Search Results

Search found 16163 results on 647 pages for 'advanced security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 190/647 | < Previous Page | 186 187 188 189 190 191 192 193 194 195 196 197  | Next Page >

  • MSV1_0 Subauthentication Package Registration

    - by BigShot
    Hi; I'm trying to register a simple MSV1_0 subauthentication package for MS Windows Server 2003. I created a dll which implements required functions described in MSDN. I copied my dll to system32 folder. After that, I created a registry key Auth255 (I also tried Auth128) with a REG_SZ value ,which specifies my dll name, to this location; HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0. I expect that it will create a test.txt file for debugging puposes when the dll is called, but it doesn't create the file. How can I make this work? MSDN Link for this topic; http://msdn.microsoft.com/en-us/library/aa374786%28VS.85%29.aspx

    Read the article

  • password/login system in php

    - by Jonathan
    For a login system in php would this be a suitable outline of how it would work: users types in username and password, clicks login button. Checks if user exists in database, if it does, then retrieve the salt for that user hash the password and salt (would this be done on the client or server side? I think client side would be better, but php is server side so how would you do this?) check value against value in database, if the values match then user has typed in correct password and they are logged in.

    Read the article

  • EJB3.1 logout doesn't work

    - by Kevin
    Hello, I've got a problem with the authentication features of EJB3.1: With this code in a Servlet v3: log.info(""+request.getUserPrincipal()); log.info(""+request.getAuthType()); log.info("===^==="); request.logout() ; log.info(""+request.getUserPrincipal()); log.info(""+request.getAuthType()); request.authenticate(response) ; log.info("===v==="); log.info(""+request.getUserPrincipal()); log.info(""+request.getAuthType()); I would always expect to see the Username/login windows, because of the logout() function. Instead, it seems to be a 'cache' mechanism which repopulate the credential and cancel my logout ... Admin BASIC ===^=== null null ===v=== Admin BASIC is it a problem with my firefox, or something I'm missing in the Servlet code? Thanks

    Read the article

  • How to ensure the HTTP_REQUEST Is coming from the right place?

    - by seatoskyhk
    I learn that HTTP_REFERER or any HTTP request header can be fake and not reliable. REMOTE_ADDR is reliable though. so, how can I ensure the incoming HTTP_REQUEST call is coming from a website that I white-list? For example, I have a js code that will send from client site to server. (something like a sniper, cross platform). however, I only allow this happen from several websites. Not others. so, even other people copy the code and put onto their website, it won't work.

    Read the article

  • how can I reliably check that requests to my service file have come from my website?

    - by woot586
    I have a service.php class that I use to service AJAX calls from my website. To prevent other people accessing the service using PHP CURL I would normally check the request has come from mysite, and if they are not then just redirect to my home page e.g. if($_SERVER['HTTP_REFERER'] != "http://www.mysite.com"){ header('location: http://www.mysite.com'); exit; } I read in the PHP holy bible: http://www.php.net/manual/en/reserved.variables.server.php that "Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted." So if this method is not reliable, my question is how can I reliably check that requests to my service file have come from my website? Thanks for any help you can provide!

    Read the article

  • How to Check Authenticity of an AJAX Request

    - by Alex Reisner
    I am designing a web site in which users solve puzzles as quickly as they can. JavaScript is used to time each puzzle, and the number of milliseconds is sent to the server via AJAX when the puzzle is completed. How can I ensure that the time received by the server was not forged by the user? I don't think a session-based authenticity token (the kind used for forms in Rails) is sufficient because I need to authenticate the source of a value, not just the legitimacy of the request. Is there a way to cryptographically sign the request? I can't think of anything that couldn't be duplicated by a hacker. Is any JavaScript, by its exposed, client-side nature, subject to tampering? Am I going to have to use something that gets compiled, like Flash? (Yikes.) Or is there some way to hide a secret key? Or something else I haven't thought of? Update: To clarify, I don't want to penalize people with slow network connections (and network speed should be considered inconsistent), so the timing needs to be 100% client-side (the timer starts only when we know the user can see the puzzle). Also, there is money involved so no amount of "trusting the user" is acceptable.

    Read the article

  • All PHP files getting hacked

    - by nsearle
    Hey All, Like always, just want to say thank you for all of the help and input in advance. I have a particular site that I am the web developer for and am running into a unique problem. It seems that somehow something is getting into every single PHP file on my site and adding some malware code. I have deleted the code from every page multiple times and changed FTP and DB passwords, but to no avail. The code that is added looks like this - eval(base64_decode(string)) - which the string is 3024 characters. Not sure if anyone else has ran into this problem or if any one has ideas on how I can secure my php code up. Thanks again.

