Search Results

Search found 14771 results on 591 pages for 'security policy'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 176/591 | < Previous Page | 172 173 174 175 176 177 178 179 180 181 182 183  | Next Page >

  • Secure hash and salt for PHP passwords

    - by luiscubal
    It is currently said that MD5 is partially unsafe. Taking this into consideration, I'd like to know which mechanism to use for password protection. Is “double hashing” a password less secure than just hashing it once? Suggests that hashing multiple times may be a good idea. How to implement password protection for individual files? Suggests using salt. I'm using PHP. I want a safe and fast password encryption system. Hashing a password a million times may be safer, but also slower. How to achieve a good balance between speed and safety? Also, I'd prefer the result to have a constant number of characters. The hashing mechanism must be available in PHP It must be safe It can use salt (in this case, are all salts equally good? Is there any way to generate good salts?) Also, should I store two fields in the database(one using MD5 and another one using SHA, for example)? Would it make it safer or unsafer? In case I wasn't clear enough, I want to know which hashing function(s) to use and how to pick a good salt in order to have a safe and fast password protection mechanism. EDIT: The website shouldn't contain anything too sensitive, but still I want it to be secure. EDIT2: Thank you all for your replies, I'm using hash("sha256",$salt.":".$password.":".$id) Questions that didn't help: What's the difference between SHA and MD5 in PHP Simple Password Encryption Secure methods of storing keys, passwords for asp.net How would you implement salted passwords in Tomcat 5.5

    Read the article

  • Secure ajax form POST

    - by user194630
    I was wondering how to develop a secure form post through AJAX. For example, i have: My HTML form. My JavaScript handling the submit. The submit url is "post_data.php" The posted data is: id=8&name=Denis The PHP verifies if variables id and name are POSTED and their data type. If this is ok it proceed to do some stuff on a database. My question is, how can i prevent someone from creating his own html form, outside my web site, or whatever, and posting false data to my PHP script? Imagine that data realy exists on my database, this could be bad. Thanks

    Read the article

  • Looking for DOS/DDOS protection tools and strategies

    - by Alexandre Victoor
    I am working on a java application that exposes webservices for a flash client. Any idea on how to prevent DOS/DDOS attacks ? I cannot use mechanism unfriendly for the end user such as captcha. So far I have found mod_evasive, an apache module which looks quite promising... Any suggestions, best practices, tools I might use ? Thanks in advance

    Read the article

  • ActiveXObject issue in javaScript

    - by shan.swf
    hi.. I wrote a javascript function in my html page to execute an .exe file. for this i used ActiveXObject. my function is: //~~~~~~~~~~~~~~~~~~~~~~~~~~~JavaScript~~~~~~~~~~~~~~~~ function openWin(url) { if (!document.all) { alert ("Available only with Internet Explorer."); return; } var ws = new ActiveXObject("WScript.Shell"); ws.Exec(url); } //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ It works fine but there is a alert "An ActiveX control might be unsafe to interact with other parts of the page. Do you want to allow this interaction?" comes up to confirm. If i say YES only it will get loaded. Pls anyone help me on this how to avoid this pop-up coming every time when i reload my html page.

    Read the article

  • how to hash a password?

    - by 5YrsLaterDBA
    My next task will be encrypt password. I am working at the database access layer and my co-work has this comment, implement SHA512 hash, on an empty method which I will implement it. any recommendation about this? thanks

    Read the article

  • Generate an LTPA token?

    - by Shadowman
    We have a need to integrate a server with our WebSphere environment that does not support LTPA. I found the blog post here and corresponding code to decode the information in an LTPA token. However, there's no code explaining the digital signature and how that's generated/validated. Does anyone have any information on how to generate an LTPA token in custom code?

    Read the article

  • How to obtain a working X509Certificate for my WCF Service hosting

    - by Kobojunkie
    I am in the process of hosting my WCF services in my asp.net hosting account and I want to use X509Certificate for authentication of communication. Where do I get a certificate in this instance? Make one and then Ftp it to my account? If yes, how do I reference this certificate for use. If No, how do I get one for use please? Do I need to purchase one or something?

    Read the article

  • What are the best practices for avoid xss attacks in a PHP site

    - by rikh
    I have PHP configured so that magic quotes are on and register globals are off. I do my best to always call htmlentities() for anything I am outputing that is derived from user input. I also occasionally seach my database for common things used in xss attached such as... <script What else should I be doing and how can I make sure that the things I am trying to do are always done.

