Search Results

Search found 7554 results on 303 pages for 'shared secret'.

Page 153/303 | < Previous Page | 149 150 151 152 153 154 155 156 157 158 159 160  | Next Page >

• Selection of parameters in Diffie-Hellman

  - by allenzzzxd

  Hello, maybe it's not so proper to ask this question here... anyway, I'm trying to use the gmp library for the implementation of DH, but the problem here I got is: Once, when I was doing the tests to observe the output, although big values of prime and the private keys were selected: p was about more than 300 digits long in decimal a, b were about 100 digits long finally I got a shared secret key which was extremely small, perhaps smaller than 10^8 in decimal... This problem didn't show up many times, in fact, during all the observation, it appeared just once...but still, this was not so good at all. So I wonder if there are some methods which can avoid this... Thanx a lot

  Read the article

• [Rais] OAuth with Digg API

  - by Karl

  I'm attempting to get Rails to play nice with the Digg API's OAuth. I'm using the oauth gem (ruby one, not the rails one). My code looks approximately like this: @consumer = OAuth::Consumer.new(API_KEY, API_SECRET, :scheme => :header, :http_method => :post, :oauth_callback => "http://locahost:3000", :request_token_url => 'http://services.digg.com/1.0/endpoint?method=oauth.getRequestToken', :access_token_url => 'http://services.digg.com/1.0/endpoint?method=oauth.getAccessToken', :authorize_url => 'http://digg.com/oauth/authorize') @request_token = @consumer.get_request_token session[:request_token] = @request_token.token session[:request_token_secret] = @request_token.secret redirect_to @request_token.authorize_url Which is by-the-book in terms of what the gem documentation gave me. However, Digg spits a "400 Bad Request" error back at me when @consumer.get_request_token is called. I can't figure out what I'm doing wrong. Any ideas?

  Read the article

• Authenticating stackoveflow programatically - OpenID

  - by Ben Reeves

  I would like to add up and down voting to my iPhone appilcation - MyStacks, for this I need the to be able to authenticate the user with SO. I'm look at adapting the Twitter-OAuth-iPhone library. However The problem I have is obtaining the consumer and secret key. to use OAuth, do I need to obtain a different key for each provider? In order to obtain a consumer key from google the application needs to have a domain name, but this being an iPhone app of course i don't have one, does this mean that I can't use OAuth? Is there any other way to programatically authenticate SO? Thanks, Ben

  Read the article

• Hiding a value in an Android application

  - by Ewan

  Hi, I need to hide a value in a mobile (Android OS) application. As far as I can see, encrypting the value is of no use as the key to the encryption mechanism must be available to the program and is thus available to an attacker reverse-engineering the code. So, it seems that the only "solution" is to hide the secret value in the application as well as possible, obviously not ideal. Any comments? Am I missing something? If not, what's the best way to hide the value? Thanks for your ideas! Ewan

  Read the article

• problem with facebook api - Keeps redirecting

  - by Megan

  I created an application with a name and connect URL on facebook. I put below code in test.php here (test.php): include_once 'facebook.php'; $fb = new Facebook('api_key', 'secret'); $user = $fb->require_login(); echo $fb->api_client->user; echo $fb->api_client->session_key; when I go to that page, it takes me to facebook login, after I login it redirects me to same test.php with an auth_token. But it doesn't stop there. For some reason, the script is taking me to facebook again and since I already logged in facebook redirecting me to test.php with another auth_token just like below /test.php?auth_token=76a6eb21b872cdfe787ea85a240905dd&auth_token=597d7532bf53c8ce37cc003bcf7d2905 It never stops there, test.php taking me to facebook again and again :( Please tell me what wrong?? Thanks a lot

  Read the article

• OpenSSL "Seal" in C (or via shell)

  - by chpwn

  I'm working on porting some PHP code to C, that contacts a web API. The issue I've come across is that the PHP code uses the function openssl_seal(), but I can't seem to find any way to do the same thing in C or even via openssl in a call to system(). From the PHP manual on openssl_seal(): int openssl_seal ( string $data , string &$sealed_data , array &$env_keys , array $pub_key_ids ) openssl_seal() seals (encrypts) data by using RC4 with a randomly generated secret key. The key is encrypted with each of the public keys associated with the identifiers in pub_key_ids and each encrypted key is returned in env_keys . This means that one can send sealed data to multiple recipients (provided one has obtained their public keys). Each recipient must receive both the sealed data and the envelope key that was encrypted with the recipient's public key. What would be the best way to implement this? I'd really prefer not to call out to a PHP script every time, for obvious reasons.

