Search Results

Search found 11785 results on 472 pages for 'password protection'.

Page 137/472 | < Previous Page | 133 134 135 136 137 138 139 140 141 142 143 144 | Next Page >

Prevent strings stored in memory from being read by other programs

- by Roy

Some programs like ProcessExplorer are able to read strings in memory (for example, my error message written in the code could be displayed easily, even though it is compiled already). Imagine if I have a password string "123456" allocated sequentially in memory. What if hackers are able to get hold of the password typed by the user? Is there anyway to prevent strings from being seen so clearly? Oh yes, also, if I hash the password and sent it from client to server to compare the stored database hash value, won't the hacker be able to store the same hash and replay it to gain access to the user account? Is there anyway to prevent replaying? Thank You!

Read the article
Document.oncontextmenu, component is not available (firefox)

- by Tom J Nowell

I have a script for a website, and one of the things ti does right at the end if attempt to disable an anti-right click protection in a website if($("span[class=MembersNameDisplay]").exists()){ var list_row = document.getElementsByTagName('script'); if(list_row != null){ list_row[0].parentNode.removeChild(list_row[0]); } } document.oncontextmenu=new Function("return true"); In google chrome this works, however in firefox with greasemonkey, the last line fails and the protection is not removed. Error: Component is not available Line: 171 How do I fix this, and why does it fail under firefox?

Read the article
Inserting data using Linq

- by Ani

I have a linq query to insert data in table. but its not working. I saw some example on internet tried to do like that but doesn't seems to work. Tablename: login has 3 columns userid, username and password. I set userid as autoincrementing in database. So I have to insert only username and password everytime.Here's my code. linq_testDataContext db = new linq_testDataContext(); login insert = new login(); insert.username = userNameString; insert.Password = pwdString; db.logins.Attach(insert);// tried to use Add but my intellisence is not showing me Add.I saw attach but dosent seems to work. db.SubmitChanges();

Read the article
Call to a member function query() on a non-object

- by Randy Gonzalez

Ok, this is so weird!!! I am running PHP Version 5.1.6 when I try and run the code below it gives a fatal error of an object that has not been instantiated. As soon as I un-comment this line of code //$cb_db = new cb_db(USER, PASSWORD, NAME, HOST); everything works. Even though I have declared the $cb_db object as global within in the method. Any help would be greatly appreciated. require_once ( ROOT_CB_CLASSES . 'db.php'); $cb_db = new cb_db(USER, PASSWORD, NAME, HOST); class cb_user { protected function find_by_sql( $sql ) { global $cb_db; //$cb_db = new cb_db(USER, PASSWORD, NAME, HOST); $result_set = $cb_db->query( $sql ); $object_array = array(); while( $row = $cb_db->fetch_array( $result_set ) ) { $object_array[] = self::instantiate( $row ); } return $object_array; } }

Read the article
Convert VB6 Randomize to C#

- by Thomas G. Mayfield

I'm writing a C# frontend to a legacy database that uses VB6 Rnd() and Randomize() methods for user password encryption. The encryption function is very simplistic and really not all that secure, but it's what all current passwords are stored with. What I'd like to be able to do is authenticate legacy users from a C# application. I can write new encryption (or preferably hashing) code for VB6 so that all future users have a more secure password, and that can be duplicated in C#. But I don't want to require current users to have had their password reset before they can use the new frontend. Is there any way I can reimplement that algorithm in C# so that it produces identical results to the legacy VB6 code?

Read the article
if isset PHP not working?

