Search Results

Search found 11785 results on 472 pages for 'password protection'.

Page 376/472 | < Previous Page | 372 373 374 375 376 377 378 379 380 381 382 383 | Next Page >

tomcat 6.0.18 HTTPS not working

- by user180152

Hi, I am trying to configure tomcat for HTTPS on localhost. I am using self signed certification. I added folowing line of code to server.xml. <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" debug="0" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" SSLEngine="on" keystoreFile="path-to-keystore" keystorePass="password" /> I am getting following error in browser: An error occurred during a connection to localhost:8443. Peer reports it experienced an internal error. (Error code: ssl_error_internal_error_alert) Can anybody guide me to proper direction. Thanks.

Read the article
Security when writing a PHP webservice?

- by chustar

I am writing a web service in PHP for the first time and had ran into some security problems. 1) I am planning to hash passwords using md5() before I write them to the database (or to authenticate the user) but I realize that to do that, I would have to transmit the password in plaintext to the server and hash it there. Because of this I thought of md5()ing it with javascript client side and then rehashing on the server but then if javascript is disabled, then the user can't login, right? 2) I have heard that anything that when the action is readonly, you should use GET but if it modifies the database, you should use POST. Isn't post just as transparent as GET, just not in the address bar?

Read the article
How to read modelstate errors when returned by Json?

- by user281180

How can I display modelstate errors returned by Json ? I want to do somthing like that... if (!ValidateLogOn(Name, currentPassword)) { ModelState.AddModelError("_FORM", "Username or password is incorrect."); //Return a json object to the javascript return Json(new { ModelState }); } What must be my code in the view to read the modelstate errors and display them? My actual code in the view is as follows to read the Json values: function createCategoryComplete(e) { var obj = e.get_object(); alert(obj.Values); }

Read the article
Does anyone have an updated version of the SQLite .NET assembly, ie. SQLite 3.6.23.1 + possibly .NET

- by Lasse V. Karlsen

I'm at my wits end with the best .NET assembly version of SQLite, the one found at http://sqlite.phxsoftware.com. The only maintainer doesn't seem to have the time to update the library and it generally takes months, if not more, for newer versions to surface. Luckily, he has published the source code, so I'm hoping that someone else has made his/her own copy of it, and made the changes, and would be willing to share a copy. I've seen comments on the forums for the library to this effect, but sadly even the forum software seems to be grinding to a halt these days as password reminder emails seems to be lost to the big void, so I can't ask the few there that has said they have done it. So I'm here, hopefully the big userbase of StackOverflow can help. What I'm looking for: Updated with the latest changes to SQLite, ie. SQLite version 3.6.23.1 Possibly built for .NET 4.0 (I can do that if I can get a copy of working source) Does anyone have, or know of anyone, that has done this?

Read the article
Unrecognized authentication type when doing an Auth to Exchange from Rails

- by blakeage

I'm getting this error when trying to authenticate with Exchange Server from Ruby on Rails: 504 5.7.4 Unrecognized authentication type config.action_mailer.raise_delivery_errors = true config.action_mailer.perform_deliveries = true config.action_mailer.delivery_method = :smtp config.action_mailer.smtp_settings = { :address => "x.x.x.x", :port => 25, :user_name => "xxdomain\xxuser", :password => "xxxxxx", :authentication => :login, :enable_starttls_auto => true } I've tried all sorts of combinations of configuration settings, including changing the settings to use "plain" authentication, adding the domain, setting enable_starttls_auto to true, false, and removing it entirely, removing the port. Nothing has worked. Any ideas?

Read the article
Are SqlCipher open cursors a security concern?

- by user1178479

I'm using SqlCipher with content providers. Right now, when I want to lock the app I just clear out the cached password. However, the app can continue to work with any open cursors. This means that re-opening the app grants access to the sensitive data. I fix this issue on the surface by redirecting to a login screen if the app doesn't have passwords. However, I'm concerned if there are any security issues with these open cursors or if I should just continue to block UI access and not worry? SqlCipher's docs say that it reads/writes encrypted pages on the fly, as opposed to decrypting the entire DB, this makes me think that open cursors are still secure. The main concern here is that someone loses their phone and then a knowledgeable individual can use these open cursors to extract sensitive data.

