Search Results

Search found 4220 results on 169 pages for 'generating passwords'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 35/169 | < Previous Page | 31 32 33 34 35 36 37 38 39 40 41 42  | Next Page >

  • What are the attack vectors for passwords sent over http?

    - by KevinM
    I am trying to convince a customer to pay for SSL for a web site that requires login. I want to make sure I correctly understand the major scenarios in which someone can see the passwords that are being sent. My understanding is that at any of the hops along the way can use a packet analyzer to view what is being sent. This seems to require that any hacker (or their malware/botnet) be on the same subnet as any of the hops the packet takes to arrive at its destination. Is that right? Assuming some flavor of this subnet requirement holds true, do I need to worry about all the hops or just the first one? The first one I can obviously worry about if they're on a public Wifi network since anyone could be listening in. Should I be worried about what's going on in subnets that packets will travel across outside this? I don't know a ton about network traffic, but I would assume it's flowing through data centers of major carriers and there's not a lot of juicy attack vectors there, but please correct me if I am wrong. Are there other vectors to be worried about outside of someone listening with a packet analyzer? I am a networking and security noob, so please feel free to set me straight if I am using the wrong terminology in any of this.

    Read the article

  • BCrypt says long, similar passwords are equivalent - problem with me, the gem, or the field of crypt

    - by PreciousBodilyFluids
    I've been experimenting with BCrypt, and found the following. If it matters, I'm running ruby 1.9.2dev (2010-04-30 trunk 27557) [i686-linux] require 'bcrypt' # bcrypt-ruby gem, version 2.1.2 @long_string_1 = 'f287ed6548e91475d06688b481ae8612fa060b2d402fdde8f79b7d0181d6a27d8feede46b833ecd9633b10824259ebac13b077efb7c24563fce0000670834215' @long_string_2 = 'f6ebeea9b99bcae4340670360674482773a12fd5ef5e94c7db0a42800813d2587063b70660294736fded10217d80ce7d3b27c568a1237e2ca1fecbf40be5eab8' def salted(string) @long_string_1 + string + @long_string_2 end encrypted_password = BCrypt::Password.create(salted('password'), :cost => 10) puts encrypted_password #=> $2a$10$kNMF/ku6VEAfLFEZKJ.ZC.zcMYUzvOQ6Dzi6ZX1UIVPUh5zr53yEu password = BCrypt::Password.new(encrypted_password) puts password.is_password?(salted('password')) #=> true puts password.is_password?(salted('passward')) #=> true puts password.is_password?(salted('75747373')) #=> true puts password.is_password?(salted('passwor')) #=> false At first I thought that once the passwords got to a certain length, the dissimilarities would just be lost in all the hashing, and only if they were very dissimilar (i.e. a different length) would they be recognized as different. That didn't seem very plausible to me, from what I know of hash functions, but I didn't see a better explanation. Then, I tried shortening each of the long_strings to see where BCrypt would start being able to tell them apart, and I found that if I shortened each of the long strings to 100 characters or so, the final attempt ('passwor') would start returning true as well. So now I don't know what to think. What's the explanation for this?

    Read the article

  • Possible to get cleartext password?

    - by Farhan
    I have hosting service hosted on more than 20+ Plesk servers, version 11. As in the previous versions, the passwords were not encrypted, then if i had to design some tools to manage the hosting accounts, i just picked up the cleartext passwords from the Database. but as now the passwords are encrypted, is there any way i can decrypt the passwords? through API or any other way so that i can integrate my php based hosting management with plesk 11?

    Read the article

  • is it okay to use random URLs instead of passwords?

    - by stew
    Is it considered "safe" to use URL constructed from random characters like this? http://example.com/EU3uc654/Photos I'd like to put some files/picture galleries on a webserver that are only to be accessed by a small group of users. My main concern is that the files should not get picked up by search-engines or curious power-users that poke around my site. I've set up an .htaccess file, just to notice that clicking on http://user:pass@url/ links doesn't work well with some browsers/email clients, prompting dialogs and warnings messages that confuse my not-too-computer-savy users.

    Read the article

  • Is it possible as an Administrator to gain access to a SQL Server 2008 instance without changing any passwords?

