Search Results

Search found 15035 results on 602 pages for 'request'.

Page 365/602 | < Previous Page | 361 362 363 364 365 366 367 368 369 370 371 372  | Next Page >

• Command to determine whether ZooKeeper Server is Leader or Follower

  - by utrecht

  Introduction A ZooKeeper Quorum consisting of three ZooKeeper servers has been created. The zoo.cfg located on all three ZooKeeper servers looks as follows: maxClientCnxns=50 # The number of milliseconds of each tick tickTime=2000 # The number of ticks that the initial # synchronization phase can take initLimit=10 # The number of ticks that can pass between # sending a request and getting an acknowledgement syncLimit=5 # the directory where the snapshot is stored. dataDir=/var/lib/zookeeper # the port at which the clients will connect clientPort=2181 server.1=ip1:2888:3888 server.2=ip2:2888:3888 server.3=ip3:2888:3888 It is clear that one of the three ZooKeeper servers will become the Leader and the others Followers. If the Leader ZooKeeper server has been shutdown the Leader election will start again. The aim is to check if another ZooKeeper server will become the Leader if the Leader server has been shut down. Question Which command needs to be issued to check whether a ZooKeeper server is a Leader or a Follower?

  Read the article

• Windows 7 XPS Document Writer has stopped working

  - by jamie

  I have successfully used the Windows 7 XPS Document writer for quite a while under windows 7 (64 bit). Now however when i try to print i get prompted twice for the output file name and then get different error messages depending upon the application being used. e.g. Notepad gives a 'The I/O operation has been aborted because of either a thread exit or an application request'. I have disabled and reenabled the XPS facilities of windows features and have similiarly removed and readded the printer. But the end result is the same. I've uninstalled all applications i have installed since the time when i know it worked but this also has not made any difference. Suggestions please!

  Read the article

• Configure akamai to ignore favicon errors [on hold]

  - by Aki

  We have hosted our services through akamai and have configured and alert in akamai to notify us of 404 errors. We dont want to serve favicon from our services (as they are rest webservices which are not consumed by humans, hence no point in serving favicons). But whenever thesewebservices are accessed from a browser the browser would send a request for the favicon, which ends up being logged as a 404 and akamai sends us an alert for this. Is there a way to configure akamai in a way that it understands that favicon 404s should not contribute to the alert?

  Read the article

• SQL-Server 2008 : Table Insert and Range Check ?

  - by LB .

  I'm using the Table Value constructor to insert a bunch of rows at a time. However if i'm using sql replication, I run into a range check constraint on the publisher on my id column managed automatically. The reason is the fact that the id range doesn't seem to be increased during an insert of several values, meaning that the max id is reached before the actual range expansion could occur (or the id threshold). It looks like this problem for which the solution is either running the merge agent or run the sp_adjustpublisheridentityrange stored procedure. I'm litteraly doing something like : INSERT INTO dbo.MyProducts (Name, ListPrice) VALUES ('Helmet', 25.50), ('Wheel', 30.00), ((SELECT Name FROM Production.Product WHERE ProductID = 720), (SELECT ListPrice FROM Production.Product WHERE ProductID = 720)); GO What are my options (if I don't want or can't adopt any of the proposed solution) ? Expand the range ? Decrease the threshold ? Can I programmatically modify my request to circumvent this problem ? thanks.

  Read the article

• ErrorDocument 404 not found in non-existent subdomain

  - by Question Overflow

  I am trying to get the apache server to issue a custom 404 error for invalid subdomains. The following is the relevant part of the httpd configuration: Alias /err/ "/var/www/error/" ErrorDocument 404 /err/HTTP_NOT_FOUND.html.var <VirtualHost *:80> # the default virtual host ServerName site_not_found Redirect 404 / </VirtualHost> <VirtualHost *:80> ServerName example.com ServerAlias ??.example.com </VirtualHost> What I get instead is this: Not Found The requested URL / was not found on this server. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request. I don't understand why a URL to non-existent-subdomain.example.com produces a 404 error without custom error as shown above while a URL to eg.example.com/non-existent-file produces the full custom 404 error. Can someone advise on this. Thanks.