Read the article
Best way to Store Passwords, User information/Profile data and Photo/Video albums for a social websi

- by Nick

Need some help figuring out how to best Store Passwords, User information/Profile data and Photo/Video albums for a social website? For photos/videos the actual photo/video + even encrypting the URL with the IDs to the photo/videos so other users cannot figure it out. Creating a site like myspace and designing retirement documents but i am unsure how to specify the security requirements for the database. Two things: 1) Protect from outside users 2) Protect all these from employees being able to access this info For #2, the additional question is: If we encrypt the user info and password so even the system admins cannot get in, how can we retrieve the user data tomorrow if someone flags the user's account as spam and admin needs to check it out or if law enforcement wants info on a user? Thanks.

Read the article
How to hash and salt passwords

- by Henrik Skogmo

I realize that this topic have been brought up sometimes, but I find myself not entirely sure on the topic just yet. What I am wondering about how do you salt a hash and work with the salted hash? If the password is encrypted with a random generated salt, how can the we verify it when the user tries to authenticate? Do we need to store the generated hash in our database as well? Is there any specific way the salt preferably should be generated? Which encryption method is favored to be used? From what I hear sha256 is quite alright. And lastly, would it be an idea to have the hash "re-salted" when the user authenticates? Thank you!

Read the article
Understanding CGI and SQL security from the ground up

- by Steve

This question is for learning purposes. Suppose I am writing a simple SQL admin console using CGI and Python. At http://something.com/admin, this admin console should allow me to modify a SQL database (i.e., create and modify tables, and create and modify records) using an ordinary form. In the least secure case, anybody can access http://something.com/admin and modify the database. You can password protect http://something.com/admin. But once you start using the admin console, information is still transmitted in plain text. So then you use HTTPS to secure the transmitted data. Questions: To describe to a learner, how would you incrementally add security to the least secure environment in order to make it most secure? How would you modify/augment my three (possibly erroneous) steps above? What basic tools in Python make your steps possible? Optional: Now that I understand the process, how do sophisticated libraries and frameworks inherently achieve this level of security?

Read the article
Access Authentication

- by youssef

I wanna know, how I can set user name and password for each user in TortoiseSVN and I already did these steps to made repository: - Created a file then created repository in this file. - Changed " svnserve.conf " in conf file. - Then set all user and them passwd in conf file. - I changed authz to access my repository also including in conf file. I try and try to Authentication many of users for each project but as file not Http. I hope to someone help me in this issue.

Read the article
Hot to log in to a website using installed twill?

- by brilliant

Hello, everybody!!!! I have just successfully installed TWILL on my computer with the help of one very supportive member of "StackOverflow" (you can check it out HERE) and have tried to run one of the simple examples on the twill documentation page (you can see that page HERE). Here is that example: Let's say my username on www.slash.org is lynxye and my password is mammal. When I try to enter that exanple code into my Python prompt, I can only enter the first line of the code bexcause when I click on "Enter" to start a new line, I get some error messages right away: The same happens when I try to enter this code into my terminal: I think I miss out on some basics here. Perhaps, I need to create a file that would contain that code and then run that file somehow, but I really don't know where I need to create that file and with what extensdion. Can anyone, please, help me with this?

Read the article
PHP cookie removal in FireFox 14.0.1

- by sepoto

<?php session_start(); $_SESSION['logged_in'] = false; setcookie("dsgpassword127", $password, time()-3600); /* expire the cookie */ setcookie("dsgemail127", $email, time()-3600); /* expire the cookie */ session_destroy(); header("location: index.php"); ?> The code above which works very well in Chrome will not remove the cookies in FireFox 14.0.1. I am wondering why this is, if anyone has experienced the same problem or if there is a solution to this conundrum I am in when it comes to expiring these cookies.... Thank you.