    - by adhocgeek
    I have administrative access on our network, but I don't manage the installation of all servers or software. On some of our machines instances of SQL Server 2008 have been installed which I need to be able to access, but since my account hasn't been explicitly granted a login, I can't get into. Is there a way to get into the database without changing anyone's password (e.g. I could solve this by changing the password of the user who installed the instance, assuming they've set themselves up as admin, and then logging on as them, but I don't want to have to do this).

    Read the article

  • Is it possible to allow saved passwords for remote desktop in a domain environment?

    - by user2813274
    I have checked the "remember password" and every single time, even if it connects correctly after I type a password and check the box, it does not allow subsequent logins using the stored password, saying that it is invalid - is it being saved improperly somehow? is it being disabled by some obscure setting somewhere? (which would be very counter-intuitive, seeing as how the check box is available). I have tried both with domain and non-domain (local) admin accounts, and am using the FQDN for the server. edit: as a troubleshooting step, where would one go to find the (hopefully hashed) password?

    Read the article

  • How to keep multiple connectionString passwords safe, separate, and easy to deploy?

    - by Funka
    I know there are plenty of questions here already about this topic (I've read through as many as I could find), but I haven't yet been able to figure out how best to satisfy my particular criteria. Here are the goals: The ASP.NET application will run on a few different web servers, including localhost workstations for development. This means encrypting web.config using a machine key is out. The application will decide which connection string to use based on the server name (using a switch statement). For example, "localhost" and "dev.example.com" will use the DevDatabaseConnectionString, "test.example.com" will use the TestDatabaseConnectionString, and "www.example.com" will use the ProdDatabaseConnectionString, for example. Ideally, the exact same executables and web.config should be able to run on any of these environments, without needing to tailor or configure each environment separately every time that we deploy (something that seems like it would be easy to forget/mess up one day during a deployment, which is why we moved away from having just one connectionstring that has to be changed on each target). Deployment is currently accomplished via FTP. We will not have command-line access to the production web server. This means using aspnet_regiis.exe is out. (I could run on localhost, however, if this would still work.) We would prefer to not have to recompile the application whenever a password changes, so using web.config (or db.config or whatever) seems to make the most sense. A developer should not be able to decrypt the production database password. If a developer checks the source code out onto their localhost laptop (which would determine that it should be using the DevDatabaseConnectionString, remember?) and the laptop gets lost or stolen, it should not be possible to get at the other connection strings. Thus, having a single RSA private key to un-encrypt all three passwords cannot be considered. (Contrary to #3 above, it does seem like we'd need to have three separate key files if we went this route; these could be installed once per machine, and should the wrong key file get deployed to the wrong server, the worst that should happen is that the app can't decrypt anything---and not allow the wrong host to access the wrong database!) I know this is probably a subjective question (asking for a "best" way to do something), but given the criteria I've mentioned, I'm hoping that a single best answer will indeed arise. Thank you!

    Read the article

  • Authlogic: passwords saved in the DB are not working as expected.

    - by user570459
    Hello everyone, Im having trouble with authlogic on my production server. Im able to update passwords in the database but when i try to validate a user using the new password, the validation fails. Please check the below console output. Notice how the salt and crypted_password fields get update before and after the new password is saved. The issue is only on my production server (running passenger). Everything works fine on my development machine. => #<User id: 3, login: "saravk", email: "[email protected]", crypted_password: "9bc86247105e940bb748ab680c0e77d9c44a82ea", salt: "WdVpQIdwl68k8lJWOU"> irb(main):003:0> u.password = "kettik123" => "kettik123" irb(main):004:0> u.password_confirmation = "kettik123" => "kettik123" irb(main):005:0> u.save! => true irb(main):006:0> u.valid_password?("kettik123") => true irb(main):007:0> u.reload => #<User id: 3, login: "saravk", email: "[email protected]", crypted_password: "f059007c56f498a12c63209c849c1e65bb151174", salt: "lVmmczhyGE0gxsbV421A"> irb(main):008:0> u.valid_password?("kettik123") => false The authlogic configuration in my User model.. class User < ActiveRecord::Base acts_as_authentic do |c| c.login_field :email c.validate_login_field false c.validate_email_field false c.perishable_token_valid_for = 1.day c.disable_perishable_token_maintenance = true end I use the email field as the main key for the user. Also the email field is allowed to be blank in some cases (eg a facebook user) Also i belive that my schema is proper (in terms of the length of the salt & crypted password fields) create_table "users", :force => true do |t| t.string "login" t.string "email" t.string "crypted_password", :limit => 128, :default => "" t.string "salt", Any help on this would be highly appreciated. Thanks.