  Read the article

• python foursquare - SSL3 certificate verify failed

  - by user1814277

  I'm trying to make a userless request to the Foursquare API using Mike Lewis' Python wrapper - https://github.com/mLewisLogic/foursquare: client = foursquare.Foursquare(client_id=Client_ID, client_secret=Client_Secret) categs = client.venues.categories() Intermittently, I get a "Error connecting to Foursquare API" msg. Running a logger to catch a more detailed message produces: "SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed" This didn't use to happen and occurs both on my local Windows development machine and on a server running ubuntu. Am I missing something basic here about security certificates? The problem is intermittent and sometimes just leaving it a minute and retrying fixes the problem temporarily. I've downloaded the latest 20120716 version of the wrapper although in the code for init.py it still says API_VERSION = '20120608'. I'm using Python 2.73 and have also signed up for the Foursquare API key, using the id and secret in the above code. I listed the urls, using my local IP:8000 and tried using separate keys for the local and dev machines but this seems to make no difference. Help much appreciated. Thanks.

  Read the article

• Twitter oauth_callback parameter being ignored!

  - by Astrofaes

  Hi guys, I'm trying to get Twitter authentication working on my ASP.NET site. When you create the app on the Twitter website, you have to specify a callback URL, which for sake of argument, I have set to http://mydomain.com I've read the oAuth 1.0a spec, and to override this callback URL with your own custom one you have to send the oauth_callback parameter in the request_token phase (url-encoded of course). So my request URL looks like this: http://twitter.com/oauth/request_token?oauth_callback_url=http%3A%2F%2Fmydomain.com%2Ftwittercallback Supposedly, if all goes to plan, in your response data, you are supposed to receive a new parameter of oauth_callback_confirmed=true in addition to your token and token secret parameters. However, my response comes through as: oauth_token=MYTOKEN&oauth_token_secret=MYTOKENSECRET I know I haven't given you guys the greatest amount to go on, but I'm at my wits end as to why I am not receiving the oauth_callback_confirmed parameter. Without this, my application keeps defaulting back to the callback URL hard-coded on the Twitter website. Please if anyone could help me out, I will be eternally grateful! Thanks, A.

  Read the article

• Authenticated Referrals & Server-Side Auth Flow - What is the redirect_uri?

  - by Brian P. Hamachek

  From an authenticated referral (such as from a timeline story) to my website, I am trying to use the server-side authentication flow to obtain an access token for the referred user. I need to pass my app secret, the auth code, and the original redirect URI to the Facebook access token endpoint. Since I did not initiate the authentication request, how do I determine the original redirect_uri? The link from the Facebook timeline looks like: http://www.facebook.com/connect/uiserver.php?app_id=153644678059870&method=permissions.request&redirect_uri=http%3A%2F%2Fwww.wnmlive.com%2Fpost%2F141833948%3Ffb_action_ids%3D10100708033267487%26fb_action_types%3Dwnm-live%253Acomment%26fb_source%3Drecent_activity&response_type=code&display=page&auth_referral=1 So I figure that the redirect URI I need to pass is: http%3A%2F%2Fwww.wnmlive.com%2Fpost%2F141833948%3Ffb_action_ids%3D10100708033267487%26fb_action_types%3Dwnm-live%253Acomment%26fb_source%3Drecent_activity The URI that the user is ultimately redirected to is: http://www.wnmlive.com/post/141833948?fb_action_ids=10100708032119787&fb_action_types=wnm-live%3Apost&fb_source=recent_activity&code=AQALK-Mwb_Nwi4z7FWnFaL6tEXvNtVJiRKrgarG9X73sp22TJyk8v2GWKtuXuevJk4hPSRNnuNpEgZXLFdOS_k-pY-mE15DYytIa8Y7VdSw3VL-XYi-CR9BCqRQGq4uBJvSSdZayCp6MWzDMaNqWd5r8OhKVnOhg_yDlvfoLl21N2SMwkJaOfD5mlPnPb5A-Q4A#_=_ Is it safe to assume that I can just chop off everything starting with the "&code=" and use that as the redirect URI?