    Read the article

  • "slash before every quote" problem

    - by Camran
    I have a php page which contains a form. Sometimes this page is submitted to itself (like when pics are uploaded). I wouldn't want users to have to fill in every field again and again, so I use this as a value of a text-input inside the form: value="<?php echo htmlentities(@$_POST['annonsera_headline'],ENT_COMPAT,'UTF-8');?>"> This works, except it adds a "\" sign before every double-quote... For instance writing 19" wheels gives after page is submitted to itself: 19\" wheels And if I don't even use htmlentities then everything after the quotes dissappears. What is the problem here?

    Read the article

  • Is Storing Cookies in a Database Safe?

    - by viatropos
    If I use mechanize, I can, for instance, create a new google analytics profile for a website. I do this by programmatically filling out the login form and storing the cookies in the database. Then, for at least until the cookie expires, I can access my analytics admin panel without having to enter my username and password again. Assuming you can't create a new analytics profile any other way (with OpenAuth or any of that, I don't think it works for actually creating a new Google Analytics profile, the Analytics API is for viewing the data, but I need to create an new analytics profile), is storing the cookie in the database a bad thing? If I do store the cookie in the database, it makes it super easy to programatically login to Google Analytics without the user ever having to go to the browser (maybe the app has functionality that says "user, you can schedule a hook that creates a new anaytics profile for each new domain you create, just enter your credentials once and we'll keep you logged in and safe"). Otherwise I have to keep transferring around emails and passwords which seems worse. So is storing cookies in the database safe?

    Read the article

  • Securing paths in PHP

    - by tjm
    I'm writing some PHP which takes some paths to different content directories, and uses these to include various parts of pages later. I'm trying to ensure that the paths are as they seem, and none of them break the rules of the application. I have PRIVATEDIR which must lie above DOCUMENT_ROOT (aka) PUBLICDIR. CONTENTDIR which must lie within PRIVATEDIR and not go back below PUBLICDIR and some other *DIR's which must remain within CONTENTDIR. Currently I set up some defaults, and then override the ones the user specifies and then sanity check them with the following. private function __construct($options) { error_reporting(0); if(is_array($options)) { $this->opts = array_merge($this->opts, $options); } if($this->opts['STATUS']==='debug') { error_reporting(E_ALL | E_NOTICE | E_STRICT); } $this->opts['PUBLICDIR'] = realpath($_SERVER['DOCUMENT_ROOT']) .DIRECTORY_SEPARATOR; $this->opts['PRIVATEDIR'] = realpath($this->opts['PUBLICDIR'] .$this->opts['PRIVATEDIR']) .DIRECTORY_SEPARATOR; $this->opts['CONTENTDIR'] = realpath($this->opts['PRIVATEDIR'] .$this->opts['CONTENTDIR']) .DIRECTORY_SEPARATOR; $this->opts['CACHEDIR'] = realpath($this->opts['PRIVATEDIR'] .$this->opts['CACHEDIR']) .DIRECTORY_SEPARATOR; $this->opts['ERRORDIR'] = realpath($this->opts['CONTENTDIR'] .$this->opts['ERRORDIR']) .DIRECTORY_SEPARATOR; $this->opts['TEMPLATEDIR' = realpath($this->opts['CONTENTDIR'] .$this->opts['TEMPLATEDIR']) .DIRECTORY_SEPARATOR; // then here I have to check that PRIVATEDIR is above PUBLICDIR // and that all the rest remain within private dir and don't drop // down into (or below) PUBLICDIR again. And die with an error if // they don't conform. } The thing is this seems like a lot of work to do, especially as it must be run, every time a page is accessed, before I can do anything else, e.g check for a cached version of the page I'm serving. Part of me is thinking, since all of these paths are predefined by the maintainer of the site, they SHOULD be aware of what paths they are allowing access to and ensuring they are secure. But, I think I'm thinking that because currently I am said maintainer, and I KNOW my paths conform to the rules. That said, I do want to secure this thing from any accidental errors by future maintainers (and I bet, now I've said above "I KNOW...", probably from myself somewhere down the line). This just feels like a suboptimal solution. I wonder how fast this would really be and what you would suggest to improve it or as an alternative? Thanks.

    Read the article

  • Captcha Decoded

    - by Web Lover
    Hi, I have seen some captchas being decode using javascript, php, etc. How do they do it? For example, very popular megaupload site's captcha has also been decoded.

