Search Results

Search found 15914 results on 637 pages for 'physical security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 164/637 | < Previous Page | 160 161 162 163 164 165 166 167 168 169 170 171  | Next Page >

  • Authlogic, logout and credential capture

    - by Paddy
    Ok this is something weird. I got authlogic-oid installed in my rails app today. Everything works perfectly fine but for one small nuisance. This is what i did: I first register with my google openid. Successful login, redirection and my email, along with my correct openid is stored in my database. I am happy that everything worked fine! Now when i logout, my rails app as usual destroys the session and redirects me back to my root url where i can login again. Now if i try to login it still remembers my last login id. Not a big issue as i can always "Sign in as a different user" but i am wondering if there is anyway to not only logout from my app but also logout from google. I noticed the same with stack overflow's openid authentication system. Why am i so bothered about this, you may ask. But is it not a bad idea if your web apps end user, who happens to be in a cyber cafe, thinks he has logged out from your app and hence from his google account only to realize later that his google account had got hacked by some unworthy loser who just happened to notice that the one before had not logged out from google and say.. changed his password!! Should i be paranoid?

    Read the article

  • HTTP requests and Apache modules: Creative attack vectors

    - by pinkgothic
    Slightly unorthodox question here: I'm currently trying to break an Apache with a handful of custom modules. What spawned the testing is that Apache internally forwards requests that it considers too large (e.g. 1 MB trash) to modules hooked in appropriately, forcing them to deal with the garbage data - and lack of handling in the custom modules caused Apache in its entirety to go up in flames. Ouch, ouch, ouch. That particular issue was fortunately fixed, but the question's arisen whether or not there may be other similar vulnerabilities. Right now I have a tool at my disposal that lets me send a raw HTTP request to the server (or rather, raw data through an established TCP connection that could be interpreted as an HTTP request if it followed the form of one, e.g. "GET ...") and I'm trying to come up with other ideas. (TCP-level attacks like Slowloris and Nkiller2 are not my focus at the moment.) Does anyone have a few nice ideas how to confuse the server and/or its modules to the point of self-immolation? Broken UTF-8? (Though I doubt Apache cares about encoding - I imagine it just juggles raw bytes.) Stuff that is only barely too long, followed by a 0-byte, followed by junk? et cetera I don't consider myself a very good tester (I'm doing this by necessity and lack of manpower; I unfortunately don't even have a more than basic grasp of Apache internals that would help me along), which is why I'm hoping for an insightful response or two or three. Maybe some of you have done some similar testing for your own projects? (If stackoverflow is not the right place for this question, I apologise. Not sure where else to put it.)

    Read the article

  • Secure hash and salt for PHP passwords

    - by luiscubal
    It is currently said that MD5 is partially unsafe. Taking this into consideration, I'd like to know which mechanism to use for password protection. Is “double hashing” a password less secure than just hashing it once? Suggests that hashing multiple times may be a good idea. How to implement password protection for individual files? Suggests using salt. I'm using PHP. I want a safe and fast password encryption system. Hashing a password a million times may be safer, but also slower. How to achieve a good balance between speed and safety? Also, I'd prefer the result to have a constant number of characters. The hashing mechanism must be available in PHP It must be safe It can use salt (in this case, are all salts equally good? Is there any way to generate good salts?) Also, should I store two fields in the database(one using MD5 and another one using SHA, for example)? Would it make it safer or unsafer? In case I wasn't clear enough, I want to know which hashing function(s) to use and how to pick a good salt in order to have a safe and fast password protection mechanism. EDIT: The website shouldn't contain anything too sensitive, but still I want it to be secure. EDIT2: Thank you all for your replies, I'm using hash("sha256",$salt.":".$password.":".$id) Questions that didn't help: What's the difference between SHA and MD5 in PHP Simple Password Encryption Secure methods of storing keys, passwords for asp.net How would you implement salted passwords in Tomcat 5.5

    Read the article

  • SQL Server 2008, Kerberos and SPN

    - by andrew007
    Hi, I installed SQL Server 2008 on a Win XP SP2 workstation in a AD domain and configured to run with the "Network Service" account. In my error log I have the following message (Event ID:26037): The SQL Server Network Interface library could not register the Service Principal Name (SPN) for the SQL Server service. **Error: 0xd, state: 13**. Failure to register an SPN may cause integrated authentication to fall back to NTLM instead of Kerberos. This is an informational message. Further action is only required if Kerberos authentication is required by authentication policies. The strange thing is that I have another SQL Server 2008 installation in a Win 2003 server configured in the same way and there I do not have this message. My questions are: Does anybody know if there are limitations with Kerberos on Windows XP and SQL Server? Why the SPN is not automatically registered on Win XP when I use the "Network Service" but it works on Windows 2003 server? THANKS!