  Read the article

• Writing Facebook apps in C#

  - by Water Cooler v2

  Hi, I am a C# developer and fancy the idea of writing a C# app or two to integrate with the Facebook API. I read from this page: http://wiki.developers.facebook.com/index.php/User:C_Sharp that there's this Microsoft SDK for Facebook Platform that has binary assemblies that I can use to write my C# app. As a start, I want to try out the example mentioned on the above-mentioned page -- one that gets me a friend list. The problem is: I am completely new to this Facebook development thing and I see I am going to need, at the very least, an API Key and some Facebook service Secret key or some such, to begin writing some code. Do I also need a developer account? Where do I get all these things from?

  Read the article

• Invalid AuthenticityToken everywhere

  - by bwizzy

  I have a rails app that I just deployed which is generating Invalid AuthenticityToken errors anywhere a form is submitted. The app uses subdomains as account names and will also eventually allow for a custom domain to be entered. I have an entry in production.rb to allow for cross-domain session handling. The problem is that you can't login / or submit any form because everything raises an Invalid AuthenticityToken error. The issue looks similar but not the same as http://stackoverflow.com/questions/1201901/rails-invalid-authenticity-token-after-deploy plus I'm not using mongrel. I've tried clearing cookies in the browser, and restarting passenger but no luck. Anyone have any ideas? The server is running nginx + passenger 2.3.11, and Rails 2.3.5. #production.rb config.action_controller.session[:domain] = '.domain.com' #environment.rb config.action_controller.session = { :session_key => '_app_session', :secret => '.... nums and chars .....' }

  Read the article

• Sharepoint: Is it possible to automate the deployment of a custom CAS policy?

  - by user332133

  Hi all, I'm looking for a way to automate the deployment of a custom CAS policy in SharePoint. What i would like to achieve is the following: All assemblies that have been built and signed by our build server (with a secret key) should run in SharePoint under the 'higher than normal' trust level. Now I can manually edit the cas policy files to include something like this: <CodeGroup class="UnionCodeGroup" version="1" PermissionSetName="MyPermissionSet" Name="[My Company public key]" Description="Grants all "> <IMembershipCondition class="StrongNameMembershipCondition" version="1" PublicKeyBlob="[public key goes here]" /> </CodeGroup> And that works great. However, we have several huge sharepoint farms, with many applications running on it. I'd like to avoid having to manually edit all policy files to include this xml snippet. Is there a way to automate this? For example, from a feature? With kind regards, Erwin van der Valk

  Read the article

• Rails shoulda and factory_girl setup

  - by kristian nissen

  I have installed both shoulda and factory_girl, I can run shoulda just fine, but when I add this: require 'factory_girl' Factory.define :user do |u| u.mail '[email protected]' u.pass 'secret' end to my test/test_helper.rb I'm getting this error: /test/test_helper.rb:1:in `require': no such file to load -- factory_girl (LoadError) when I execute rake test:units I have installed both gems using: sudo gem install thoughtbot-shoulda --source=http://gems.github.com sudo gem install thoughtbot-factory_girl --source=http://gems.github.com and can see both of them being installed fine. And by the way, this works fine as well: script/console Loading development environment (Rails 2.3.8) require 'factory_girl' = [] so requiring the gems seems to be working

  Read the article

• Restfull authentication between two GAE apps.

  - by user259349

  Hello everyone, i am trying to write a restful google app engine application (python) that accepts requests only from another GAE that i wrote. I dont like any of the ways that i thought of to get this done, please advice if you know of something better than: Get SSL setup, and simply add the credentials on the request that my consuming app will send. I dont like it cause SSL will slow things down. Security by obsecurity. Pass a long number by my consuming app that is in Xmod0, where X is a secret number that both applications know. I just,,,, dont like this. Check the HTTP header to see where is the request coming from. This option is the one that i hate the least, not alot of processing, and spoofing an HTTP request is not really worth it, for my application's data. Is there any other clean solution for this?