    Read the article

  • How to make CMake to generate KDE-style makefiles with progress tracking?

    - by mhambra
    Generating moc_krvfshandler.cpp [ 2%] [ 2%] Building CXX object krusader/GUI/CMakeFiles/GUI.dir/GUI_automoc.o Building CXX object krusader/DiskUsage/CMakeFiles/DiskUsage.dir/DiskUsage_automoc.o [ 2%] Building CXX object krusader/Dialogs/CMakeFiles/Dialogs.dir/Dialogs_automoc.o Generating moc_krmousehandler.cpp [ 3%] Building CXX object krusader/ActionMan/CMakeFiles/ActionMan.dir/actionman.o Generating moc_packjob.cpp [ 4%] Building CXX object krusader/Dialogs/CMakeFiles/Dialogs.dir/krsqueezedtextlabel.o Generating moc_krpreviews.cpp [ 4%] Built target VFS_automoc [ 4%] Generating moc_krvfsmodel.cpp Wanted the same thing.

    Read the article

  • How do I locate the app generating this network traffic?

    - by Christopher Bartels
    I don't know what this process is doing on my computer. I run Windows 7 Professional w/ all its updates running current non-free antivirus. I only see it in Resource Monitor, where you can see the Network Service process connected to bitum.nnov.ru. When my PC's network traffic generating apps are idle, this process is using the most of all the idle processes using the network. Screenshot hosted here: http://sss.proinbox.com/bitum-nnov-ru.jpg Does anyone recognize this? The page source mentions a control port & a stream port: Page Source for http://bitum.nnov.ru : <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title>DVR WebViewer</title> <meta http-equiv="Content-Type" content="text/html; charset=euc-kr"> </head> <body topmargin="0" leftmargin="0"> <OBJECT classid="clsid:EE479A40-C128-40DD-93DA-000556AF9607" codebase="CtrWeb.cab#version=1,0,2,2" width=875 height=585 align=center hspace=0 vspace=0 > <param name="CmdPort" value="5920"> <param name="StreamPort" value="5921"> </body> </html> When I google this page's title, I see a number of other domains that host the same page. Whois: domain: NNOV.RU nserver: ns.kis.ru. nserver: ns.nnov.ru. 78.25.80.210 nserver: ns1.kis.ru. nserver: ns2.kis.ru. state: REGISTERED, DELEGATED, VERIFIED org: "Agentstvo Delovoj Svjazi", Ltd registrar: RU-CENTER-REG-RIPN admin-contact: https://www.nic.ru/whois created: 1996.10.23 paid-till: 2012.11.01 free-date: 2012.12.02 source: TCI Last updated on 2012.06.16 04:20:46 MSK

    Read the article

  • is it possible to write a program which prints its own source code utilizing a "sequence-generating-

    - by guest
    is it possible to write a program which prints its own source code utilizing a "sequence-generating-function"? what i call a sequence-generating-function is simply a function which returns a value out of a specific interval (i.e. printable ascii-charecters (32-126)). the point now is, that this generated sequence should be the programs own source-code. as you see, implementing a function which returns an arbitrary sequence is really trivial, but since the returned sequence must contain the implementation of the function itself it is a highly non-trivial task. this is how such a program (and its corresponding output) could look like #include <stdio.h> int fun(int x) { ins1; ins2; ins3; . . . return y; } int main(void) { int i; for ( i=0; i<size of the program; i++ ) { printf("%c", fun(i)); } return 0; } i personally think it is not possible, but since i don't know very much about the underlying matter i posted my thoughts here. i'm really looking forward to hear some opinions!

    Read the article

  • Generating different randoms valid for a day on different independent devices?