- by Ellie

Okay, Im trying to set a captcha up, However with this code in, it breaks. if(isset($_POST["captcha"])) if($_SESSION["captcha"]==$_POST["captcha"]) When i do it with out it, the page works, but the captcha is letting incorrect submits through. Parse error: syntax error, unexpected '"', expecting T_STRING or T_VARIABLE or T_NUM_STRING in /hermes/waloraweb085/b2027/moo.lutarinet/jointest.php on line 71 <?php $pagetitle = "Home"; $checkrank = 0; include ($_SERVER['DOCUMENT_ROOT'].'/header.inc.php'); ECHO <<<END <br><br> <b><center><i><u>DO NOT</u> USE YOUR NEOPETS PASSWORD OR PIN NUMBER!!!</b></i></center> <p> ?> <?php session_start() ?> <center><P><FORM ACTION="join.pro.php" enctype="multipart/form-data" METHOD=POST> <table width="393" height="188" border="0" cellpadding="0" cellspacing="0"> <td width="150">Username</td> <td width="243"><input type=text name="name" value="" size=32 maxlength=15></td> </tr> <tr> <td>Password</td> <td><input type=password name="pass1" VALUE="" maxlength=15></td> </tr> <tr> <td>Confirm Password</td> <td><input type=password name="pass2" VALUE="" size=32 maxlength=15></td> </tr> <tr> <td>Security Code (4 Diget Number)</td> <td><input type=password name="security" VALUE="" size=32 maxlength=4></td> </tr> <tr> <td>Email Address</td> <td><INPUT TYPE=text NAME="email" VALUE="" SIZE=32 maxlength=100></td> </tr> <tr> <td height="41" colspan="2" valign="middle"><p><p><center> By registering an account here you agree to all of our <A HREF="$baseurl/tos.php">Terms and Conditions</A>. You can also view our <A HREF="$baseurl/privacy.php">Privacy Policy</A>. </center></p></td> </tr> <tr><td align="center">CAPTCHA:<br> (antispam code, 3 black symbols)<br> <table><tr><td><img src="captcha.php" alt="captcha image"></td><td><input type="text" name="captcha" size="3" maxlength="3"></td></tr></table> </td></tr> <td height="27" colspan="2" valign="middle"> <center><input type=submit name=Submit value="Register"></center> </td> </table> </form> <?php if(isset($_POST["captcha"])) if($_SESSION["captcha"]==$_POST["captcha"]) { //CAPTHCA is valid; proceed the message: save to database, send by e-mail ... echo 'CAPTHCA is valid; proceed the message'; } else { echo 'CAPTHCA is not valid; ignore submission'; } ?> <?php END; include ($_SERVER['DOCUMENT_ROOT'].'/footer.inc.php'); ?> captcha.php <?php session_start(); header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); header("Cache-Control: no-store, no-cache, must-revalidate"); header("Cache-Control: post-check=0, pre-check=0", false); header("Pragma: no-cache"); function _generateRandom($length=6) { $_rand_src = array( array(48,57) //digits , array(97,122) //lowercase chars // , array(65,90) //uppercase chars ); srand ((double) microtime() * 1000000); $random_string = ""; for($i=0;$i<$length;$i++){ $i1=rand(0,sizeof($_rand_src)-1); $random_string .= chr(rand($_rand_src[$i1][0],$_rand_src[$i1][1])); } return $random_string; } $im = @imagecreatefromjpeg("http://sketchedneo.com/images/sitedesigns/captcha.jpg"); $rand = _generateRandom(3); $_SESSION['captcha'] = $rand; ImageString($im, 5, 2, 2, $rand[0]." ".$rand[1]." ".$rand[2]." ", ImageColorAllocate ($im, 0, 0, 0)); $rand = _generateRandom(3); ImageString($im, 5, 2, 2, " ".$rand[0]." ".$rand[1]." ".$rand[2], ImageColorAllocate ($im, 255, 0, 0)); Header ('Content-type: image/jpeg'); imagejpeg($im,NULL,100); ImageDestroy($im); ?> Help please anyone? Line 71: if(isset($_POST["captcha"])) Line 72: if($_SESSION["captcha"]==$_POST["captcha"])

Read the article
Service-Based Authentication Using Tokens

- by jerhinesmith

I'm having a tough time trying to find clear and concise examples of how one would implement a service-based authentication scheme using tokens. As far as I can tell, the basic steps are as follows: Client requests username/password from user Client passes username/password to identity provider Provider checks username/password and sends back a token if the user is valid Client does something with the token? The third and fourth step are where I'm getting stuck. I assume the "token" in this case just has to be either an encrypted string that the client can decrypt or some random string that gets stored somewhere (i.e. a database) that the client can then verify against, but I'm not really sure what the client is then supposed to do with the token or why you even need a token at all -- couldn't a simple user ID also suffice?

Read the article
authentication of webapps when passwords are hashed with bcrypt

- by dubreakkk

I created a GWT project which requires authentication. Initially, the users' passwords were in plain text, but now I would like to hash them with BCrypt. I searched but I cannot find a place describing how to make Jetty authenticate against a BCrypt hashed password. I'm sending the password to the server using a FORM in plain text and over SSL. What do I need to do to make Jetty hash this password and compare it to the one in the database? Thank you;

Read the article
ActionController::InvalidAuthenticityToken: verified with authentication token on the form!

