Search Results

Search found 1485 results on 60 pages for 'encrypted'.

Page 47/60 | < Previous Page | 43 44 45 46 47 48 49 50 51 52 53 54  | Next Page >

  • How do I secure password parameters in RESTful web service URIs?

    - by adam
    i'm a newbie to server-side programming, so please forgive me if this gets messy. i've been contracted to create a web service to allow authenticated users to access a database. users have to enter a login and password. been reading and reading about REST vs SOAP, and i thought i'd settled on a RESTful design when i came across this statement: "Data that needs to be secure should not be sent as parameters in URIs." this seems like a major demerit against a RESTful approach. i'm aware that with https the password would be encrypted to prevent man-in-the-middle interception, but that leaves the server logs and client history as possible exposure points. is there a RESTful solution out there for this problem, or do i need to go SOAPy? any advice appreciated.

    Read the article

  • Howto convert to string and read data from TCP packet

    - by salime
    I used sharppcap to capture TCP packets. Now i wanna reconstruct HTTP packet from TCP packets but i don't know how. I read somewhere i can find start of HTTP packet in TCP data... i tried to convert byte[] TCP data to string using this code: string s = System.Text.Encoding.UTF8.GetString(tcp_pack.Data); but the string isn't readable. like a binary file that is opened with notepad. is it because the data is encrypted or code is incorrect? how can i reconstruct HTTP packet from TCP packets?

    Read the article

  • Replacing backslashes in Python strings

    - by user323659
    I have some code to encrypt some strings in Python. Encrypted text is used as a parameter in some urls, but after encrypting, there comes backslashes in string and I cannot use single backslash in urllib2.urlopen. I cannot replace single backslash with double. For example: print cipherText '\t3-@\xab7+\xc7\x93H\xdc\xd1\x13G\xe1\xfb' print cipherText.replace('\\','\\\\') '\t3-@\xab7+\xc7\x93H\xdc\xd1\x13G\xe1\xfb' Also putting r in front of \ in replace statement did not worked. All I want to do is calling that kind of url: http://awebsite.me/main?param="\t3-@\xab7+\xc7\x93H\xdc\xd1\x13G\xe1\xfb" And also this url can be successfully called: http://awebsite.me/main?param="\\t3-@\\xab7+\\xc7\\x93H\\xdc\\xd1\\x13G\\xe1\\xfb" Any idea will be appreciated.

    Read the article

  • How to show the animation without exposing the code?

    - by bonCodigo
    There's an animation done in jQuery within jsfiddle. I do not have a website as of now to "implant" it and share the URL. I also can't give the jsfiddle. So how can I share my animation to the audience without showing the code? Does github or any other facility tools allow locking the code and showing the final product without having a website, yet I could get a URL for the audience to view it? I regret for the rookie-question in this context as I am still new to web stuff. EDIT: jsFiddle shows 3 code windows along the results :html, css, js. My requirement is to only show the results window to the audience and by all means to hide codes and leads via URL to the codes. Ideal solution demands a results to be shown and URL that is encrypted (at best).

    Read the article

  • C# connectionString encryption questions

    - by 5YrsLaterDBA
    I am learning how to encrypt the ConnectionString for our C# (3.5) Application. I read the .Net Framwork Developer Guide (http://msdn.microsoft.com/en-us/library/89211k9b(VS.80).aspx) about securing connection string. but not fully understand the contents. It says "The connection string can only be decrypted on the computer on which it was encrypted." We have a release machine which will build our application which will generate the OurApp.exe.config and then install it to many product machines. Is that meam we have to have this encryption process separated with our application and run it at individual product machine? We may use the "RSAProtectedConfigurationProvider". It mentioned we need encryption key for that provider. when and how we should provide the encryption key? thanks,

    Read the article

  • Best choice for off-site backup: dd vs tar

    - by plok
    I have two 1TB single-partition hard disks configured as RAID1, of which I would like to make an off-site backup on a third disk, which I am still to buy. The idea is to store the backup at a relative's house, considerably far away from my place, in the hope that all the information will be safe in the case of a global thermonuclear apocalypse. Of course, this backup would be well encrypted. What I still have to decide is whether I am going to simply tar the entire partition or, instead, use dd to create an image of the disks. Is there any non-trivial difference between these two approaches that I could be overlooking? This off-site backup would be updated no more than two or three times a year, in the best of the cases, so performance should not be a factor to be pondered at all. What, and why, would you use if you were me? dd, tar, or a third option?

    Read the article

  • Problems with system() calls in Linux

    - by Thomas
    I'm working on a init for an initramfs in C++ for Linux. This script is used to unlock the DM-Crypt w/ LUKS encrypted drive, and set the LVM drives to be available. Since I don't want to have to reimplement the functionality of cryptsetup and gpg I am using system calls to call the executables. Using a system call to call gpg works fine if I have the system fully brought up already (I already have a bash script based initramfs that works fine in bringing it up, and I use grub to edit the command line to bring it up using the old initramfs). However, in the initramfs it never even acts like it gets called. Even commands like system("echo BLAH"); fail. So, does anyone have any input?

    Read the article

  • Append all logs to /var/log

    - by iCy
    Application scenario: I have the (normal/permanent) /var/log mounted on an encrypted partition (/dev/LVG/log). /dev/LVG/log is not accessible at boot time, it needs to be manually activated later by su from ssh. A RAM drive (using tmpfs) is mounted to /var/log at init time (in rc.local). Once /dev/LVG/log is activated, I need a good way of appending everything in the tmpfs to /dev/LVG/log, before mounting it as /var/log. Any recommendations on what would be a good way of doing so? Thanks in advance!

