Search Results

Search found 1485 results on 60 pages for 'encrypted'.

Page 46/60 | < Previous Page | 42 43 44 45 46 47 48 49 50 51 52 53  | Next Page >

  • Can you create a HIPAA compliant Amazon S3 Web Application?

    - by xkingpin
    I am facing some questions when trying to design an S3 application using ASP.NET MVC and trying to stay HIPAA compliant. My initial plan was to require an SSL connection to my web server, encrypt the images on my server, then send them to s3 using my private keys. Here's my obvious concerns: You cannot store unencrypted images in any temporary file cache when client views images within the browser. Even if I setup an ashx to generically handle the image in memory, couldn't this get stored in cache? Saying the images will be encrpyted because you will be connecting to my server via https still does not guarantee all browsers will not cache data. It's not possible to even consider the "Query String" with expiration option since data will be encrypted before being stored on disk at s3, and will again be decrypted at my server in memory. I think my only option would be to write/purchase some sort of ActiveX component that will not expose the image as a simple html image source or write my app as a client side WinForm application.

    Read the article

  • How to create digital signature that can not be used to reproduce the message twice

    - by freediver
    I am creating a client-server application and I'd like to send data from server to client securely. Using public/private key algorithms makes sense and in PHP we can use openssl_sign and openssl_verify functions to check that the data came by someone who has the private key. Now imagine that one of the actions sent by server to client is destructive in nature. If somebody uses an HTTP sniffer to catch this command (which will be signed properly) how can I further protect the communication to ensure that only commands coming from our server get processed by the client? I was thinking about using current UTC time as part of the encrypted data but client time might be off. Is there a simple solution to the problem?

    Read the article

  • Service-Based Authentication Using Tokens

    - by jerhinesmith
    I'm having a tough time trying to find clear and concise examples of how one would implement a service-based authentication scheme using tokens. As far as I can tell, the basic steps are as follows: Client requests username/password from user Client passes username/password to identity provider Provider checks username/password and sends back a token if the user is valid Client does something with the token? The third and fourth step are where I'm getting stuck. I assume the "token" in this case just has to be either an encrypted string that the client can decrypt or some random string that gets stored somewhere (i.e. a database) that the client can then verify against, but I'm not really sure what the client is then supposed to do with the token or why you even need a token at all -- couldn't a simple user ID also suffice?

    Read the article

  • What is the current standard for authenticating Http requests (REST, Xml over Http)?

    - by CodeToGlory
    The standard should solve the following Authentication challenges like- Replay attacks Man in the Middle Plaintext attacks Dictionary attacks Brute force attacks Spoofing by counterfeit servers I have already looked at Amazon Web Services and that is one possibility. More importantly there seems to be two most common approaches: Use apiKey which is encoded in a similar fashion like AWS but is a post parameter to a request Use Http AuthenticationHeader and use a similar signature like AWS. Signature is typically obtained by signing a date stamp with an encrypted shared secret. This signature is therefore passed either as an apiKey or in the Http AuthenticationHeader. I would like to know weigh both the options from the community, who may have used one or more and would also like to explore other options that I am not considering. I would also use HTTPS to secure my services.

    Read the article

  • How do I program a hyperlink to include a username and password to the target site?

    - by Fred Griffith
    We have a website with a section restricted to members only. They log in and can view the website. Some of the information is stored on another server. We want that information to ONLY be accessible to those who have logged into the main website. What would be the best way to link the two sites, without making members log in again? Seems like there must be some way to send an encrypted username and password along with the URL in the hyperlink. Any ideas? Thank you in advance. Fred G.

    Read the article

  • PHP: Safe way to store decryptable passwords

    - by Jammer
    I'm making an application in PHP and there is a requirement that it must be possible to decrypt the passwords in order to avoid problems in the future with switching user database to different system. What encryption/decryption algorithm would you suggest? Is it good idea to just store the encrypted value and then compare the future authentication attempts to that value? Are the passwords still as safe as MD5/SHA1 when the private key is not available to the attacker (Hidden in USB drive for example)? I should still use salting, right? What encryption libraries should I use for PHP?