- by goodwill

I don't know why it happens but my form for some reason does not post properly. I am very sure the form contains the required authentication token: <form action="/account/complete_verify_email/4df78710-e27b-4527-bd2d-71cd2e9a1271" method="post"><div style="margin:0;padding:0"><input name="authenticity_token" type="hidden" value="341b07dfa682ed11a045e19956e2e3f5f499e8cb"></div> <input id="password" name="password" type="password"> <input name="commit" type="submit" value="Continue"> </form> Note the authenticity_token is there. What happened? And YOU KNOW WHAT? Quitting Safari and restart again solved the issue... but I can't think of what kind of intermittent behaviour could cause such problem.

Read the article
[Android] How do I load URL that requires login into variable?

- by bebeTech

I am trying to port my usage meter from a JavaScript Gadget (win) / Widget (OSX) to Android. Total newbie when comes to JAVA + Eclipse + Android 2.1 SDK. Essentially what I want to do is load a page, pass through a username and password and load the resulting page into a array that I can then run some regular expressions through. My code from JavaScript (I've replace the actual URL with a dummy one) is: xmlhttp.open("post","https://acme.com.au/your_account/index.php?function=login",false); xmlhttp.setRequestHeader("If-Modified-Since", "Sat, 1 Jan 2000 00:00:00 GMT"); xmlhttp.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); xmlhttp.send("check_username=" + username + "&password=" + password); I need to know the Android equivalent to the above please. I've played around with WebView but that loads the page in a web browser which isn't what I want.

Read the article
What's wrong with XOR encryption?

- by Colin

I wrote a short C++ program to do XOR encryption on a file, which I may use for some personal files (if it gets cracked it's no big deal - I'm just protecting against casual viewers). Basically, I take an ASCII password and repeatedly XOR the password with the data in the file. Now I'm curious, though: if someone wanted to crack this, how would they go about it? Would it take a long time? Does it depend on the length of the password (i.e., what's the big-O)?

Read the article
Django design question: extending User to make users that can't log in

- by jobrahms

The site I'm working on involves teachers creating student objects. The teacher can choose to make it possible for a student to log into the site (to check calendars, etc) OR the teacher can choose to use the student object only for record keeping and not allow the student to log in. In the student creation form, if the teacher supplies a username and a password, it should create an object of the first kind - one that can log in, i.e. a regular User object. If the teacher does not supply a username/password, it should create the second type. The other requirement is that the teacher should be able to go in later and change a non-logging-in student to the other kind. What's the best way to design for this scenario? Subclass User and make username and password not required? What else would this affect?

Read the article
error string list handle in C#

- by Chelsea_cole

Same namespace: 2 forms. public class Account //frm1 { public string Username; public string Password; } public class ListAcc { public static List<Account> UserList; } private void button1_Click(object sender, EventArgs e) { List<Account> UserList = new List<Account>(); Account acc = new Account(); acc.Username = textBox1.Text; acc.Password = textBox2.Text; UserList.Add(acc); } private void button2_Click(object sender, EventArgs e) //frm2 { string p = frmDangky.ListAcc.UserList[0].Username; // null ->error string p = frmDangky.ListAcc.UserList[0].Password; // null ->error } Someone help me? :( why my string is NULL???????? The textBox is not empty... Thanks!

Read the article
Ruby On Rails : db:migrate do not run

- by user332219

Hi, When i run this command i have an error : rake db:migrate --trace rake aborted! NoMethodError: undefined method `ord' for 0:Fixnum: SET NAMES 'utf8' see the log file here : http://patxi.mayol.free.fr/public/trace.txt my database.yml file is here : MySQL. Versions 4.1 and 5.0 are recommended. # development: adapter: mysql encoding: utf8 reconnect: false database: annuaire_development pool: 5 username: root password: host: 127.0.0.1 test: adapter: mysql encoding: utf8 reconnect: false database: annuaire_test pool: 5 username: root password: host: 127.0.0.1 production: adapter: mysql encoding: utf8 reconnect: false database: annuaire_production pool: 5 username: root password: host: 127.0.0.1 Thanks My config : WampServer 2.0 with MySQL 5.0.51a Aptana 2.0.4 Ruby 1.8.5 Gems: actionmailer (2.3.4, 2.3.2) actionpack (2.3.4, 2.3.2) activerecord (2.3.4, 2.3.2) activeresource (2.3.4, 2.3.2) activesupport (2.3.4, 2.3.2) cgi_multipart_eof_fix (2.5.0) fastthread (1.0.1) gem_plugin (0.2.3) linecache (0.43) mongrel (1.1.5) mysql (2.8.1, 2.7.3) rack (1.0.0) rails (2.3.4, 2.3.2) rake (0.8.7) ruby-debug-base (0.10.3) ruby-debug-ide (0.4.5) sqlite3-ruby (1.2.1)