  Read the article

• "Invalid signature": oAuth provider with Django-piston

  - by Martin Eve

  Hi, I'm working with django-piston to attempt to create an API that supports oAuth. I started out using the tutorial at: http://blog.carduner.net/2010/01/26/django-piston-and-oauth/ I added a consumer to piston's admin interface with key and secret both set to "abcd" for test purposes. The urls are successfully wired-up and the oAuth provider is called. However, running my get request token tests with tripit (python get_request_token.py "http://127.0.0.1:8000/api" abcd abcd), I receive the following error: Invalid signature. Expected signature base string: GET&http%3A%2F%2F127.0.0.1%3A8000%2Fapi%2Foauth%2Frequest_token%2F&oauth_consumer_key%3Dabcd%26oauth_nonce%3D0c0bdded5b1afb8eddf94f7ccc672658%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1275135410%26oauth_version%3D1.0 The problem seems to lie inside the _check_signature method of Piston's oauth.py, where valid_sig = signature_method.check_signature(oauth_request, consumer, token, signature) is returning false. I can't, however, work out how to get the signature validated. Any ideas? -----Update----- If I remove the test consumer from piston's backend, the response returned is correctly set to "Invalid consumer", so this lookup appears to be working.

  Read the article

• CODE1 at SPOJ - cannot solve it

  - by VaioIsBorn

  I am trying to solve the problem Secret Code on SPOJ, and it's obviously a math problem. The full problem For those who are lazy to go and read, it's like this: a0, a1, a2, ..., an - sequence of N numbers B - a Complex Number (has both real and imaginary components) X = a0 + a1*B + a2*(B^2) + a3*(B^3) + ... + an*(B^n) So if you are given B and X, you should find a0, a1, ..an. I don't know how or where to start, because not even N is known, just X and B. The problem is not as easy as expressing a number in a base B, because B is a complex number. How can it be solved?

  Read the article

• Eidetic memory: What magic numbers you still remember?

  - by Hao

  Long before you practice writing readable code, what "magic numbers" you still remember up to this day? here's some of my list: 72 80 75 77 13 32 27 - up down left right enter space escape 1 2 4 128 - blue green red blink 67h 33h 17h - interrupt for EMS, mouse, printer function AH 9, interrupt 21 alt+219 for block ASCII alt+164 ñ 90 NOP 13 10 carriage return, line feed ascii 1 and 2 face, ascii 3 heart. no not this heart: <3 :-) debug -o72,10 -o71,12 clears the BIOS password. I don't know what those numbers mean, it's like a trade secret that gets shared with each other during college days. ascii 7 sounds a beep P.S. Somehow, remembering some of these magic numbers can help you in some tech problems, your keyboard is broken, the office pal's keyboard doesn't have accented characters. An anecdote, during college, one of my friend asked me how to remove the newlines in his Word document. Not having used Word so much then, I somehow "intuitively" guessed to find ^013 and replace it with blank. Well it works :-)

  Read the article

• Core Data table record count

  - by user339633

  I have an entity called Person and it has a relationship called participatingGames, to another entity called GameParticipant. I (apparently) can retrieve the number of matches in the GameParticipant entity using this simple code in the Person object I created from the entity in the model: [self.participatingGames count]; However, I'd just like to retrieve the number of Person records and one might guess the syntax for this is just as simple. I have lots of books including those by Jeff LaMarche, but those sources and what I find around here make me wonder if I need to set up a fetchedResultsController just to know the count of some entity. My background is in SQL, so of course it seems odd that what would take 15 seconds to code in any other environment seems like such a well-guarded secret in Core Data. I'm using iPhone SDK 3.1.4 under OSX 10.5.8 Suggestions?

  Read the article

• Continuous Deployment with a C#/ASP.NET website?

  - by Amber Shah

  I have a website in C#/ASP.NET that is currently in development. When we are in production, I would like to do releases frequently over the course of the day, as we fix bugs and add features (like this: http://toni.org/2010/05/19/in-praise-of-continuous-deployment-the-wordpress-com-story/). If you upload a new version of the site or even change a single file, it kicks out the users that are currently logged in and makes them start over any forms and such. Is there a secret to being able to do deployments without interfering with users for .NET sites?

  Read the article

• How to version control config files pragmatically?

  - by erenon

  Suppose we have a config file with sensitive passwords. I'd like to version control the whole project, including the config file as well, but I don't want to share my passwords. That could be good, if this config file: password=secret foo=bar becomes password=* foo=bar and the other users of the vcs could also set up the password on they own. To ignoring the file isn't a good approach, the developers should be aware, if the config file changes. Example: Local version: password=own_secret foo=bar config file in vcs: password=* foo=bar Then suddenly, the config file changes: password=* foo=bar baz=foo And the local version would become for each developer: password=own_secret foo=bar baz=foo This is my solution. How could I achieve this behaviour? How do you store your config files? Is there a way to do that, or should I hack something?