    Read the article

  • IPSec help on Windows 2003 please!!

    - by roacha
    Hey guys, I am trying to configure IPSec between a web and app server in our environment. I want all traffic between these two servers to use IPsec and be encrypted. These servers are on the same domain so i am currently using Kerebos for security, I have also tried pre-defined keys and nothing changed. When I try and ping between the servers I get "Negotiating IP Security" everytime. I have also confirmed that when I change "Require Security" to "Permit" everything works so IPSec is working, I believe its something with my security setup. Under the security tab both servers have the default 3DES keys first and then DES keys. I have also specified tunnel endpoints (the alternate server's IP). What am I missing? Thanks for any help..

    Read the article

  • How can I know if a file has been changed in .NET C#?

    - by Anthony D
    I have an application that requires a secure way to store its configuration. There are users that can change the configuration. I need some sort of signature scheme where I can verify that the config file has not changed with out a valid user. I had thought about using RSA, where the private key is encrypted with the users password, and the public key is used to sign the config. However there is nothing to prevent someone from changing the user file and adding their own public key, thus circumventing my security. Any ideas?

    Read the article

  • Can a proxy server cache SSL GETs? If not, would response body encryption suffice?

    - by Damian Hickey
    Can a (||any) proxy server cache content that is requested by a client over https? As the proxy server can't see the querystring, or the http headers, I reckon they can't. I'm considering a desktop application, run by a number of people behind their companies proxy. This application may access services across the internet and I'd like to take advantage of the in-built internet caching infrastructure for 'reads'. If the caching proxy servers can't cache SSL delivered content, would simply encrypting the content of a response be a viable option? I am considering all GET requests that we wish to be cachable be requested over http with the body encrypted using asymmetric encryption, where each client has the decryption key. Anytime we wish to perform a GET that is not cachable, or a POST operation, it will be performed over SSL.

    Read the article

  • Denying main links with .htaccess or anything else

    - by user1640660
    I'm using an encrypted php program with smarty template. I wanted to open links such as index.php?page=login to open with login.php, so I used Rewrite mode in .htaccesss, for example RewriteRule ^/*login.php$ /index.php?page=login [L] in a few pages there should be a query for errors such as RewriteRule ^/*support.php?(.+)$ /index.php?page=support&%{QUERY_STRING} [L] It works but I need to deny the main URLs so when users enters index.php?a=login manually nothing (or the main page) would show up and he should open the link only with /login.php. Is there a way to do this? A little help please...

    Read the article

  • Creating a function that will handle objects with common properties

    - by geocine
    Take this as an example I have trimmed this example for readability and you may not find the use of this concept here. class Teacher() { public Name {get; set;} public Salt {get; set;} public Department{get; set;} } class Student() { public Name {get; set;} public Salt {get; set;} public Section{get; set;} } public string GetEncryptedName(object Person) { //return encrypted name based on Name and Salt property return encrypt(object.Salt,object.Name) } callig the function GetEncryptedName(Teacher) GetEncryptedName(Student) How do you implement this kind of stuff?

    Read the article

  • Can Parallel.ForEach be used safely with CloudTableQuery

    - by knightpfhor
    I have a reasonable number of records in an Azure Table that I'm attempting to do some one time data encryption on. I thought that I could speed things up by using a Parallel.ForEach. Also because there are more than 1K records and I don't want to mess around with continuation tokens myself I'm using a CloudTableQuery to get my enumerator. My problem is that some of my records have been double encrypted and I realised that I'm not sure how thread safe the enumerator returned by CloudTableQuery.Execute() is. Has anyone else out there had any experience with this combination?

    Read the article

  • Decryption with the public key in iphone

    - by vignesh
    Hi all, I have a public key and an encrypted string. I could encrypt with publickey successfully.But when i try to decrypt using the publickey it fails. I mean when i pass the publickey seckeyDecrypt it fails. I have Googled and found out that by default kSecAttrCanDecrypt is false for public keys.So When i import the public key, i have added this particular line , [publicKeyAttr setObject:(id)kCFBooleanTrue forKey:(id)kSecAttrCanDecrypt]; But there is no improvement it still fails. Please somebody help.