Read the article
connect perl with mssql

- by Bharanikumar

i have user id, password,databasename, datasource details, i want to connect perl with mssql server, i just used following snippet, but getting error, #!/usr/bin/perl -w use strict; use DBI; my $data_source = q/dbi:ODBC:192.168.3.137/; my $user = q/bharani/; my $password = q/123456/; # Connect to the data source and get a handle for that connection. my $dbh = DBI->connect($data_source, $user, $password) or die "Can't connect to $data_source: $DBI::errstr"; My Error DBI connect('192.168.3.137','bharani',...) failed: [Microsoft][ODBC Driver Manag er] Data source name not found and no default driver specified (SQL-IM002) at my sqlconnect.pl line 14 Can't connect to dbi:ODBC:192.168.3.137: [Microsoft][ODBC Driver Manager] Data s ource name not found and no default driver specified (SQL-IM002) at mysqlconnect .pl line 14. Information: my sql server present in another system, am just trying to connect with above details, plz tellme, i should crease DSN in my system, or anything i missed in my program

Read the article
Rake migration aborted

- by user2537714

I'm running Ruby 2.0.0 and I installed it correctly. Just loaded up a gem 'devise' and as I tried to migrate my database changes, it wouldn't work: $ rake db:migrate rake aborted! attr_accessible is extracted out of Rails into a gem. Please use new recommended protection model for params(strong_parameters) or add protected_attributes to your Gemfile to use old one. Then, following another Stackoverflow post, they recommended installing Bundler. I did that successfully and got this: $ bundle exec rake db:migrate rake aborted! attr_accessible is extracted out of Rails into a gem. Please use new recommended protection model for params(strong_parameters) or add protected_attributes to your Gemfile to use old one. Is anyone up to the challenge to help?

Read the article
Hashbytes comparison in stored proceduring not matching record

- by Michael Itzoe

The password field in my user table (SQL Server 2008) is encrypted using HASHBYTES on insertion. I have a stored procedure with parameters for the username and plain-text password which does a SELECT using that username and the password sent through HASHBYTES, then returns the user record if it finds a match. The SP is always returning an empty recordset, but if I copy and paste just the SELECT from the SP to a new query window, it returns the matched record. There're no other statements in the SP. I'm missing something here; what is it?

Read the article
Sending passwords over the web

- by Falmarri

So I'm working on a mobile platform application that I'd like to have users authenticate over the web. I was wondering the best way to do security. The user is sending a password for HTTP to a php server wich authenticates against a mysql database on the same server. Obviously I don't want to send the password in plain text over the internet, but I also don't want to do 2 SHA hashes. This is what the server looks like (in pseudocode) $pass = $_POST['pass']; if ((get PASSWORD where USERNAME = USERNAME) == SHA($pass)) return PASS; This is pretty standard and I don't think there's any other way to do this. But I was wondering how I should prepare the data before sending it over the internet.

Read the article
How to get result size from an SQL query and check size

- by Jimmy

Hi I'm trying to write a piece of code for a simple verification method as part of a MVC. At present the SQL is not written as a prepared statement so obviously it is at risk to a SQL injection so any help in regards to writing the SQL as a prepared statement would be really helpful. The method which is in the User model. public boolean getLoginInfo() { try { DBAccess dbAccess = new DBAccess(); String sql = "SELECT username, password FROM owner WHERE username = '" + this.username + "'AND password = '" + this.password + "';"; dbAccess.close();dbAccess.executeQuery(sql); dbAccess.close(); return true; } catch (Exception e) { return false; } } I want to get the size of the result set which is generated by the SQL query and if the size of it is 1 return true else it's false. If you need more info on the rest of the MVC just post and I'll get it up here.

