Subversion repository that uses LDAP to manage users/passwords. There are some new users who we would like to provide read-only access to SVN. I did some Google searches and found a way to open up read-only access to anonymous users, but this is not what we want. We do not want to open up SVN to everyone. We still want to control login through LDAP, but we would like to prevent certain named users from being able to add/edit/delete. I am assuming this can be done with a hook (pre-commit?), but I have no experience writing hooks. Can someone show me or point me to an example of how to do this?

    Read the article

  • Silverlight and Active Directory Interaction

    - by Refracted Paladin
    I am planning to familiarize(read teach) myself with Silverlight by building an in-house app for managing our employees. I, obviously, would need this to interact with Active Directory on some level. What are my options? Has anyone tried this before? I am currently going to explore using Services(WCF???) to do the AD interaction portion? Thoughts? There is also this SO Post on using PowerShell to interact with AD. Maybe that is a possibility? Thanks, EDIT: Too clarify what I meant by "...interact with Active Directory..." I was referring to being able to create New Users, reset they're passwords, change they're Member Of groups, etc. Not JUST authenticating through AD. Does this make it clearer?

    Read the article

  • git, SSH_ASKPASS on windows

    - by Martin Schreiber
    I am writing a graphical git frontend for Linux and Windows (MSEgit) based on MSEide+MSEgui. MSEgit has an internal console window which communicates with git by pipes. On Linux it uses a PTY so SSH asks for key unlocking passwords on the PTY. On Windows I wrote a small password entry application and set the SSH_ASKPASS environment variable accordingly. SSH calls the password application if git is started with CreateProcess() dwCreationFlags DETACHED_PROCESS set but the password entry window will not be focused, its taskbar icon flashes instead. SSH does not run the password application if FreeConsole() is called to be sure that there is no attached console to MSEgit and git is started without DETACHED_PROCESS but CREATE_NO_WINDOW instead. I assume a Windows equivalent of POSIX setsid() should be called. How can I force SSH to use SSH_ASKPASS without the DETACHED_PROCESS flag? If this is not possible, how can I ensure that the password entry window is focused?

    Read the article

  • Secure way to backup MySQL databases?

    - by user203538
    What is the best/secure way to backup a mysql database on windows server (2008)? I have "MySQL Administrator" but that requires that you save passwords for backup project. I'm not keen on doing as anyone gaining access to the server would then have easy access to the database. Can you do anything similar to SQL Server like using Windows authentication. If not what is the most secure (and practical) way of backups. Lastly, what are the privileges needed to backup a database? I have created a single user just for this task. Please advise.

    Read the article

  • PHP Variable Encryption

    - by NCoder
    I have the following code that creates an encryption in PHP: $password = "helloworld"; $passwordupper = strtoupper($password); $passwordencode = mb_convert_encoding($passwordupper, 'UTF-16LE'); $passwordsha1 = hash("SHA1", $passwordencode); $passwordbase64 = base64_encode($passwordsha1); The instructions I have from the system I'm trying to connect to states: The encoding process for passwords is: first convert to uppercase, then Unicode it in little-endian UTF 16, then SHA1 it then base64 encode it. I think I'm doing something wrong in my code. Any ideas?! Thanks! NCoder

    Read the article

  • Cannot connect to MySQL 4.1+ using old authentication

    - by B T
    I'm trying to connect to a mySQL database at http://bluesql.net, but when I try to connect, it gives this error: Connect Error (2000) mysqlnd cannot connect to MySQL 4.1+ using old authentication I've looked into this, and it has to do with some old password scheme used before MySQL 4.1. Newer versions have the option to use old passwords, which I've read may cause this problem. I'm running php 5.3, and connecting with mySQLi (new mysqli(...)). I'm hoping I can do something in the code to connect to the DB at bluesql.net - clearly I don't control how their database is set up. Downgrading php versions isn't an option. Anyone have any ideas?

    Read the article

  • How to generate random strings that match a given regexp?

    - by Pies
    Duplicate: Random string that matches a regexp No, it isn't. I'm looking for an easy and universal method, one that I could actually implement. That's far more difficult than randomly generating passwords. I want to create an application that takes a regular expression, and shows 10 randomly generated strings that match that expression. It's supposed to help people better understand their regexps, and to decide i.e. if they're secure enough for validation purposes. Does anyone know of an easy way to do that? One obvious solution would be to write (or steal) a regexp parser, but that seems really over my head. I repeat, I'm looking for an easy and universal way to do that. Edit: Brute force approach is out of the question. Assuming the random strings would just be [a-z0-9]{10} and 1 million iterations per second, it would take 65 years to iterate trough the space of all 10-char strings.

    Read the article

  • How do i setup Login module in my web application? in Java?

    - by Nitesh Panchal
    Hello, I am making web application in java. My username and passwords as well as roles are stored in database. I could use jdbcRealm, but it forces me to use a specific structure which i dont have in my project. So, how do i do it? I am using Glassfish v3.0 with Netbeans 6.8. I read few tutorials about custom LoginModule but i am not getting anything out of it. How do you all people do it practically in your projects? If you can show me code of custom LoginModule then also it will do. Waiting for replies.

    Read the article

  • Leaving SQL Management open on the internet

    - by Tim Fraud
    I am a developer, but every so often need access to our production database -- yeah, poor practice, but anyway... My boss doesn't want me directly on the box using RDP, and so we decided to just permit MS SQL Management Console access so that I can do my tasks. So right now we have the SQL box somewhat accessible on the internet (on port 1433 if I am not mistaken), which opens a security hole. But I am wondering, how much of an uncommon practice is this, and what defaults should I be concerned about? We use MSSQL2008 and I created an account that has Read-Only access, because my production tasks only need that. I didn't see any unusual default accounts with default passwords on the system, so I would be interested to hear your take. (And of-course, is there a better way?)

    Read the article

  • Do encryption algorithms provide really unique results?

    - by Mikulas Dite
    I was wondering whether md5, sha1 and anothers return unique values. For example, sha1() for test returns a94a8fe5ccb19ba61c4c0873d391e987982fbbd3, which is 40 characters long. So, sha1 for strings larger than 40 chars must be the same (of course it's scrambled, because the given input may contain whitespaces and special chars etc.). Due to this, when we are storing users' passwords, they can enter either their original password or some super-long one, which nobody knows. Is this right, or do these hash algorithms provide really unique results - I'm quite sure it's hardly possible.

    Read the article

  • Connect to a DB with an encrypted password with Django?

    - by Liam
    My place of employment requires that all passwords must be encrypted, including the ones used to connect to a database. What's the best way of handling this? I'm using the development version of Django with MySQL at the moment, but I will be eventually migrating to Oracle. Is this a job for Django, or the database? Edit: The encrypted password should be stored in the settings.py file, or somewhere else in the filesystem. This is the password that will be used to connect to the database.

    Read the article

  • Best Solution For Authentication in Ruby on Rails

    - by Dan Wolchonok
    I'm looking for a pre-built solution I can use in my RoR application. I'm ideally looking for something similar to the ASP.NET Forms authentication that provides email validation, sign-up controls, and allows users to reset their passwords. Oh yeah, and easily allows me to pull the user that is currently logged into the application. I've started to look into the already written pieces, but I've found it to be really confusing. I've looked at LoginGenerator, RestfulAuthentication, SaltedLoginGenerator, but there doesn't seem to be one place that has great tutorials or provide a comparison of them. If there's a site I just haven't discovered yet, or if there is a de-facto standard that most people use, I'd appreciate the helping hand.

    Read the article

< Previous Page | 130 131 132 133 134 135 136 137 138 139 140 141  | Next Page >