Read the article
how to stop lightbox from closeing after submit button is clicked?

- by Mahmoud

hey all i am using lightbox to show an enlarge image of the thumbnail images, where in each enlarged image there is a submit button, when that button is clicked it addes to jcart and refreshes the pages, for demo please visit secure.sabayafrah.com username = mahmud password = mahmud now as you can see when you click at the thumbnail lightbox well show you an enlarge image in a bubble, where there is an submit image below the enlarged image if it was clicked it must add to cart and not refresh the page. i am using jcart as add to cart and lightbox to enlarge the images i asked so many people and all suggested that i use jquery live but i never used ajax so i am stuck here is it possible if yes is their a demo or a code well do this feature

Read the article
How to configure .NET test assembly to use website web.config?

- by Morten Christiansen

I've run into a problem setting up Selenium tests for an ASP.NET MVC project in cases where I need the settings provided in the web.config of the site under test. The problem is that I want to create a dummy user before running the test and this causes an error saying that the password-answer supplied is invalid. This is due to the test assembly not using the web.config, instead using default values for membership configuration. I've tried to copy the relevant section (membership configuration) into the app.config of the assembly without luck, but I admit I'm just grasping at straws here.

Read the article
Preventing dictionary attacks on a web application

- by Kevin Pang

What's the best way to prevent a dictionary attack? I've thought up several implementations but they all seem to have some flaw in them: Lock out a user after X failed login attempts. Problem: easy to turn into a denial of service attack, locking out many users in a short amount of time. Incrementally increase response time per failed login attempt on a username. Problem: dictionary attacks might use the same password but different usernames. Incrementally increase response time per failed login attempt from an IP address. Problem: easy to get around by spoofing IP address. Incrementally increase response time per failed login attempt within a session. Problem: easy to get around by creating a dictionary attack that fires up a new session on each attempt.

Read the article
Crowdsourcing translation for mobile developers?

- by superg

I am developing applications for mobile phones with different operating systems (Android, Symbian, iPhone). Applications are sold internationally so they need to be translated to different languages in addition to english version. I assume most mobile developers do the translations using some paid external service each time. This approach does not look very cost-effective to me. Would it make sense to have a website where simple translations would be done using crowdsourcing (other developers)? Most strings in mobile applications are very simple and short, for example "OK, "Cancel", "Are you sure?", "Please enter your password". Also the same strings are used in hundreds of applications. Instead of paying for translating all strings, developers could save money by only buying their difficult application specific translations. Does anyone agree with this idea? I have seen many opensource projects doing the translations succesfully using volunteers.

Read the article
grails mail connection refused

- by mkoryak

it seems i have tried the mail config in the way that its docs said, but still i get: Error 500: Executing action [x] of controller [x] caused exception: Mail server connection failed; nested exception is javax.mail.MessagingException: Could not connect to SMTP I am using google apps for my email so [email protected] is using gmail. i cannot get grails to send out a test message on my dev box (win 7). my config is: host = "smtp.gmail.com" port = 465 username = "[email protected]" password = "x" props = ["mail.smtp.auth":"true", "mail.smtp.debug":"true", "mail.smtp.starttls.enable":"true", "mail.smtp.socketFactory.port":"465", "mail.smtp.socketFactory.class":"javax.net.ssl.SSLSocketFactory", "mail.smtp.socketFactory.fallback":"false"]

Read the article
MySQL command-line tool: How to find out number of rows affected by a DELETE?

- by ambivalence

I'm trying to run a script that deletes a bunch of rows in a MySQL (innodb) table in batches, by executing the following in a loop: mysql --user=MyUser --password=MyPassword MyDatabase < SQL_FILE where SQL_FILE contains a DELETE FROM ... LIMIT X command. I need to keep running this loop until there's no more matching rows. But unlike running in the mysql shell, the above command does not return the number of rows affected. I've tried -v and -t but neither works. How can I find out how many rows the batch script affected? Thanks!