    Read the article

  • Somebody is storing credit card data - how are they doing it?

    - by pygorex1
    Storing credit card information securely and legally is very difficult and should not be attempted. I have no intention of storing credit card data but I'm dying to figure out the following: My credit card info is being stored on a server some where in he tworld. This data is (hopefully) not being stored on a merchant's server, but at some point it needs to be stored to verify and charge the account identified by merchant submitted data. My question is this: if you were tasked with storing credit card data what encryption strategy would you use to secure the data on-disk? From what I can tell submitted credit card info is being checked more or less in real time. I doubt that any encryption key used to secure the data is being entered manually, so decryption is being done on the fly, which implies that the keys themselves are being stored on-disk. How would you secure your data and your keys in an automated system like this?

    Read the article

  • Ensure exclusive access to webservice

    - by Henrik P. Hessel
    Just to be on the safe side, what's the best practice to ensure that only my application has access to my webservice, which is hosted on a public server? Should I implement I shared key or something? My webservice is hosted on Googles App Engine and my Application runs on iPhones and iPads. If you need further information, just ask. Thanks, Henrik

    Read the article

  • Preventing $.POST hijack

    - by Jamie
    I'm currently building a facebook application. Lets say I have a variable $uid that identifies the user so I can store this in my database along with their submitted data. I pass $uid and $data via json encoded values using $.post. However, this doesn't prevent someone changing $uid to save data as someone else. I have been thinking about how to overcome this, so far I haven't found a solution apart from: create database with $uid $secretkey on first page load. When $.post send $secretkey with the post and then retrieve the $uid from the database. Would this be the correct approach to use?

    Read the article

  • Custom binding with WCF

    - by user67240
    I have a wcf service where i have to implement the call backs and also i need to host the wcf service on the IIS 6.0, since IIS6.0 doesnot support the net.tcp binding, i decided to go for the custom binding. The reasons for going for custom binding is that the service is accessed by different clients in different timezones. Using custom binding i can set the allowed clock skew time to other values other than the default one. I have problem making the custom binding work for me. here is the server config file <bindings> <customBinding> <binding name="pscNetBinding" openTimeout="00:10:00"> <reliableSession acknowledgementInterval="00:00:00.2000000" flowControlEnabled="true" inactivityTimeout="23:59:59" maxPendingChannels="128" maxRetryCount="8" maxTransferWindowSize="128" ordered="true" /> <compositeDuplex /> <oneWay maxAcceptedChannels="128" packetRoutable="false"> <channelPoolSettings idleTimeout="00:10:00" leaseTimeout="00:10:00" maxOutboundChannelsPerEndpoint="10" /> </oneWay> <textMessageEncoding maxReadPoolSize="64" maxWritePoolSize="16" messageVersion="Default" writeEncoding="utf-8"> <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" /> </textMessageEncoding> <httpTransport manualAddressing="false" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" allowCookies="false" authenticationScheme="Anonymous" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" keepAliveEnabled="true" maxBufferSize="2147483647" proxyAuthenticationScheme="Anonymous" realm="" transferMode="Buffered" unsafeConnectionNtlmAuthentication="false" useDefaultWebProxy="true"/> </binding> </customBinding> </bindings> <services> <service name="SchneiderElectric.PSCNet.Server.Services.PSCNetWCFService" behaviorConfiguration="Behaviors1"> <host> <baseAddresses> <add baseAddress ="http://10.155.18.18:2000/PSCNet"/> </baseAddresses> </host> <endpoint address="" binding="customBinding" bindingConfiguration="pscNetBinding" contract="SchneiderElectric.PSCNet.Server.Contracts.IPSCNetWCFService"/> </service> </services> <behaviors> <serviceBehaviors> <behavior name="Behaviors1"> <serviceMetadata httpGetEnabled = "true"/> <!--<serviceThrottling maxConcurrentCalls="2048" maxConcurrentSessions="2048" maxConcurrentInstances="2048" /> <dataContractSerializer maxItemsInObjectGraph="2147483647" />--> </behavior> </serviceBehaviors> </behaviors> and here the client config file <bindings> <customBinding> <binding name="pscNetBinding" openTimeout="00:10:00"> <reliableSession acknowledgementInterval="00:00:00.2000000" flowControlEnabled="true" inactivityTimeout="23:59:59" maxPendingChannels="128" maxRetryCount="8" maxTransferWindowSize="128" ordered="true" /> <compositeDuplex /> <oneWay maxAcceptedChannels="128" packetRoutable="false"> <channelPoolSettings idleTimeout="00:10:00" leaseTimeout="00:10:00" maxOutboundChannelsPerEndpoint="10" /> </oneWay> <textMessageEncoding maxReadPoolSize="64" maxWritePoolSize="16" messageVersion="Default" writeEncoding="utf-8" > <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" /> </textMessageEncoding > <httpTransport manualAddressing="false" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" allowCookies="false" authenticationScheme="Anonymous" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" keepAliveEnabled="true" maxBufferSize="2147483647" proxyAuthenticationScheme="Anonymous" realm="" transferMode="Buffered" unsafeConnectionNtlmAuthentication="false" useDefaultWebProxy="true" /> </binding> </customBinding> </bindings> <client> <endpoint address="http://10.155.18.18:2000/PSCNet" binding="customBinding" bindingConfiguration="pscNetBinding" contract="PSCNetWCFService.IPSCNetWCFService" name="pscNetBinding" /> </client> if i use the server and client on the same machine everything works fine. But as soon as i run the server and client on different machine i get the following error "Could not connect to http://10.155.18.198:9000/e60ba5b3-f979-4922-b9f8-c820caaa04c2. TCP error code 10060: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 10.155.18.198:9000." Can anyone in the community help me in this regard.