    - by Pentium10
    Let me describe the system. There are several mobile devices, each independent from each other, and they are generating content for the same record id. I want to avoid generating the same content for the same record on different devices, for this I though I would use a random and make it so too cluster the content pool based on these randoms. Suppose you have choices from 1 to 100. Day 1 Device#1 will choose for the record#33 between 1-10 Device#2 will choose for the record#33 between 40-50 Device#3 will choose for the record#33 between 50-60 Device#1 will choose for the record#55 between 40-50 Device#2 will choose for the record#55 between 1-10 Device#3 will choose for the record#55 between 10-20 Device#1 will choose for the record#11 between 1-10 Device#2 will choose for the record#22 between 1-10 Device#3 will choose for the record#99 between 1-10 Day 2 Device#1 will choose for the record#33 between 90-100 Device#2 will choose for the record#33 between 1-10 Device#3 will choose for the record#33 between 50-60 They don't have access to a central server. Data available for each of them: IMEI (unique per mobile) Date of today (same on all devices) Record id (same on all devices) What do you think, how is it possible? ps. tags can be edited

    Read the article

  • linux + automated rsync command

    - by Diana
    my target is to copy /tmp/my_file from 10.10.10.1 to my Linux machine without login and password , I set the passwords file with the right password - secret123 so rsync should work , please advice why I get Permission denied. Remark - 10.10.10.1 address is linux machine version – red hat 5.3 rsync -WavH --password-file=/tmp/passwords --progress [email protected]:/tmp/my_file . Permission denied. rsync: connection unexpectedly closed (0 bytes read so far) rsync error: error in rsync protocol data stream (code 12) at io.c(165) more /tmp/passwords secret123 ls -ltr passwords -rwxr-xr-x 1 root root 10 Sep 12 17:32 passwords

    Read the article

  • How can I restore the stored password in firefox 15.0.1 when deleted by error?

    - by Bob Legringe
    I, by error, deleted my stored passwords, using the "Wise disc cleaner 7" program. As I saw on another thread, the passwords are stored in 2 files signons.sqlite and the encryption key file key3.db When opening the file signons.sqlite with the text editor, I can see that the web adresses of the sites belonging to the passwords are still there. They have not been deleted by the "Wise disc cleaner 7" program, and adding a stored password on Firefox just modifies the file. However, Firefox will not display my old stored passwords and neither their respective sites. Is there any way to "undelete" the passwords?

    Read the article

  • Apache 2.2.21 installation on Linux 6 but got error while accessing in browser

    - by JRanjan
    I am very new to linux. I have install apache 2.2.21 on linux 6 platform. While i am using ./apachectl start or ./apachectl -k start command it shows that apache is started. But while i am trying to to access apache default page in any browser using " http://:8080 " it shows page cannot be displayed. Can any one help me on this issue ??????? Plz its urgent.. I am also enclosing the error_log file as below: error_log file [Thu Nov 24 08:57:23 2011] [notice] Apache/2.2.21 (Unix) DAV/2 configured -- resuming normal operations [Fri Nov 25 01:45:58 2011] [notice] caught SIGTERM, shutting down [Fri Nov 25 01:46:12 2011] [notice] Digest: generating secret for digest authentication ... [Fri Nov 25 01:46:12 2011] [notice] Digest: done [Fri Nov 25 01:46:13 2011] [notice] Apache/2.2.21 (Unix) DAV/2 configured -- resuming normal operations [Fri Nov 25 01:54:58 2011] [notice] caught SIGTERM, shutting down [Fri Nov 25 01:55:10 2011] [notice] Digest: generating secret for digest authentication ... [Fri Nov 25 01:55:10 2011] [notice] Digest: done [Fri Nov 25 01:55:11 2011] [notice] Apache/2.2.21 (Unix) DAV/2 configured -- resuming normal operations [Fri Nov 25 01:58:10 2011] [notice] caught SIGTERM, shutting down [Fri Nov 25 01:59:41 2011] [notice] Digest: generating secret for digest authentication ... [Fri Nov 25 01:59:41 2011] [notice] Digest: done [Fri Nov 25 01:59:42 2011] [notice] Apache/2.2.21 (Unix) DAV/2 configured -- resuming normal operations [Fri Nov 25 03:23:14 2011] [notice] caught SIGTERM, shutting down [Fri Nov 25 03:27:36 2011] [notice] Digest: generating secret for digest authentication ... [Fri Nov 25 03:27:36 2011] [notice] Digest: done [Fri Nov 25 03:27:37 2011] [notice] Apache/2.2.21 (Unix) DAV/2 configured -- resuming normal operations [Fri Nov 25 08:52:27 2011] [notice] caught SIGTERM, shutting down [Fri Nov 25 08:52:43 2011] [notice] Digest: generating secret for digest authentication ... [Fri Nov 25 08:52:43 2011] [notice] Digest: done [Fri Nov 25 08:52:44 2011] [notice] Apache/2.2.21 (Unix) DAV/2 configured -- resuming normal operations [Fri Nov 25 09:21:39 2011] [notice] caught SIGTERM, shutting down [Fri Nov 25 09:21:57 2011] [notice] Digest: generating secret for digest authentication ... [Fri Nov 25 09:21:57 2011] [notice] Digest: done [Fri Nov 25 09:21:58 2011] [notice] Apache/2.2.21 (Unix) DAV/2 configured -- resuming normal operations [Mon Nov 28 01:06:58 2011] [notice] caught SIGTERM, shutting down [Mon Nov 28 01:07:58 2011] [notice] Digest: generating secret for digest authentication ... [Mon Nov 28 01:07:58 2011] [notice] Digest: done [Mon Nov 28 01:07:59 2011] [notice] Apache/2.2.21 (Unix) DAV/2 configured -- resuming normal operations