Read the article
How to give anonymous access to site in IIS ?

- by Lalit

Hi, I want to give the anonymous access to my deployed site on IIS. i checked in Directory Security by right clicking on site in IIS there is checked the box Enable Anonymous access.also there is user IUSR_MySERVER is there. but still it is asking for user name & pwd. why. I don't want to ask any uname and pwd when site accessing. What to do? please help. I fact my application is, i am importing the Excel sheet from file location in my applicatiom. When i saying browse it run perfect . But when i say Import , it asking for the username and password. on Click of Import button I am reading Excelsheet in datatable by interop services. What should this problem should be?

Read the article
Java String to SHA1

- by AeroDroid

I'm trying to make a simple String to SHA1 converter in Java and this is what I've got... public static String toSHA1(byte[] convertme) { MessageDigest md = null; try { md = MessageDigest.getInstance("SHA-1"); } catch(NoSuchAlgorithmException e) { e.printStackTrace(); } return new String(md.digest(convertme)); } When I pass it toSHA1("password".getBytes()), I get "[?a?????%l?3~??." I know it's probably a simple encoding fix like UTF-8, but could someone tell me what I should do to get what I want which is "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8"? Or am I doing this completely wrong? Thanks a lot!

Read the article
Google Contacts Data API and PHP

- by pako

I'm developing a PHP application to retrieve the list of contacts from a GMail account. I'm looking for a solution which would enable the user of my application to provide the login and password to their Gmail account in my application (as opposed to getting redirected to Google) and then automatically do the retrieval. The retrieval process can be run in PHP or JavaScript (which would then feed the list of contacts back to PHP using Ajax). Is it possible to do that? Which JavaScript API should I use for that? Can someone point me at the right chapter in Google Contacts Data API documentation?

Read the article
How to eliminate authentication on my MVC app that is called from asp.net forms app

- by Mark Kadlec

Curious what recommendations anyone has. I have an existing asp.net forms application that does a Forms Authentication and has identity impersonate turned on. The application has a link to a questionnaire that I would like to develop separately in an asp.net MVC application, but I don't want the users to click on the link and be prompted for a username and password, I would like them to be able seamless start filling out the questionnaire. Is there a way to somehow transfer authentication from one .net app to another? I would like to be able to pass stuff like UserRole. What's the best way to do this?

Read the article
Seeking FOSS user admin code

- by Mawg

It must be a fairly standard wheel, so I'd rather not reinvent it. Create/modify/delete users. Ditto their passwords & maybe enforce password change every X days. Also, create groups, like "sales", "support", etc and add/remove users. The only unique part should be what they have permission to do (visit certain parts of the site after login, etc) And I'd like to store admin data in an ODBC compliant database (MySql to start with, but I may move on). Is this a new wheel? There doesn't seem to be much of anything on SourceForge, but if I could find something established and trusted I wouldn't even mind paying a few $100 as a trade of for the time needed to develop & test it.

Read the article
Need to copy remotely hosted file via Shell Command

- by pnm123

There is a file that hosted remotely on a server that is not supporting Shell Access. I bought a new server that supports Shell Access so now I want to copy a file that is on the non-supporting server to new server via a Shell Command using Putty. File url is like this http://www.domain.com/file.gzip and it is username/password protected. To be more specific, I want to copy a backup of a home directory from cPanel to my new server via Shell command. I have done this few months ago but I don't remember it now and also I failed to Google it.

Read the article
Web Form based login in Java

- by BrunoLM

How can I block access to the site if a user is not logged in? Under web.xml Security I checked Form authentication then I selected Login and Error page, but I don't know how to block the access and redirect the user to the login page. Do I need a filter? If so, how can I get the login url I specified? And how should I call the validation method? I saw in some examples this code <form method=post action="j_security_check"> <input type="text" name="j_username" /> <input type="password" name="j_password" /> </form> What does it do?

Read the article

< Previous Page | 372 373 374 375 376 377 378 379 380 381 382 383 | Next Page >