    Read the article

  • How to secure access to SWF file using ASP.NET?

    - by elsharpo
    hi guys, We have a swf file that we want to secure and make available only to authorized users. I embedded the file in an aspx page and that works fine, since ASP.NET handles the aspx page, I can use ASP.NET authorization features and in the web.config restrict the access to roles="AllowedUsers" for example. However smart users could still get to the file by accessing directly for example www.mysite/flash.swf. We want to make that kind of access secure. Any help would be greatly appreciated! Thanks!

    Read the article

  • Who does actually use XACML?

    - by lajuette
    Who knows actively developed XACML Implemtations other than the Sun XACML Implementation and XEngine? Which vendors provide a PDP? I read something about a WebLogic XACML Privider. What other products support XACML?

    Read the article

  • Minimum permissions to COM Object to Instantiate running as LocalService

    - by Paul Farry
    I'm writing a .NET Service that creates a COM object. If I run the Service as the Logged on user (everything is fine). If I run the Service as LocalSystem, everything is fine. If I run the Service as LocalService, then I get an AccessDeniedException when trying to instantiate the COM Object. I've come up with the following block to grant the necessary permissions and it appears to work correctly, but I wanted to make sure I wasn't missing something regarding the COM rules. Private Sub SetAccessToRockeyRegistry() Using reg As RegistryKey = Microsoft.Win32.Registry.ClassesRoot.OpenSubKey("CLSID\{EE0680D3-AAC3-446B-AFD7-F9DE2D3E28FB}", True) Dim sec As RegistrySecurity sec = reg.GetAccessControl Dim ar As RegistryAccessRule Dim sid As SecurityIdentifier sid = New SecurityIdentifier(WellKnownSidType.LocalServiceSid, Nothing) ar = New RegistryAccessRule(sid, RegistryRights.ReadKey Or RegistryRights.EnumerateSubKeys Or RegistryRights.QueryValues, AccessControlType.Allow) sec.AddAccessRule(ar) ar = New RegistryAccessRule(sid, RegistryRights.ReadKey Or RegistryRights.EnumerateSubKeys Or RegistryRights.QueryValues, _ InheritanceFlags.ObjectInherit Or InheritanceFlags.ContainerInherit, PropagationFlags.InheritOnly Or PropagationFlags.NoPropagateInherit, AccessControlType.Allow) sec.AddAccessRule(ar) reg.SetAccessControl(sec) End Using End Sub

    Read the article

  • autehntication on gui application written on perl

    - by oren
    Its not specific perl question I am building a perl gui/wxperl application that connect to DB . I want my application to be a password protected i.e first the user should enter the user and password and then use the appication . what is the best secure method to store the password could someone provide an idea what is the best method to how should i store the user and the password and how should i retrieve them for authentication ? if possible could someone provide some perl code how to do this ?