    Read the article

  • Secure ajax form POST

    - by user194630
    I was wondering how to develop a secure form post through AJAX. For example, i have: My HTML form. My JavaScript handling the submit. The submit url is "post_data.php" The posted data is: id=8&name=Denis The PHP verifies if variables id and name are POSTED and their data type. If this is ok it proceed to do some stuff on a database. My question is, how can i prevent someone from creating his own html form, outside my web site, or whatever, and posting false data to my PHP script? Imagine that data realy exists on my database, this could be bad. Thanks

    Read the article

  • Looking for DOS/DDOS protection tools and strategies

    - by Alexandre Victoor
    I am working on a java application that exposes webservices for a flash client. Any idea on how to prevent DOS/DDOS attacks ? I cannot use mechanism unfriendly for the end user such as captcha. So far I have found mod_evasive, an apache module which looks quite promising... Any suggestions, best practices, tools I might use ? Thanks in advance

    Read the article

  • ActiveXObject issue in javaScript

    - by shan.swf
    hi.. I wrote a javascript function in my html page to execute an .exe file. for this i used ActiveXObject. my function is: //~~~~~~~~~~~~~~~~~~~~~~~~~~~JavaScript~~~~~~~~~~~~~~~~ function openWin(url) { if (!document.all) { alert ("Available only with Internet Explorer."); return; } var ws = new ActiveXObject("WScript.Shell"); ws.Exec(url); } //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ It works fine but there is a alert "An ActiveX control might be unsafe to interact with other parts of the page. Do you want to allow this interaction?" comes up to confirm. If i say YES only it will get loaded. Pls anyone help me on this how to avoid this pop-up coming every time when i reload my html page.

    Read the article

  • how to hash a password?

    - by 5YrsLaterDBA
    My next task will be encrypt password. I am working at the database access layer and my co-work has this comment, implement SHA512 hash, on an empty method which I will implement it. any recommendation about this? thanks

    Read the article

  • How to obtain a working X509Certificate for my WCF Service hosting

    - by Kobojunkie
    I am in the process of hosting my WCF services in my asp.net hosting account and I want to use X509Certificate for authentication of communication. Where do I get a certificate in this instance? Make one and then Ftp it to my account? If yes, how do I reference this certificate for use. If No, how do I get one for use please? Do I need to purchase one or something?

    Read the article

  • Minimum permissions to COM Object to Instantiate running as LocalService

    - by Paul Farry
    I'm writing a .NET Service that creates a COM object. If I run the Service as the Logged on user (everything is fine). If I run the Service as LocalSystem, everything is fine. If I run the Service as LocalService, then I get an AccessDeniedException when trying to instantiate the COM Object. I've come up with the following block to grant the necessary permissions and it appears to work correctly, but I wanted to make sure I wasn't missing something regarding the COM rules. Private Sub SetAccessToRockeyRegistry() Using reg As RegistryKey = Microsoft.Win32.Registry.ClassesRoot.OpenSubKey("CLSID\{EE0680D3-AAC3-446B-AFD7-F9DE2D3E28FB}", True) Dim sec As RegistrySecurity sec = reg.GetAccessControl Dim ar As RegistryAccessRule Dim sid As SecurityIdentifier sid = New SecurityIdentifier(WellKnownSidType.LocalServiceSid, Nothing) ar = New RegistryAccessRule(sid, RegistryRights.ReadKey Or RegistryRights.EnumerateSubKeys Or RegistryRights.QueryValues, AccessControlType.Allow) sec.AddAccessRule(ar) ar = New RegistryAccessRule(sid, RegistryRights.ReadKey Or RegistryRights.EnumerateSubKeys Or RegistryRights.QueryValues, _ InheritanceFlags.ObjectInherit Or InheritanceFlags.ContainerInherit, PropagationFlags.InheritOnly Or PropagationFlags.NoPropagateInherit, AccessControlType.Allow) sec.AddAccessRule(ar) reg.SetAccessControl(sec) End Using End Sub

    Read the article

  • Somebody is storing credit card data - how are they doing it?