  Read the article

• PHP script unable to email on OpenBSD Apache

  - by MattC

  I have a webserver running OpenBSD 4.7 and PHP 5.2.12 out of the ports tree. There is a small contact page that is supposed to send an email to a specific address. When I fill in the form using a web browser, it sends the AJAX request to the PHP page which claims it worked successfully but there is no email. The maillog is empty as well. I created a small php script that replicates this functionality and when I run it by hand using the "php -f" command, it sends an email without a problem. I think this has to do with being chrooted but I can't seem to get it to work. Furthermore, I can't seem to get PHP to log. I told it to log to /var/www/logs/php_errors.log and restarted but can't get it to send anything to the file. Does anyone have any tips for debugging these sort of things in OpenBSD?

  Read the article

• Google is displaying "Translate this page" based on a previously registered domain inbound links

  - by crnm

  I recently started a new project with a newly registered generic tld domain. As soon as Google started indexing the page, it displayed a "translate this page" in SERP's, which tries to translate the page to the language of a small Eastern European country from the language that the site actually uses. I tried everything to prevent this: language meta headers and attributes, localisation through Google Webmaster Tools...all to no avail - nothing helped. After a couple of weeks I spotted dozens of inbound links popping up in Google Webmaster Tools all coming from that small Eastern European country, from sub-pages that are not active anymore (either sending out 404's or 301's to the main page), and also had been written in that other language. So the domain had been registered before and as it looks, it did got a lot of possibly spam links in that language. I can't even ask the sites where those links should have been to remove them as they are not active anymore physically, just in Google Webmaster Tools and/or internal data masses... Now I'm at a loss about what to do? As my site is pretty new, it does not have many links pointing towards it in my targeted language. So those are probably not enough to convince Google of attaching the right language to it as Google ignores all other signals about the page language. I'm also unsure if I should use the "disavow" tool, or a reconsideration request...or what else to do about this miserable state. I never used these tools before so I don't have any experience with them. Somehow I have to convince Google about the right language of the page and also to not count/apply/whatever all those historical links from the previous owner. (The domain had been deleted without any traces in Google before I registered it) Has anyone here ever dealt with a similar "Translate this page" problem? (I've also looked at this thread: How can I prevent Google mistakenly offering to translate a page? but didn't find a solution there)

  Read the article

• Drive stopped working on windows server 2003 and I receive a "controller error"

  - by Durden81

  I can access the server in safe mode. I have a Proliant 360 Hp server with Windows server 2003 R2. The event viewer is completely filled up with this error: the driver detected a controller error on Device\Harddisk3\DR3 I individuated the drive affected. It is drive H that is a secondary non mirrored drive. When I access anything on that drive I receive: "the request could not be performed because of an I/O device error" What should I do? Is this just a driver issue or a hard drive failure? Please give me a quick help as my websites are offline due to this. Any suggestion is welcome!

  Read the article

• Amazon EC2 Web server in Load Balancer gives 503

  - by dale

  we've been running our web servers at Amazon with load balancer and auto-scaling for over a year with no problem. All of a sudden today the request began to get aborted with the error: 503 ... Backend server is at capacity The web servers are at 1% CPU and no other alarms trigger. We use Amazons load balancer and nginx. Lots of requests like this are showing up in the access_log. 10.246.114.93 - - [05/Jun/2014:20:16:09 +0000] "-" 400 0 "-" "-" 10.246.114.93 - - [05/Jun/2014:20:16:09 +0000] "-" 400 0 "-" "-" 10.246.114.93 - - [05/Jun/2014:20:16:09 +0000] "-" 400 0 "-" "-" 10.246.114.93 - - [05/Jun/2014:20:16:09 +0000] "-" 400 0 "-" "-" 10.246.114.93 - - [05/Jun/2014:20:16:10 +0000] "-" 400 0 "-" "-" 10.246.114.93 - - [05/Jun/2014:20:16:10 +0000] "-" 400 0 "-" "-" 10.246.114.93 - - [05/Jun/2014:20:16:10 +0000] "-" 400 0 "-" "-" 10.229.15.214 - - [05/Jun/2014:20:16:10 +0000] "-" 400 0 "-" "-" 10.229.15.214 - - [05/Jun/2014:20:16:10 +0000] "-" 400 0 "-" "-" Any thoughts?

  Read the article

• Asking for Credentials, when requesting shared folders on the server, regularly for domain users?