    Read the article

  • Storing secret keys on iPhone source and project resources

    - by hgpc
    Is storing secret keys (internal use passwords and such) on iPhone source code and project resources (such as plist files) secure? Obviously nothing is 100% secure, but can this information be extracted easily from an installed app? How do you recommend storing these keys to use them in the source code? Just in case, this question is not about storing user passwords.

    Read the article

  • How can UNIX access control create compromise problems ?

    - by Berkay
    My system administrators advice me to be careful when setting access control to files and directories. He gave me an example and i got confused, here it is: a file with protection mode 644 (octal) contained in a directory with protection mode 730. so it means: File:101 100 100 (owner, group,other: r-x r-- r--) Directory:111 011 000 (owner, group,other: rwx -wx ---) How can file be compromised in this case ?

    Read the article

  • Protect Apache server

    - by Mike Arnold
    My server is attacked like this 188.165.198.65 ./../../../../../../../../../etc/passwd%00 HTTP/1.1" 200 28114 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1" How can I defend it with .htaccess file?

    Read the article

  • Minimum permissions to allow COM Object to be Instantiated when running as LocalService

    - by Paul Farry
    I'm writing a .NET Service that creates a COM object. If I run the Service as the Logged on user (everything is fine). If I run the Service as LocalSystem, everything is fine. If I run the Service as LocalService, then I get an AccessDeniedException when trying to instantiate the COM Object. I've come up with the following block to grant the necessary permissions and it appears to work correctly, but I wanted to make sure I wasn't missing something regarding the COM rules. Private Sub SetAccessToRockeyRegistry() Using reg As RegistryKey = Microsoft.Win32.Registry.ClassesRoot.OpenSubKey("CLSID\{EE0680D3-AAC3-446B-AFD7-F9DE2D3E28FB}", True) Dim sec As RegistrySecurity sec = reg.GetAccessControl Dim ar As RegistryAccessRule Dim sid As SecurityIdentifier sid = New SecurityIdentifier(WellKnownSidType.LocalServiceSid, Nothing) ar = New RegistryAccessRule(sid, RegistryRights.ReadKey Or RegistryRights.EnumerateSubKeys Or RegistryRights.QueryValues, AccessControlType.Allow) sec.AddAccessRule(ar) ar = New RegistryAccessRule(sid, RegistryRights.ReadKey Or RegistryRights.EnumerateSubKeys Or RegistryRights.QueryValues, _ InheritanceFlags.ObjectInherit Or InheritanceFlags.ContainerInherit, PropagationFlags.InheritOnly Or PropagationFlags.NoPropagateInherit, AccessControlType.Allow) sec.AddAccessRule(ar) reg.SetAccessControl(sec) End Using End Sub

    Read the article

  • Programmatic authentication in JEE 6

    - by Kevin
    Hello, is it possible to authenticate programmatically a user in J2ee 6? Let me explain with some more details: I've got an existing Java SE project with Servlets and hibernate; where I manage manually all the authentication and access control: class Authenticator { int Id string username } Authenticator login(string username, string password) ; void doListData(Authenticator auth) { if (isLoggedIn(auth)) listData(); else doListError } void doUpdateData (Authenticator auth) { if (isLoggedAsAdmin(auth)) updateData() ; else doListError(); } void doListError () { listError() ; } And Im integrating J2ee/jpa/servlet 3/... (Glassfish 3) in this project. I've seen anotations like : @RolesAllowed ("viewer") void doListdata (...) { istData() ; } @RolesAllowed("admin") void doUpdateData (...) { updateData() ; } @PermotAll void dolisterror () { listerror() ; } but how can I manually state, in login(), that my user is in the admin and/or viewer role?

    Read the article

  • How to use Custom AuthorizeAttribute for controller utilizing parameter value?

    - by RSolberg
    I am trying to secure a controller action to prevent a user from accessing an Entity that they do not have access to. I am able to do this with the following code. public ActionResult Entity(string entityCode) { if (CurrentUser.VerifyEntityPermission(entityCode)) { //populate viewModel... return View(viewModel); } return RedirectToAction("NoAccessToEntity", "Error"); } I would like to be able to add an attribute to the controller action itself. In order to validate the access to the entity, I need to see what value has been passed to the controller and what entities the user has access to. Is this possible? [EntityAuthRequired] public ActionResult Entity(string entityCode) { //populate viewModel... return View(viewModel); }

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 172 173 174 175 176 177 178 179 180 181 182 183  | Next Page >