    - by pygorex1
    Storing credit card information securely and legally is very difficult and should not be attempted. I have no intention of storing credit card data but I'm dying to figure out the following: My credit card info is being stored on a server some where in he tworld. This data is (hopefully) not being stored on a merchant's server, but at some point it needs to be stored to verify and charge the account identified by merchant submitted data. My question is this: if you were tasked with storing credit card data what encryption strategy would you use to secure the data on-disk? From what I can tell submitted credit card info is being checked more or less in real time. I doubt that any encryption key used to secure the data is being entered manually, so decryption is being done on the fly, which implies that the keys themselves are being stored on-disk. How would you secure your data and your keys in an automated system like this?

    Read the article

  • Generate an LTPA token?

    - by Shadowman
    We have a need to integrate a server with our WebSphere environment that does not support LTPA. I found the blog post here and corresponding code to decode the information in an LTPA token. However, there's no code explaining the digital signature and how that's generated/validated. Does anyone have any information on how to generate an LTPA token in custom code?

    Read the article

  • What are the best practices for avoid xss attacks in a PHP site

    - by rikh
    I have PHP configured so that magic quotes are on and register globals are off. I do my best to always call htmlentities() for anything I am outputing that is derived from user input. I also occasionally seach my database for common things used in xss attached such as... <script What else should I be doing and how can I make sure that the things I am trying to do are always done.

    Read the article

  • How to secure access to SWF file using ASP.NET?

    - by elsharpo
    hi guys, We have a swf file that we want to secure and make available only to authorized users. I embedded the file in an aspx page and that works fine, since ASP.NET handles the aspx page, I can use ASP.NET authorization features and in the web.config restrict the access to roles="AllowedUsers" for example. However smart users could still get to the file by accessing directly for example www.mysite/flash.swf. We want to make that kind of access secure. Any help would be greatly appreciated! Thanks!

    Read the article

  • Preventing $.POST hijack

    - by Jamie
    I'm currently building a facebook application. Lets say I have a variable $uid that identifies the user so I can store this in my database along with their submitted data. I pass $uid and $data via json encoded values using $.post. However, this doesn't prevent someone changing $uid to save data as someone else. I have been thinking about how to overcome this, so far I haven't found a solution apart from: create database with $uid $secretkey on first page load. When $.post send $secretkey with the post and then retrieve the $uid from the database. Would this be the correct approach to use?

    Read the article

  • Ensure exclusive access to webservice

    - by Henrik P. Hessel
    Just to be on the safe side, what's the best practice to ensure that only my application has access to my webservice, which is hosted on a public server? Should I implement I shared key or something? My webservice is hosted on Googles App Engine and my Application runs on iPhones and iPads. If you need further information, just ask. Thanks, Henrik

    Read the article

  • autehntication on gui application written on perl

    - by oren
    Its not specific perl question I am building a perl gui/wxperl application that connect to DB . I want my application to be a password protected i.e first the user should enter the user and password and then use the appication . what is the best secure method to store the password could someone provide an idea what is the best method to how should i store the user and the password and how should i retrieve them for authentication ? if possible could someone provide some perl code how to do this ?