    Read the article

  • iPhone AES encryption issue

    - by Dilshan
    Hi, I use following code to encrypt using AES. - (NSData*)AES256EncryptWithKey:(NSString*)key theMsg:(NSData *)myMessage { // 'key' should be 32 bytes for AES256, will be null-padded otherwise char keyPtr[kCCKeySizeAES256 + 1]; // room for terminator (unused) bzero(keyPtr, sizeof(keyPtr)); // fill with zeroes (for padding) // fetch key data [key getCString:keyPtr maxLength:sizeof(keyPtr) encoding:NSUTF8StringEncoding]; NSUInteger dataLength = [myMessage length]; //See the doc: For block ciphers, the output size will always be less than or //equal to the input size plus the size of one block. //That's why we need to add the size of one block here size_t bufferSize = dataLength + kCCBlockSizeAES128; void* buffer = malloc(bufferSize); size_t numBytesEncrypted = 0; CCCryptorStatus cryptStatus = CCCrypt(kCCEncrypt, kCCAlgorithmAES128, kCCOptionPKCS7Padding, keyPtr, kCCKeySizeAES256, NULL /* initialization vector (optional) */, [myMessage bytes], dataLength, /* input */ buffer, bufferSize, /* output */ &numBytesEncrypted); if (cryptStatus == kCCSuccess) { //the returned NSData takes ownership of the buffer and will free it on deallocation return [NSData dataWithBytesNoCopy:buffer length:numBytesEncrypted]; } free(buffer); //free the buffer; return nil; } However the following code chunk returns null if I tried to print the encryptmessage variable. Same thing applies to decryption as well. What am I doing wrong here? NSData *encrData = [self AES256EncryptWithKey:theKey theMsg:myMessage]; NSString *encryptmessage = [[NSString alloc] initWithData:encrData encoding:NSUTF8StringEncoding]; Thank you

    Read the article

  • What's the big deal with brute force on hashes like MD5

    - by Jan Kuboschek
    I just spent some time reading http://stackoverflow.com/questions/2768248/is-md5-really-that-bad (I highly recommend!). In it, it talks about hash collisions. Maybe I'm missing something here, but can't you just encrypt your password using, say, MD5 and then, say, SHA-1 (or any other, doesn't matter.) Wouldn't this increase the processing power required to brute-force the hash and reduce the possibility of collision?

    Read the article

  • What reasons are there NOT to use OpenID?

    - by cletus
    You see a fair bit (in the Geek community anyway) about OpenID. It seems like a good idea. I'm developing a website that will be targeted at a somewhat less geeky audience (but not quite Mom and Pops either) so I have to wonder if OpenID is going to be "too hard" for some audiences. What do you think? That aside, are there any other technical or non-technical reasons NOT to use OpenID?

    Read the article

  • Strongest cipher available to use with C/C++ ?

    - by George0x77
    I am just wondering if you are supposed to write a sort of really secure application with data being transmitted over insecure networks, what kind of encryption algorithm will you use it in order to make it safe ? I know several c++ libraries for encryption providing nice functions with different algorithms, but i'm not quite sure which cipher to use - AES, DES, RSA, Blowfish or maybe something more different ? Please provide your ideas and suggestions. Thank you.

    Read the article

  • Block upload of executable images (PHP)

    - by James Simpson
    It has come to my attention that a user has been trying to create an exploit through avatar image uploads. This was discovered when a user reported to me that they were getting a notice from their Norton Anti-virus saying "HTTP Suspicious Executable Image Download." This warning was referencing the user's avatar image. I don't think they had actually achieved anything in the way of stealing information or anything like that, but I assume it could be possible if the hole is left open long enough. I use PHP to upload the image files, and I check if the file being uploaded is a png, jpg, or gif.

    Read the article

  • Is there any way to view PHP code (the actual code not the compiled result) from a client machine?

    - by Columbo
    This may be a really stupid question...I started worrying last night that there might be someway to view PHP files on a server via a browser or someother means on a client machine. My worry is, I have an include file that contains the database username and password. If there were a way to put the address of this file in to a browser or some other system and see the code itself then it would be an issue for obvious reasons. Is this a legitimate concern? If so how do people go about preventing this?

    Read the article

  • Ways to restrict WCF Service so only our apps can access it.

    - by RP
    I have a public WCF Service. I have a WPF Desktop app & a silverlight app. My apps does not have any login requirements. I want to make it difficult for another developer / website to make use of my service. What's the best way to restrict access to my service? Use SSL and have the desktop / silverlight app store a token inside of it?

    Read the article

  • SQL injection attempt on my server

    - by Jan Kuboschek
    I know a little about SQL injections and URL decode, but can someone who's more of an expert than me on this matter take a look at the following string and tell me what exactly it's trying to do? Some kid from Beijing a couple weeks ago tried a number of injections like the one below. %27%20and%20char(124)%2Buser%2Bchar(124)=0%20and%20%27%27=%27

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 186 187 188 189 190 191 192 193 194 195 196 197  | Next Page >