    Read the article

  • Hashbytes comparison in stored proceduring not matching record

    - by Michael Itzoe
    The password field in my user table (SQL Server 2008) is encrypted using HASHBYTES on insertion. I have a stored procedure with parameters for the username and plain-text password which does a SELECT using that username and the password sent through HASHBYTES, then returns the user record if it finds a match. The SP is always returning an empty recordset, but if I copy and paste just the SELECT from the SP to a new query window, it returns the matched record. There're no other statements in the SP. I'm missing something here; what is it?

    Read the article

  • .NET desktop App remembering login to a webservice

    - by pete the pagan-gerbil
    I am in the planning stages of a .NET desktop app that will communicate with a web service. The web service requires a username and password, and a common feature in this sort of app is to save the user's credentials for the next logon. I've thought of a few ways of achieving this, but I am not sure what the most secure way would be. Should it be stored encrypted in a file (and could someone nefarious copy that file to their own machine and hence logon as the original person), or in the registry somehow (I've not done any registry work before, is it secure and would it work)? Are there any other options I might not have thought of?

    Read the article

  • decode mysql query before returning it to view

    - by stormdrain
    I'm running a query to mysql that returns encrypted data. I'd like, if possible, to decode the results before sending it to the view. It seems like better form to handle the decoding in the controller (or even the model) rather than inside the view. I can't seem to wrap my head around how to do it, though. I was thinking I could iterate through the object, decodode it, and push it to another array that would be sent to the view. Problem with this is I won't know (and need to keep) the indexes of the query. So the query might return something like: [id] => 742 [client_id] => 000105 [last] => dNXcw6mQPaGQ4rXfgIGJMq1pZ1dYAim0 [first] => dDF7VoO37qdtYoYKfp1ena5mjBXXU0K3dDlcq1ssSvCgpOx75y0A== [middle] =>iXy6OWa48kCamViDZFv++K6okIkalC0am3OMPcBwK8sA== [phone] => eRY3zBhAw2H8tKE Any ideas?

    Read the article

  • Running Services.msc as a different User C#

    - by Simon Mark Smith
    Hi, I have a requirement to create a simple windows forms application that allows an admin user to manage the Services on remote servers. We don't want to give the admins the usernames and passwords to the servers so these will be encrypted and stored in a database. My question is whether or not it is possible to spawn a Services.msc window when impersonating one of the users stored within the database? I have looked at the ProcessStartInfo class but because Services.msc is not an executable it does not seem to like executing this. Any ideas on a simple way of doing the actual impersonation and loading of Services.msc - say off a button click? Thanks

    Read the article

  • How to hash and salt passwords

    - by Henrik Skogmo
    I realize that this topic have been brought up sometimes, but I find myself not entirely sure on the topic just yet. What I am wondering about how do you salt a hash and work with the salted hash? If the password is encrypted with a random generated salt, how can the we verify it when the user tries to authenticate? Do we need to store the generated hash in our database as well? Is there any specific way the salt preferably should be generated? Which encryption method is favored to be used? From what I hear sha256 is quite alright. And lastly, would it be an idea to have the hash "re-salted" when the user authenticates? Thank you!

    Read the article

  • PAC with kerberoes

    - by Varun
    I am currently working on kerberoes, and for now have this doubt on PAC in MS-KILE kerberoes extension. Can pac included in pactype strcuture withtin authorization data, is meant for client to decrypt and decode. It seems (if my understanding is correct), that PAC is encrypted with target server's encryption key, which is known only to kdc and target server, and therefore, client just needs to forward that to server when requesting a service, and isn't suppose to decrypt and extract details about its credentails. Is there a way to try to decrypt this on the fly? ( is there sufficient information available in AS-REP for me extract and decrypt this?

    Read the article

  • Android and PHP - Do I need to use sessions?