    Read the article

  • Custom binding with WCF

    - by user67240
    I have a wcf service where i have to implement the call backs and also i need to host the wcf service on the IIS 6.0, since IIS6.0 doesnot support the net.tcp binding, i decided to go for the custom binding. The reasons for going for custom binding is that the service is accessed by different clients in different timezones. Using custom binding i can set the allowed clock skew time to other values other than the default one. I have problem making the custom binding work for me. here is the server config file <bindings> <customBinding> <binding name="pscNetBinding" openTimeout="00:10:00"> <reliableSession acknowledgementInterval="00:00:00.2000000" flowControlEnabled="true" inactivityTimeout="23:59:59" maxPendingChannels="128" maxRetryCount="8" maxTransferWindowSize="128" ordered="true" /> <compositeDuplex /> <oneWay maxAcceptedChannels="128" packetRoutable="false"> <channelPoolSettings idleTimeout="00:10:00" leaseTimeout="00:10:00" maxOutboundChannelsPerEndpoint="10" /> </oneWay> <textMessageEncoding maxReadPoolSize="64" maxWritePoolSize="16" messageVersion="Default" writeEncoding="utf-8"> <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" /> </textMessageEncoding> <httpTransport manualAddressing="false" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" allowCookies="false" authenticationScheme="Anonymous" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" keepAliveEnabled="true" maxBufferSize="2147483647" proxyAuthenticationScheme="Anonymous" realm="" transferMode="Buffered" unsafeConnectionNtlmAuthentication="false" useDefaultWebProxy="true"/> </binding> </customBinding> </bindings> <services> <service name="SchneiderElectric.PSCNet.Server.Services.PSCNetWCFService" behaviorConfiguration="Behaviors1"> <host> <baseAddresses> <add baseAddress ="http://10.155.18.18:2000/PSCNet"/> </baseAddresses> </host> <endpoint address="" binding="customBinding" bindingConfiguration="pscNetBinding" contract="SchneiderElectric.PSCNet.Server.Contracts.IPSCNetWCFService"/> </service> </services> <behaviors> <serviceBehaviors> <behavior name="Behaviors1"> <serviceMetadata httpGetEnabled = "true"/> <!--<serviceThrottling maxConcurrentCalls="2048" maxConcurrentSessions="2048" maxConcurrentInstances="2048" /> <dataContractSerializer maxItemsInObjectGraph="2147483647" />--> </behavior> </serviceBehaviors> </behaviors> and here the client config file <bindings> <customBinding> <binding name="pscNetBinding" openTimeout="00:10:00"> <reliableSession acknowledgementInterval="00:00:00.2000000" flowControlEnabled="true" inactivityTimeout="23:59:59" maxPendingChannels="128" maxRetryCount="8" maxTransferWindowSize="128" ordered="true" /> <compositeDuplex /> <oneWay maxAcceptedChannels="128" packetRoutable="false"> <channelPoolSettings idleTimeout="00:10:00" leaseTimeout="00:10:00" maxOutboundChannelsPerEndpoint="10" /> </oneWay> <textMessageEncoding maxReadPoolSize="64" maxWritePoolSize="16" messageVersion="Default" writeEncoding="utf-8" > <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" /> </textMessageEncoding > <httpTransport manualAddressing="false" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" allowCookies="false" authenticationScheme="Anonymous" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" keepAliveEnabled="true" maxBufferSize="2147483647" proxyAuthenticationScheme="Anonymous" realm="" transferMode="Buffered" unsafeConnectionNtlmAuthentication="false" useDefaultWebProxy="true" /> </binding> </customBinding> </bindings> <client> <endpoint address="http://10.155.18.18:2000/PSCNet" binding="customBinding" bindingConfiguration="pscNetBinding" contract="PSCNetWCFService.IPSCNetWCFService" name="pscNetBinding" /> </client> if i use the server and client on the same machine everything works fine. But as soon as i run the server and client on different machine i get the following error "Could not connect to http://10.155.18.198:9000/e60ba5b3-f979-4922-b9f8-c820caaa04c2. TCP error code 10060: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 10.155.18.198:9000." Can anyone in the community help me in this regard.

    Read the article

  • Who does actually use XACML?

    - by lajuette
    Who knows actively developed XACML Implemtations other than the Sun XACML Implementation and XEngine? Which vendors provide a PDP? I read something about a WebLogic XACML Privider. What other products support XACML?

    Read the article

  • Storing secret keys on iPhone source and project resources

    - by hgpc
    Is storing secret keys (internal use passwords and such) on iPhone source code and project resources (such as plist files) secure? Obviously nothing is 100% secure, but can this information be extracted easily from an installed app? How do you recommend storing these keys to use them in the source code? Just in case, this question is not about storing user passwords.

    Read the article

  • How can UNIX access control create compromise problems ?

    - by Berkay
    My system administrators advice me to be careful when setting access control to files and directories. He gave me an example and i got confused, here it is: a file with protection mode 644 (octal) contained in a directory with protection mode 730. so it means: File:101 100 100 (owner, group,other: r-x r-- r--) Directory:111 011 000 (owner, group,other: rwx -wx ---) How can file be compromised in this case ?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 160 161 162 163 164 165 166 167 168 169 170 171  | Next Page >