Read the article
Cannot start jboss remotely in ruby (Net::SSH)

- by Jared

I am trying to start/stop jboss remotely with ruby Net::SSH library. I am able to stop jboss with the following code: require 'net/ssh' Net::SSH.start('xx.xx.xx.xx', 'jboss', :password => "jboss") do |session| session.open_channel do |channel| channel.request_pty(:term => 'xterm') do |ch, success| raise "could not request pty!" unless success channel.exec "/etc/init.d/jboss_new stop\n" end puts "shell opened" channel.on_data do |channel, data| puts data sleep 1 if data =~ /Password: / sleep 2 channel.send_data("jboss\n") end end end end But when I substitute stop with start I get nothing in return, jboss is not started. I changed password to invalid and get a response su: Authentication failure Is there any gimmick here? Can you please advise what is wrong?

Read the article
PHP 2-way encryption: I need to store passwords that can be retrieved

- by gAMBOOKa

I am creating an application that will store passwords, which the user can retrieve and see. The passwords are for a hardware device, so checking against hashes are out of the question. What I need to know is: How do I encrypt and decrypt a password in PHP? What is the safest algorithm to encrypt the passwords with? Where do I store the private key? Instead of storing the private key, is it a good idea to require users to enter the private key any time they need a password decrypted? (Users of this application can be trusted) In what ways can the password be stolen and decrypted? What do I need to be aware of?

Read the article
Android and PHP - Do I need to use sessions?

- by jtnire

I have created an Android App that communicates with a PHP web server. They both send JSON to each other. My App is almost finished, however there is one thing left to do: authentication. Since the user's username and password will be stored in Android SharedPreferences, is there any need to use PHP sessions, given that the user won't need to enter the username/password at every request? Since I can just send the username and password in the HTTP POST header for every request, and that I will be using SSL, is this sufficient? I guess I could add an extra field in the header called 'random' that just adds a random value, just to use as a salt so that the encrypted SSL payload will be different everytime. The reason why I don't want to use sessions is that my Android App would either have to handle cookies, or managed the storage of the session ID. If there are some serious cons to using my method above, then I'm more than happy to use sessions, however all advice is appreciated. Thanks

Read the article
MVC Forms Authentication with custom database

- by AndrewVos

I'm trying to get forms authentication working for an mvc site. I have a custom database with a users table, and I would like to do my own password validation. I am logging in my user like this: if (PasswordHasher.Hash(password) == dataUser.Password) { FormsAuthentication.SetAuthCookie(email, true); return true; } The problem is, when the session expires obviously the user has to login again. I am thinking I should be storing this Auth cookie in my users table? Update: I'm obviously in desperate need of more education in this area. I just noticed that the user stays authenticated even after an iisreset. I guess what I'm asking is how can I get persistent and non persistent authentication working properly. I want a user to not have to login again if they click "remember", and if they don't then their authentication should expire when the forms authentication is set to expire.

Read the article
How? Encrypt and Decrypt user membership passwords in ASP.NET

- by smdrager

We are creating a new site using ASP.NET membership provider for user registration and log in. Our old system encrypted user passwords so that we could recover them if we needed to. I am having a great deal of trouble figuring out if it is possible to use ASP.NET membership functions to simply encrypt the password when the user registers and then unencrypt it so I can see it. Documentation for this is neigh non-existant. I know how to configure Web.config to have it store passwords as encrypted ala passwordFormat="Hashed" in the provider and assigning a validationKey in the machineKey, however it seems like the password still gets hashed (though perhaps it is just well encrypted). Either way I cannot decifer how the password can be recovered (by us) if neccessary. Thanks!

Read the article
How not to lose focus on a login page

- by Misha Moroshko

I have a simple login form with 2 input fields: "username" and "password". "username" field is focused by default. The problem is that when user clicks outside "username" or "password" fields, the focus is gone (it is neither on "username" nor on "password" fields"). How can I force the focus to be on these 2 fields only ? In my case, this is a really annoying behavior, so I really want to do this :) Can I do something like: $("*").focus(function() { if (!$(this).hasClass("my_inputs_class")) { // How to stop the focusing process here ? } }); ?

Read the article

< Previous Page | 133 134 135 136 137 138 139 140 141 142 143 144 | Next Page >