    Read the article

  • Maven best practice for generating multiple jars with different/filtered classes ?

    - by jaguard
    I developed a Java utility library (similarly to Apache Commons) that I use in various projects. Additionally to fat clients I also use it for mobile clients (PDA with J9 Foundation profile). In time the library that started as a single project spread over multiple packages. As a result I end up with a lot of functionality but not really needed in all the projects. Since this library is also used inside some mobile/PDA projects I need a way to collect just the used classes and generate the actual specialized jars Currently in the projects that area using this library, I have Ant jar tasks that generate (from the utility project) the specialized jar files (ex: my-util-1.0-pda.jar, my-util-1.0-rcp.jar) using include/exclude jar task features. This is mostly needed due to the generated jar size constraints for the mobile projects. Migrating now to Maven I just wonder if there are any best practices to arrive to something similar so I consider the following scenarios: [1] - additionally to the main jar artifact (my-lib-1.0.jar) also generating inside my-lib project the separate/specialized artifacts using classifiers (ex: my-lib-1.0-pda.jar) using Maven Jar Plugin or Maven Assembly Plugin filtering/includes ... I'm not very comfortable with this approach since it pollute the library with library consumers demands (filters) [2] - Create additional Maven projects for all the specialized clients/projects, that will "wrap" the "my-lib" and generate the filtered jar artifacts (ex: my-lib-wrapper-pda-1.0 ...etc). As a result, these wrapper projects will include the filtering (to generate the filtered artifact) and will depend just on the "my-lib" project and the client projects will depend on my-lib-wrapper-xxx-1.0 instead of my-lib-1.0. This approach my look problematic since even that will let "my-lib" project intact (with no additional classifiers & artifacts), basically will double the number of projects since for every client project I'll have one just to collect the needed classes from the "my-util" library ("my-pda-app" project will need a "my-lib-wrapper-for-my-pda-app" project/dependency) [3] - Into the every client project that use the library (ex: my-pda-app) add some specialized Maven plugins to trim - out (when generating the final artifact/package) the un-needed classes (ex: maven-assembly-plugin, maven-jar-plugin, proguard-maven-plugin) What is the best practice for solving this kind of problems in the "Maven way" ?!

    Read the article

  • Is generating real random numbers this easy in C#?

    - by JL
    I found this code using Google. private int RandomNumber(int min, int max) { Random random = new Random(); return random.Next(min, max); } Is this really all there is to generating REAL random numbers in C#? I intend to generate on a small scale between values 1-10. Thanks

    Read the article

  • How can I test email generating without creating and checking 1,000 addresses?