  - by MFH

  In our network, single domain controller, when some users (members of the domain) request shared folders on the server they are required to enter their credentials, the server is Windows Server 2008 R2, even checking to remember my credentials doesn't work, sometimes it shows this message: "The system has detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you", sometimes it shows different messages, when I try to recreate the case sometimes I failed, I searched Google for it, I didn't find useful results, some talk about kerberos, but we don't use kerberos, this keeps going each day or two, how to overcome this, I don't want these messages to appear to users?

  Read the article

• Nothing is written in php5-fpm.log

  - by jaypabs

  I have two servers which is Ubuntu 12.04 and Ubuntu 14.04. When I use Ubuntu 14.04 in my new server and enabled the php-fpm log file found under /etc/php5/fpm/php-fpm.conf that reads as follows: error_log = /var/log/php5-fpm.log I noticed that most of the log that I found in Ubuntu 12.04 is not written in 14.04. For example, if I restart php5-fpm in my Ubuntu 12.04, a restart log is being written, however, this does not happen in 14.04. Another log which I missed in 14.04 are the following: [23-Aug-2014 16:23:03] NOTICE: [pool web42] child 118098 exited with code 0 after 12983.480191 seconds from start [23-Aug-2014 16:23:03] NOTICE: [pool web42] child 147653 started [23-Aug-2014 17:27:31] WARNING: [pool web8] child 76743, script '/var/www/mysite.com/web/wp-comments-post.php' (request: "POST /wp-comments-post.php") executing too slow (12.923022 sec), logging I really wanted to have this kind of log so I will know the length of time a slow script has executed. Does anyone know if there are other settings in Ubuntu 14.04 that I need to change in addition to /etc/php5/fpm/php-fpm.conf?

  Read the article

• Best way to protect website application code

  - by Gaz_Edge

  Background I have a web application that I host on my own server. I have clients who use the application as is, but some have asked if they can host the application on their own server. This enables them to have their own URLS rather than mine. The application only forms part of their website so I'm assuming it will not be possible for my server to respond to a direct call to their domain etc To give some examples, i currently have urls like www.mydomain.com/profile, www.mydomain.com/index.php?option=someoption&view=someview&id=1 What my clients' want is www.theirdomian.com/profile, www.theirdomian.com/index.php?option=someoption&view=someview&id=1 etc Question My question is, what is the best way for me to allow them to use their own URLs with my application, without giving them all the backend source code and databases to install on their server? One way I thought would be to create a router.php file that sits on their server. The router then asks my server to output the html. The router modifies all the links etc in the html source and outputs the new html through the clients server. When a link is clicked on the clients site, the router receives the request and modifies the url to get the data from my server etc. Is this an effective way to achieve what I want, or is it way off the mark.

  Read the article

• How far should one take e-mail address validation?

  - by Mike Tomasello

  I'm wondering how far people should take the validation of e-mail address. My field is primarily web-development, but this applies anywhere. I've seen a few approaches: simply checking if there is an "@" present, which is dead simply but of course not that reliable. a more complex regex test for standard e-mail formats a full regex against RFC 2822 - the problem with this is that often an e-mail address might be valid but it is probably not what the user meant DNS validation SMTP validation As many people might know (but many don't), e-mail addresses can have a lot of strange variation that most people don't usually consider (see RFC 2822 3.4.1), but you have to think about the goals of your validation: are you simply trying to ensure that an e-mail address can be sent to an address, or that it is what the user probably meant to put in (which is unlikely in a lot of the more obscure cases of otherwise 'valid' addresses). An option I've considered is simply giving a warning with a more esoteric address but still allowing the request to go through, but this does add more complexity to a form and most users are likely to be confused. While DNS validation / SMTP validation seem like no-brainers, I foresee problems where the DNS server/SMTP server is temporarily down and a user is unable to register somewhere, or the user's SMTP server doesn't support the required features. How might some experienced developers out here handle this? Are there any other approaches than the ones I've listed? Edit: I completely forgot the most obvious of all, sending a confirmation e-mail! Thanks to answerers for pointing that one out. Yes, this one is pretty foolproof, but it does require extra hassle on the part of everyone involved. The user has to fetch some e-mail, and the developer needs to remember user data before they're even confirmed as valid.

