Search Results

Search found 13240 results on 530 pages for 'privacy and security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 179/530 | < Previous Page | 175 176 177 178 179 180 181 182 183 184 185 186  | Next Page >

  • Access denied for user 'root@localhost' (using password:NO)

    - by Nasser Hajloo
    I'm new to mysql, I'm trying to run Wordpress inmy windows desktop and it need Mysql. I install everything with Web Platform Installer which provided by microsoft. I never seta root password for mysql and in final step of installing wordpressit askfor root password of mysql. What is the default password for root (if there is one) and how to change it? I try mysql -u root password '123' but it show me Access denied for user 'root@localhost' (using password:NO) after this I try mysql -u root -p but it ask for a password which I don't have Thank you in advance

    Read the article

  • An old flaw in X Window System. How does it work?

    - by Legend
    I was going through an article today when it mentioned the following: "We've found many errors over the years. One of the absolute best was the following in the X Window System: if(getuid() != 0 && geteuid == 0) { ErrorF("Only root"); exit(1); } It allowed any local user to get root access. (The tautological check geteuid == 0 was intended to be geteuid() == 0. In its current form, it compress the address of geteuid to 0; given that the function exists, its address is never 0)." The article explained what was wrong with the code but I would like to know what it means to say that "It allowed any local user to get root access". I am not an expert in C but can someone give me an exact context in which this exploit would work? Specifically, what I mean is, lets say I am the local user, how would I get root access if we assume this code to be present somewhere?

    Read the article

  • Securing input of private / protected methods?

    - by ts
    Hello, normally, all sane developers are trying to secure input of all public methods (casting to proper types, validating, sanitizing etc.) My question is: are you in your code validating also parameters passed to protected / private methods? In my opinion it is not necessary, if you securize properly parameters of public methods and return values from outside (other classes, db, user input etc...). But I am constantly facing frameworks and apps (ie. prestashop to name one) where validation is often repeated in method call, in method body and once again for securize returned value - which, I think, is creating performace overhead and is also a sign of bad design.

    Read the article

  • arbitrary input from stdin to shell

    - by python_noob
    So I have this existing command that accepts a single argument, but I need something that accepts the argument over stdin instead. A shell script wrapper like the following works, but as I will be allowing untrusted users to pass arbitrary strings on stdin, I'm wondering if there's potential for someone to execute arbitary commands on the shell. #!/bin/sh $CMD "`cat`" Obviously if $CMD has a vulnerability in the way it processes the argument there's nothing I can do, so I'm concerned stuff like this: Somehow allow the user to escape the double quotes and pass input into argument #2 of $CMD Somehow cause another arbitary command to run

    Read the article

  • Cookieless Django for government site

    - by phoebebright
    As I'm writing a django site from government bodies I'm not going to be able to use cookies. I found this snippet http://djangosnippets.org/snippets/1540/ but it's currently not allowing users to login. Before I start debugging I wondered if anyone else has solved this problem with this snippet or in any other way?

    Read the article

  • FileSystemWatcher surpassing Active Directory restrictions

    - by DevexPP
    While experimenting with FileSystemWatcher, I've found out that it somehow surpasses Active Directory's restrictions to files and folders, and will raise change events with information about what has changed in files and folders that you don't even have access to. I have two questions about that: 1) Why does this happen ? 2) Is this a problem in the AD configuration ? how do I fix it ? 3) Is there any way to gather these files, or even create a FileSystemInfo of them to get more info about the files (not only the changes made on them) ? As far as I've tried, only the FileSystemWatcher immune to the restrictions, I can't run any other thing over it, here's a list of what I've tried: File.Exists Directory.Exists FileInfo instance on found files DirectoryInfo instance on found files File.Copy File.Delete

    Read the article

  • How to play music on site preventing easy direct file download

    - by Hugo Palma
    I'm starting a blog with a hosted wordpress instance and i would like to be able to stream music using a flash player on some posts. The problem is that every player i find uses a simple param to get the file url which makes it very easy for someone to find that url and just download the file. I know that it's probably impossible to prevent this all together, but i at least don't want it to be obvious. A server side solution can be implemented as i have full access to the server.

    Read the article

  • Can the user take the resource from the iPhone Apps?

    - by Tattat
    I know that the Apple Mac OS .app file is a collection of programs and data. I guest the iPhone is similar in this way. I can unzip a Mac OS .app to find the resource , images using this way. Can the iPhone App do the similar thing? I mean, can the user unzip the iPhone .app to get the resource/ img from that? thz.

    Read the article

  • Question about SSL Certificate.

    - by smwikipedia
    Hi experts, I am trying to make a SSL connection to a web site. Each time I enter the https:// address and press enter, the IE8 prompts me to select the Certificate (Client Certificate) to send to the server. I got 2 certificates to choose from. And they are stored in the IE8 - Internet Options - Content - Certificates - Personal. Since my server and client are the same machine, I want to use a single certificate for both server and client. And this certificate is a IIS generated self signed certificate. I do the following steps: 1- Generate a self-signed-cert in IIS; 2- Bind my site to https and choose the above self-signed-cert 3- Import the self-signed-cert at the IE8 - Internet Options - Content - Certificates - Personal. Then I use the https link to access my page, it is still prompts me to choose a certificate. But I cannot see my newly imported self-signed-cert. Why?

    Read the article

  • How much effort does it take to spoof an Ip Address in a call to a webservice?

    - by Rory Becker
    I don't want to know how... Just how complicated.... I'm thinking of securing a webservice or 2 based on the incoming client ipaddress of the caller. Is this in any way secure? Surely if the IPaddress was being spoofed then the result would have to be sent back to the address that was being spoofed and therefore not reach the spoofer? Update: Ok so from what I can tell.... I should create a Gettoken() method which checks the IPaddress and passes out a cryptographically significant token with a timeout to any valid IP address. This is then required by any other method before any kind of side effect is allowed. Since an Attacker can't (likely) get the token without having a valid IP, he will be unable to validly call any of my "dangerous" webmethods ?