  Read the article

• Connection to DB2 in Python

  - by Mestika

  Hi, I'm trying to create a database connection in a python script to my DB2 database. When the connection is done I've to run some different SQL statements. I googled the problem and has read the ibm_db API (http://code.google.com/p/ibm-db/wiki/APIs) but just can't seem to get it right. Here is what I got so far: import sys import getopt import timeit import multiprocessing import random import os import re import ibm_db import time from string import maketrans query_str = None conn = ibm_db.pconnect("dsn=write","usrname","secret") query_stmt = ibm_db.prepare(conn, query_str) ibm_db.execute(query_stmt, "SELECT COUNT(*) FROM accounts") result = ibm_db.fetch_assoc() print result status = ibm_db.close(conn) but I get an error. I really tried everything (or, not everything but pretty damn close) and I can't get it to work. I just need to make a automatic test python script that can test different queries with different indexes and so on and for that I need to create and remove indexes a long the way. Hope someone has a solutions or maybe knows about some example codes out there I can download and study. Thanks Mestika

  Read the article

• Flash CS5 projects panel totally gone?

  - by Jesse

  So, I popped open up Flash CS5 just now, and I couldn't find my projects panel. I was working on a dual screen set up previously, so my windows were everywhere anyways (sans external). I switched over to a smaller screen workspace, and popped opened the projects panel. Oddly enough, the code snippets panel came up instead. So, I switched off the code snippets, and tried again. I've been trying different ways of opening this panel for about 15 minutes, and I'm totally stumped. Some thorough googling didn't present any relevant results, so, StackOverflow, I turn to you. Is this a known issue? is there a secret backdoor way to open this panel? Am I totally missing something?

  Read the article

• goo.gl Api: How to know if URL was added to user's history?

  - by Manuel

  I'm using the goo.gl API as described here. It's easy to use and it works with or without authantication (I'm using OAuth). So, if I provide the OAuth token / secret, the shortened URL is added to the users history. My problem is, that I would like to show to the user that the shortened URL was added to his goo.gl history. The respone you get from the shortening request, however, is always the same, whether you use authorization or not: { "kind": "urlshortener#url", "id": "http://goo.gl/fbsS", "longUrl": "http://www.google.com/" } So, does anyone know a way to find out, if the shortened URL was successfully added to the user's history? Is there a parameter you can add to the request URL that leads to a more detailed result string?

  Read the article

• How should I protect against hard link attacks?

  - by Thomas

  I want to append data to a file in /tmp. If the file doesn't exist I want to create it I don't care if someone else owns the file. The data is not secret. I do not want someone to be able to race-condition this into writing somewhere else, or to another file. What is the best way to do this? Here's my thought: fd = open("/tmp/some-benchmark-data.txt", O_APPEND | O_CREAT | O_NOFOLLOW | O_WRONLY, 0644); fstat(fd, &st); if (st.st_nlink != 1) { HARD LINK ATTACK! } What's the right way? Besides not using a world-writable directory.

  Read the article

• Facebook writing on a wall problem - retrieves only null value.

  - by Viral

  hi all friends, I am making a game application in that I want to pass my score on wall of face book. I've completed all the things (the log in and message passing part) but when I passes the score via global variable, I am getting only null as a value and not the score that I want. Is there any way to pass data or string to Face book and write on a wall? My code is (void)viewDidLoad { static NSString* kApiKey = @"be60415be308e2b44c0ac1db83fe486b"; static NSString* kApiSecret = @"4f880c7e100321f808c41b1d3c813dfa"; _session = [[FBSession sessionForApplication:kApiKey secret:kApiSecret delegate:self] retain]; score = [NSString stringWithFormat:@"%@",appDelegate.myTextView]; [_session resume]; [super viewDidLoad]; } whre score is NSString and myTextView is NSString in other viewcontrollerfile, And appDelegate is global variable. Any help?? thanks in advance.

  Read the article

< Previous Page | 149 150 151 152 153 154 155 156 157 158 159 160  | Next Page >