  Read the article

• Why do some machines respond with many RST packets instead of RST-ACK to refuse a connection?

  - by Michael J. Gray

  I have recently been trying to track down a problem with one of our systems and have noticed that it is simply not allowed to connect to a remote machine. However, the remote machine (not controlled by us) is responding to our request for a connection with many TCP RST packets on a different port (26469, 26497, 26498) than the one we originated on (53). It simply wouldn't let up at one point and flooded us with about 10 packets/second for an hour or two of only RST on those obscure high ports. Out of the thousands of nodes we're connecting to, this is the only one ever to show this behavior. What could possibly cause this? EDIT Below is a screenshot of Wireshark when it happened. I don't have the actual dump anymore and can't reproduce this specific scenario every time. Basically, we sent a SYN and immediately got RST on an odd port and so we respond with RST and just keep going back and forth.

  Read the article

• Quoted on MVA Voices

  A couple of weeks ago, I received an email from the Dean of Microsoft Virtual Academy (MVA) asking for permission to quote a statement I made during a jump start. Following is an excerpt from that request: "Dear Jochen, I would like to thank you for providing insight as to how the Advanced HTML5 Jump Start helped you improve your skills.  I mentioned this to the leadership team at MVA, and they were pleased to hear this so much that they would like your permission to use a quote from your email to me on the MVA website." Of course! I really enjoy those free MVA jump starts - live and later the recordings. Actually, I prefer the live ones because you really have a chance to communicate with the MVA studio team and the experts in the chat. Luckily, the live stream is provided in two quality levels and with the remote situation of Mauritius, I always have to switch to 'Standard Quality' to avoid too much buffering and to enjoy a smooth experience. Later on, the recordings are great for rehearsal and repetition of the material. You can download and watch them offline while commuting, or what I'm going to do in the future - to use them as material for a study group within the Mauritius Software Craftsmanship Community (MSCC). For sure, this is going to be a lot of fun, and I'm looking forward to work with other Windows-oriented software craftsmen in order to 'push' them towards Microsoft certifications. By chance, I discovered today that my quote has been published in the MVA Voices section: Click to enlarge: Screenshot of Microsoft Virtual Academy web site taken on 04.07.2013 Thank you very much, MVA - this made my day and I'm very happy to be quoted.

  Read the article

• Mod_rewrite issue with godaddy web hosting

  - by MrFoh

  Am trying to use laravel to build a site but my routes all redirect to the homepage. Apache error logs show this AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace. And the .htaccess file is this <IfModule mod_rewrite.c> Options -MultiViews Options +FollowSymLinks RewriteEngine On RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ index.php/$1 [L] </IfModule> The webroot has multiple sub-folders which are document roots for different domains. Am working with one of these sub-folders. What is causing this error and how can it be fixed

  Read the article

• A Web Service to collect data from local servers every hour

  - by anilerduran

  I'm trying to find a way to collect data from different servers around the world. Here are the details: There is only one single PowerShell script on servers that encrypts data (simple csv file) and sends with preferred method (HTTP/HTTPS Post could be) There is no more control on that servers. Can't install any service, process etc. Just I can configure script to execute every hour. This script also will have encrypted username/password/license key for every server. Script will compress data and send to me with these information. So I need a service (I'm not sure if Web Service is the rigth solution) on the cloud that will help me to: Will get data that is sent from servers using a method. Will authenticate request to recognize sender using license key/username/password and most importantly, Will redirect/send this filecab to my SQL Server on the cloud (Azure). Also it should seperate data according to customer information in license key. So every data for every customer will be stored in dedicated DB/Tables on my SQL All the processes above should be completed automatically. No way for manual steps. Question: A Web Service (SOAP or Restful) is the rigth solution for that?

  Read the article

• Apache Balancing by source IP

  - by Daniel

  I am using Apache's Proxy Balancer to balance one sub domain (e.g. subdomain.domain.com) to an application which is located on 2 servers. Here an extract from my Apache configuration file: <Proxy *> Order deny,allow Allow from all </Proxy> <Proxy balancer://cluster1> BalancerMember http://server1:28081 route=w1 BalancerMember http://server2:28082 route=w2 </Proxy> ProxyPass /path balancer://cluster1/path ProxyPassReverse /path balancer://cluster1/path My question is, if it's possible to decide with the source IP-address which BalancerMember should be used for the request? To e.g. Requests from 1.2.3.4 to Member 1?