    Read the article

  • Single Sign On with 3 applications

    - by John H.
    I'm building three web applications in .NET that will all share a users database and login information. Lets pretend that application 1 is the "parent" application and applications "A" and "B" are the "child" applications. All users have to be logged into application 1 to have access to applications A and B. Authorization, Authentication, and MachineKey sections of all web configs are present and work correctly. I have the correct web.config settings in all applications to achieve Single Sign On except one problem remains: what do I put in the "loginUrl" attribute of the forms tag in Applications A and B. Assume that the url for the login to application 1 is "www.johnsapp.com/login.aspx" How can I get applications A and B to send the user back to application 1 for authentication using only settings in web.config?

    Read the article

  • How do I secure password parameters in RESTful web service URIs?

    - by adam
    i'm a newbie to server-side programming, so please forgive me if this gets messy. i've been contracted to create a web service to allow authenticated users to access a database. users have to enter a login and password. been reading and reading about REST vs SOAP, and i thought i'd settled on a RESTful design when i came across this statement: "Data that needs to be secure should not be sent as parameters in URIs." this seems like a major demerit against a RESTful approach. i'm aware that with https the password would be encrypted to prevent man-in-the-middle interception, but that leaves the server logs and client history as possible exposure points. is there a RESTful solution out there for this problem, or do i need to go SOAPy? any advice appreciated.

    Read the article

  • How do I password protect IIS in a method analogous to Apache's AuthType / AuthUserFile mechanism?

    - by Matt
    I'm used to doing basic password protection for Apache w/ the following method in Apache config files: AuthType Basic AuthName "By Invitation Only" AuthUserFile /path/to/.htpasswd Require valid-user However, I've been asked to put some protection on a subdirectory of a site running ColdFusion on top of IIS6, and I'm unfamiliar with how to do this. How is this done? What should I look out for? I just need to password protect an administrative subdirectory, so I don't need a full user login system - just something that limits who can access the section of the site.

    Read the article

  • How to prevent a specific directory from running Php, Html, and Javascript languages?

    - by Emily
    Hi, Let's say i have an image uploader script, i want to prevent the upload directory from executing Php or even html by only showing it as plain text, i've seen this trick in many websites but i don't know how they do it. Briefly, if i upload evil.php to that directory, and i try to access it i will only see a plain text source , No html or php is executed. ( but i still want the images to appear normally ofcourse) I know i can do like that by header("content-type:text/plain"); but that's will not be helpful, because what i want, is to set the content-type:text/plain automatically by the server for every thing outputed from the upload directory except images. Note: i'm running php 5.3.2/Cent OS and the latest cPanel. Thanks

    Read the article

  • PHP hashing function not working properly

    - by Jordan Foreman
    So I read a quick PHP login system securing article, and was trying to sort of duplicate their hashing method, and during testing, am not getting the proper output. Here is my code: function decryptPassword($pw, $salt){ $hash = hash('sha256', $salt . hash('sha256', $pw)); return $hash; } function encryptPassword($pw){ $hash = hash('sha256', $pw); $salt = substr(md5(uniqid(rand(), true)), 0, 3); $hash = hash('sha265', $salt . $hash); return array( 'salt' => $salt, 'hash' => $hash ); } And here is my testing code: $pw = $_GET['pw']; $enc = encryptPassword($pw); $hash = $enc['hash']; $salt = $enc['salt']; echo 'Pass: ' . $pw . '<br />'; echo 'Hash: ' . $hash . '<br />'; echo 'Salt: ' . $salt . '<br />'; echo 'Decrypt: ' . decryptPassword($hash, $salt); Now, the output of this should be pretty obvious, but unfortunately, the $hash variable always comes out empty! I'm trying to figure out what the problem could be, and my only guess would be the second $hash assignment line in the encryptPassword(..) function. After a little testing, I've determined that the first assignment works smoothly, but the second does not. Any suggestions? Thanks SO!

    Read the article

  • Is it possible to get RSA private key knowing public key and set of "original data=>encrypted data"

    - by Riz
    Hi, I work on apllication which allows plugins to access different set of functionality, every plugin provides "initialization string" which sets level of access to different features. Developers send me this strings, and I encrypt them using my 1024 bit RSA private key and send encoded data back. When started, my application decodes encoded data(encoded initialisation string) using built-in public key and if "decoded data != initialization string" it fails to start. So, is it possible to use a database of "initialization string" = "encoded initialization string"(extracted from other plugins) to crack my private key, or make it possible to bruteforce it in reasonable time?

    Read the article

  • Tool To Catch All The Inputs That Cause Crash?

    - by Barakat
    Hi all, I need a Windows tool records inputs and debugging informations that cause program's crashing. I don't mean a fuzzing tool ! Ammmmm ... let me show you a scenario may explain what I'm talking about. Sometimes during using a program, It's crashed without known reason ! and when I want to debug it, I will not find helpful informations to know how the crash happened. Because that the data that cause the crash no longer exist. So I need a tool records all the inputs and debugging informations to find helpful informations to reuse the inputs data to make the program crashes under a debaucher in order to understand how the crash happen.

    Read the article

  • Should I sanitize EVERY form variable passed along?

    - by Camran
    I have a form with many fields... The action is set to a php page which queries mysql... Should I sanitize with mysql_real_escape_string every single variable? Or can I ignore sanitizing drop-lists and radios for instance? Also, besides mysql_real_escape_string, what else should I do to prevent attacks? Thanks

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 175 176 177 178 179 180 181 182 183 184 185 186  | Next Page >