    - by twpc
    I am working on generating emails using Java. I would love to use some sort of system where I can send out mass emails and ensure that the emails were received by the intended recipient (A. My code to send the emails worked and B.The emails were not marked as spam). How can I do this without setting up (and keeping track of) a couple hundred email addresses and then checking each one individually? Thanks!

    Read the article

  • HOWTO: Disable complex password policy on Hyper-V Server 2008?

    - by Ian Boyd
    How do you disable the password complexity requirements on a Microsoft Hyper-V Server 2008 R2? Keep in mind that when you log into the server, the only UI you have is: And you cannot run gpedit.msc: C:\Users\Administrator>gpedit.msc 'gpedit.msc' is not recognized as an internal or external command, operable program or batch file. because there are no .msc snap-ins installed with Microsoft Hyper-V Server 2008 R2. The problem comes when you're trying to add an account to the server, so you can manage it, but it doesn't like most passwords: And, predictably, typing NET HELPMSG 2245 gives you The password does not meet the password policy requirements. Check the minimum p assword length, password complexity and password history requirements. i hoped it would have been a friendly user experience, and either: offered to disable the password policy tell me how to disable the password policy tell me how to check the minimum password length, password complexity and password history requirements. Password Complexity Requirements The Microsoft's default password complexity for Server Core is: Passwords cannot contain the user’s account name or parts of the user’s full name that exceed two consecutive characters. Passwords must be at least six characters in length. Passwords must contain characters from three of the following four categories: 1.English uppercase characters (A through Z). 2.English lowercase characters (a through z). 3.Base 10 digits (0 through 9). 4.Non-alphabetic characters (for example, !, $, #, %). External links Technet Forums: Hyper-V Server disable complex passwords Technet: Passwords must meet complexity requirements of the installed password filter Update: 2k views? So many people keep coming coming to it: up-vote it!

    Read the article

  • how to stop generating code on a particular button?

    - by coure06
    I am trying to create an input button for my own use in my web-application thats using jquery framework. But when I see the html code in browser, the framework is generating some wrapper code around that input, how to prevent that code to be not generated? my code: <input type="button" value="off" class="toggle-btn" id="toggle-btn1" /> Generated output: <div data-theme="c" class="ui-btn ui-btn-corner-all ui-shadow ui-btn-up-c"> <span class="ui-btn-inner ui-btn-corner-all"> <span class="ui-btn-text">off</span> </span> <input type="button" id="toggle-btn1" class="toggle-btn ui-btn-hidden" value="off"> </div>

    Read the article

  • Can I use ANTLR for both two-way parsing/generating?

    - by Mike Q
    Hi all, I need to both parse incoming messages and generate outgoing messages in EDIFACT format (basically a structured delimited format). I would like to have a Java model that will be generated by parsing a message. Then I would like to use the same model to create an instance and generate a message. The first half is fine, I've used ANTLR before to go from raw - Java objects. But I've never done the reverse, or if I have it's been custom. Does ANTLR support generating using a grammar or is it really just a parse-only tool?

    Read the article

  • comparing salt and hashed passwords during login doesn't seem work right....

    - by Pandiya Chendur
    I stored salt and hash values of password during user registration... But during their login i then salt and hash the password given by the user, what happens is a new salt and a new hash is generated.... string password = collection["Password"]; reg.PasswordSalt = CreateSalt(6); reg.PasswordHash = CreatePasswordHash(password, reg.PasswordSalt); These statements are in both registration and login.... salt and hash during registration was eVSJE84W and 18DE22FED8C378DB7716B0E4B6C0BA54167315A2 During login it was 4YDIeARH and 12E3C1F4F4CFE04EA973D7C65A09A78E2D80AAC7..... Any suggestion.... public static string CreateSalt(int size) { //Generate a cryptographic random number. RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider(); byte[] buff = new byte[size]; rng.GetBytes(buff); // Return a Base64 string representation of the random number. return Convert.ToBase64String(buff); } public static string CreatePasswordHash(string pwd, string salt) { string saltAndPwd = String.Concat(pwd, salt); string hashedPwd = FormsAuthentication.HashPasswordForStoringInConfigFile( saltAndPwd, "sha1"); return hashedPwd; }

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 31 32 33 34 35 36 37 38 39 40 41 42  | Next Page >