    - by jtnire
    I have created an Android App that communicates with a PHP web server. They both send JSON to each other. My App is almost finished, however there is one thing left to do: authentication. Since the user's username and password will be stored in Android SharedPreferences, is there any need to use PHP sessions, given that the user won't need to enter the username/password at every request? Since I can just send the username and password in the HTTP POST header for every request, and that I will be using SSL, is this sufficient? I guess I could add an extra field in the header called 'random' that just adds a random value, just to use as a salt so that the encrypted SSL payload will be different everytime. The reason why I don't want to use sessions is that my Android App would either have to handle cookies, or managed the storage of the session ID. If there are some serious cons to using my method above, then I'm more than happy to use sessions, however all advice is appreciated. Thanks

    Read the article

  • Are SqlCipher open cursors a security concern?

    - by user1178479
    I'm using SqlCipher with content providers. Right now, when I want to lock the app I just clear out the cached password. However, the app can continue to work with any open cursors. This means that re-opening the app grants access to the sensitive data. I fix this issue on the surface by redirecting to a login screen if the app doesn't have passwords. However, I'm concerned if there are any security issues with these open cursors or if I should just continue to block UI access and not worry? SqlCipher's docs say that it reads/writes encrypted pages on the fly, as opposed to decrypting the entire DB, this makes me think that open cursors are still secure. The main concern here is that someone loses their phone and then a knowledgeable individual can use these open cursors to extract sensitive data.

    Read the article

  • Returning multiple datasets from a stored proc in VB

    - by Ryan Stephens
    I have an encrypted SQL Server stored proc that I run with (or the vb .net equivalent code of): declare @p4 nvarchar(100) set @p4=NULL declare @p5 bigint set @p5=NULL exec AA_PAY_BACS_EXPORT_RETRIEVE_S @PS_UserId=N'ADMN', @PS_Department=N'', @PS_PayFrequency=2, @PS_ErrorDescription=@p4 output select @p4, @p5 this returns 2 datasets and the output parameters for the results, the datasets are made up of various table joins etc, one holds the header record and one the detail records. I need to get the 2 datasets into a structure in VB .net (e.g. linq, sqldatareader, typed datasets) so that I can code with them, I don't know what tables any of this comes from and there are alot of them Whooopeee!!! I came close using Linq to SQL and IMultipleResults but got frustrated when I had to recode it every time I made a change to the designer file. My feelings are that there must be a simple way to do this, any ideas?

    Read the article

  • Can't download file in IE7 but there isn't any problem in Firefox, Chrome, etc..?

    - by levhita
    I have an script that receives an encrypted url and from that generates a download, the most critic par of the script is this: $MimeType = new MimeType(); $mimetype = $MimeType->getType($filename); $basename = basename($filename); header("Content-type: $mimetype"); header("Content-Disposition: attachment; filename=\"$basename\""); header('Content-Length: '. filesize($filename)); if ( @readfile($filename)===false ) { header("HTTP/1.0 500 Internal Server Error"); loadErrorPage('500'); } Downloads works as charm in any Browser except IE, I have seen problems related to 'no-cache' headers but I don't send anything like that, they talk about utf-8 characters, but there is not any utf-8 characters(and the $filename has not any utf-8 characteres neither).

    Read the article

  • Deploying BlackBerry Applications Across Environments

    - by sethxian
    Has anyone come up with a good solution for deploying BlackBerry applications across different environments? My example is storing URLs and Authentication information in code. In most cases, a developer is going to have a different set of URL's to test against when developing the application vs what the end user is going to hit. The idea is when I go to build for production, I have something swap out the environment settings for the target environment vs manually replacing environment specific code each time. I am currently using eclipse. The only thought I've come up with so far would be to use a resource with encrypted values and have that swap when I run my build. Any ideas?

    Read the article

  • SSL and Tomcat using Java

    - by Marquinio
    Hello all, I'm new to SSL connections so here goes my question. I have a desktop Java program in a JAR file. This JAR sends sensitive information over the internet to a remote Tomcat server. Of course I need to encrypt the data. If I purchase an SSL cerfiticate say from Verisign, will the data sent over SSL be automatically encrypted? I mean in my JAR, will I still need to do extra work like use Java encryption extensions API to manually encrypt my data over the SSL connection? Thank you.

    Read the article

< Previous Page | 42 43 44 45 46 47 48 49 50 51 52 53  | Next Page >