  Read the article

• Looking for an example of how a software project can be managed/deployed

  - by rguilbault

  My company is evaluating adopting off-the-shelf ALM products to aid in our development lifecycle; we currently use our own homegrown solutions to manage requirements gathering, specification documentation, testing, etc. One of the issues I am having is understanding how to move code between stages of development. We have what we call a pipeline, which consists of particular stops: [Source] - [QC] - [Production] At the first stop, the developer works out a solution to some requested change and performs individual testing. When that process is complete (and peer review has been performed), our ALM system physically moves the affected programs from the [Source] runtime environment to the [QC] runtime environment. This movement of code is triggered by advancing the status of the change request to match the stage of the pipeline. I have been searching the internet for a few days trying to find how the process is accomplished elsewhere -- I have read a bit about builds, automated testing, various ALM products, etc. but nowhere does any of this state how builds interact with initial change requests, what the triggers are, how dependencies are managed, how the various forms of testing are accommodated (e.g. unit testing, integration testing, regression testing), etc. Can anyone point me to any resources detailing specific workflows or attempt to explain (generically) how a change could/should be tracked and moved though the development lifecycle? I'd be very appreciative. Note: I've cleaned up the question to hopefully make it easier to understand. Also, I found another question (which I can't find now) that referenced this book, which sounds like it might be exactly what I am looking for -- not sure if I want to shell out the cash for it, though.

  Read the article

• Firewall still blocking port 53 despite listing otherwise?

  - by Tom

  I have 3 nodes with virtually the same iptables rules loaded from a bash script, but one particular node is blocking traffic on port 53 despite listing it's accepting it: $ iptables --list -v Chain INPUT (policy DROP 8886 packets, 657K bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- lo any anywhere anywhere 2 122 ACCEPT icmp -- any any anywhere anywhere icmp echo-request 20738 5600K ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED 0 0 ACCEPT tcp -- eth1 any anywhere node1.com multiport dports http,smtp 0 0 ACCEPT udp -- eth1 any anywhere ns.node1.com udp dpt:domain 0 0 ACCEPT tcp -- eth1 any anywhere ns.node1.com tcp dpt:domain 0 0 ACCEPT all -- eth0 any node2.backend anywhere 21 1260 ACCEPT all -- eth0 any node3.backend anywhere 0 0 ACCEPT all -- eth0 any node4.backend anywhere Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 15804 packets, 26M bytes) pkts bytes target prot opt in out source destination nmap -sV -p 53 ns.node1.com // From remote server Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2011-02-24 11:44 EST Interesting ports on ns.node1.com (1.2.3.4): PORT STATE SERVICE VERSION 53/tcp filtered domain Nmap finished: 1 IP address (1 host up) scanned in 0.336 seconds Any ideas? Thanks

  Read the article

• google webmaster soft 404 on 301

  - by Daniel

  I'm looking through google webmaster that my page is generating soft 404 errors (https://support.google.com/webmasters/answer/181708?hl=en) google says: We recommend that you always return a 404 (Not found) or a 410 (Gone) response code in response to a request for a non-existing page But I've got redirects set up that handle old pages to redirect to the proper new pages using a 301. The website links changed because of a use of a framework, which allows it to be more consistent, but the old pages till have links out there to these. Should I be worried about this? IS google penalizing the site for this? (Using IIS 8, Tomcat, CF10, Win)

  Read the article

• Hostmonster can't change domains around?

  - by loneboat

  (question imported from http://superuser.com/q/204439/53847 ) Horrible title, but I couldn't think of a succinct way to summarize it to fit. I have HostMonster for my web hosting. I have several domain names under the same account (using the same web space, IP address, etc...). Every HM account has one domain set up as the "main domain", and all other domains are "secondary". The only way I have ever encountered this being an issue is in trying to use HTTPS - since (from my limited understanding) HTTPS encrypts headers, you can't route HTTPS requests to different virtual hosts on a server - only unencrypted requests, since it must look in the request to know where to route it. When I registered for my account, I only had one domain name (A). I have since added domain names (B), (C), (D), etc... At one point I switched domain name (B) to be my "main" domain name - so I could use HTTPS with it. I have since sold domain name (B), and would like to make domain name (A) my "main" one again (as it was before), but HM support says, "no, once a domain name has been a 'main' domain name on an account once, we can't set it up to be a 'main' domain name again. You're welcome to use domains (C), or (D), though.". They tell me the only way to reuse domain (A) as a "main" domain would be to set up a new account and transfer over all my files. I'm confused here. If I have domains (D), (E), and (F), they say I'm welcome to make one of them my new main domain name, just never (A) again, since I've already "used" it once. Calls to support only reveal that they can't let me do it because doing so would somehow "break" my account. Can anyone think of any good reason why this should be so? The only thing I can think is that maybe they're using the domain names as keys in some database or something? But if that's the case, that's ridiculous - they need to reorganize their databases!

  Read the article

• Blocking popups and ads

  - by user74364

  I'm having a fight with ads, popups and tracking cookies. But i'm having some issues. Software used: Chromium 18.0.1025.168 Extensions used: Adblock Plus (Beta)1.2 AdBlock+ Element Hiding Helper1.1.9.18 Better Pop Up Blocker2.1.6 Ghostery3.0.0 With this configuration, i'm always getting this error: Warning: This extension failed to modify a network request because the modification conflicted with another extension. I know if i disable "better popup", this goes away. It's perfectly normal, due to those extensions trying to block the same things. Problem is, i can't live without all of them! Can anyone advise me about some good configuration? Can't live without adblock plus, because i hate ads. Betterpopup blocker is essential too (believe me, chrome doesn't block a lot of popups, and i have a website or 2 that can proove that.) And ghostery is a must... i can't bare the idea of being tracked all the time by some companies. So i'm kinda lost here! everything is needed, but they conflict with each other. i mean, it has to exist a perfect combination out there, i know i'm not the only one hating the privacy issues nowadays! really thankful for any tips guys

  Read the article

• How to run a script in Ubuntu via SSH as superuser?

  - by Irinotecan

  So I have a script that needs to be executed remotely as root. This isn't a problem with most Linux distros since they have a root account. But since Ubuntu does not, executing anything as root requires a 2-step process of entering the account password twice - once to log in and once for sudo. The SSH process to launch the script is automated, so it cannot pause for user input for the second password request. Does anyone know, short of hacking Ubuntu to re-enable root (not an option), if unattended SSH script execution with superuser privilege on the target machine is possible? Also, having no experience with Debian, does Debian behave this way too?

  Read the article

• Using a random string to authenticate HMAC?

  - by mrwooster

  I am designing a simple webservice and want to use HMAC for authentication to the service. For the purpose of this question we have: a web service at example.com a secret key shared between a user and the server [K] a consumer ID which is known to the user and the server (but is not necessarily secret) [D] a message which we wish to send to the server [M] The standard HMAC implementation would involve using the secret key [K] and the message [M] to create the hash [H], but I am running into issues with this. The message [M] can be quite long and tends to be read from a file. I have found its very difficult to produce a correct hash consistently across multiple operating systems and programming languages because of hidden characters which make it into various file formats. This is of course bad implementation on the client side (100%), but I would like this webservice to be easily accessible and not have trouble with different file formats. I was thinking of an alternative, which would allow the use a short (5-10 char) random string [R] rather than the message for autentication, e.g. H = HMAC(K,R) The user then passes the random string to the server and the server checks the HMAC server side (using random string + shared secret). As far as I can see, this produces the following issues: There is no message integrity - this is ok message integrity is not important for this service A user could re-use the hash with a different message - I can see 2 ways around this Combine the random string with a timestamp so the hash is only valid for a set period of time Only allow each random string to be used once Since the client is in control of the random string, it is easier to look for collisions I should point out that the principle reason for authentication is to implement rate limiting on the API service. There is zero need for message integrity, and its not a big deal if someone can forge a single request (but it is if they can forge a very large number very quickly). I know that the correct answer is to make sure the message [M] is the same on all platforms/languages before hashing it. But, taking that out of the equation, is the above proposal an acceptable 2nd best?

  Read the article

< Previous Page | 361 362 363 364 365 366 367 368 369 370 371 372  | Next Page >