    Read the article

  • Windows Server 2008 R2 Service Pack 1 issue

    - by saj
    Net 4.0 websites running on a Windows Server 2008 R2 server using IIS 7.0. The websites allows Single Sign on via an encrypted token passed in a query string e.g. www.mywebsite.com?token=1159CE30A4ED1148E86D779AC7A1CF4DC75CCEC7213401D13CA181A2ED1C29A8. However, after installing Service Pack 1; SSO has stopped working and the website redirects to www.mywebsite.com. The redirect occurs before any code is hit. No idea what is causing this and any ideas would be much appreciated.

    Read the article

  • MySQL Accept Any Password

    - by George
    Suppose that I have a test server with a large group of test accounts. The test accounts have unknown passwords which are hard-coded into the application's reports and are stored encrypted in the mysql.users table. Is there any option or hack which can be used to make mysql accept any text as the "correct" password for an account? For example: Update mysql.user Set Password="*" where 1=1 Note: The above line wouldn't work because it would literally set the password to "*" and not the wildcard character. However, I am looking for a way to create a mysql account which would accept anything as a valid password. This machine is disconnected from the network and I have full access to the mysql database...

    Read the article

  • Encrypt/ Decrypt text file in Delphi?

    - by Hemant Kothiyal
    Hi i would like to know best encryption technique for text file encryption and ecryption. My Scenario: I have software having two type of users Administartor and Operators. Our requirement is to encrypt text file when Administrator enter data using GUI and save it. That encrypted file would be input for Operator and they just need to select it and use that file. Here file should be automatically decrypt data for further calculation when Operator select those files. Please help me which encryption/ decryption technique should i use?

    Read the article

  • How does HTTP Analyzer works?

    - by Rampage
    Halo, i am interest in methods, which http analyzer uses to capture data. I would like to write program which saves emails sent via web based clients. The problem is https and HTTP Analyzer solves it, but i dont know how. I got one interesting answer on my question before, but it doesnt reveal as much as i would like to know. Programs like HTTP Analyzer can catch the HTTPS data because they insert themselves in the HTTPS stack. As a result, they get the data after it's generated but before it's being encrypted and put in IP packets. This is highly non-trivial. How it is possible to make? If you have any interesting articles solving this issue, please let me know.

    Read the article

  • How to ReHash a password stored into my Database ? (PHP)

    - by Vincent Roye
    Hi! I have some passwords encrypted in my database and I would like to find a way to display them. Here is how they are saved into my mysql database: function generateHash($plainText, $salt = null){ if ($salt === null) { $salt = substr(md5(uniqid(rand(), true)), 0, 25); } else { $salt = substr($salt, 0, 25); } return $salt . sha1($salt . $plainText); } $secure_pass = generateHash($this->clean_password); Then $secure_pass is saved into my database. Anyone would have an idea ?? Thank you very much ;)

    Read the article

  • How to access website CMS with only access to database

    - by user1741615
    I have a website that uses an "in-house" cms and I don't know the login details. The platform itself doesn't have the "reset your password" functionality. I do have access to ftp and phmyadmin and I found the SQL table containing the user details, but of course the password is MD5 encryption. I tried manually creating a user in php my admin and filling in a password encrypted in MD5 (used a md service online for that), but it still doesn't work. Does anybody know other tricks I can use? Thanks.

    Read the article

  • .Net SQL Server Connection String - hide password from other developers

    - by Chris Klepeis
    We're migrating one of our sites to ASP.Net. We do not want to use integrated security, which uses the windows account to connect to sql server (not going to get into why, its just out of the question). We created a username and password to connect to SQL Server, and would like to use that username and password, however, we also do not want other developers to see this information (easily read from the web.config).... I know it can be encrypted, but it can just as easily be decrypted by the developers - plus encryption has a performance hit. Is there any solution to this problem?

    Read the article

  • Why is using a Non-Random IV with CBC Mode a vulnerability?

    - by The Rook
    I understand the purpose of an IV. Specifically in CBC mode this insures that the first block of of 2 messages encrypted with the same key will never be identical. But why is it a vulnerability if the IV's are sequential? According to CWE-329 NON-Random IV's allow for the possibility of a dictionary attack. I know that in practice protocols like WEP make no effort to hide the IV. If the attacker has the IV and a cipher text message then this opens the door for a dictionary attack against the key. I don't see how a random iv changes this. (I know the attacks against wep are more complex than this.) What security advantage does a randomized iv have? Is this still a problem with an "Ideal Block Cipher"? (A perfectly secure block cipher with no possible weaknesses.)

    Read the article

  • Don't know how to encrypt database using SQLCipher

    - by Armaan
    I have included SQLCipher into my project exactly like explained in this link: http://sqlcipher.net/ios-tutorial/ But I am not sure how to encrypt the database I have read description from above link but not getting. Actually what I am doing is if application is opening first time then it will copy the database(i.e. without encryption) to the document directory. One more thing my database is blank when copying from bundle to document directory. I have tried to use sqlite3_key function after opening the database but nothing is encrypted. But I didn't found something like how to encrypt database when copying from bundle to document directory. I am planning to use FMDB so it would be better to reply according to that. Please guide me how to do that or point to direction if is there any tutorial for it. Also suggest what should be the standard approach to do that.

    Read the article

  • Read a file to multiple array byte[]

    - by hankol
    I have an encryption algorithm (AES) that accepts file converted to array byte and encrypt it. Since I am going to process a very big size files, the JVM may go out of memory. I am planing to read the files in multiple array byte. each containing some part of the file. Then I teratively feed the algorithm. Finally merge them to produce encrypted file. So my question is: there any way to read a file part by part to multiple array byte? I thought I can use the following to read the file to array byte: IOUtils.toByteArray(InputStream input). And then split the array into multiple bytes using: Arrays.copyOfRange(). But I am afraid that the first code that reads file to byte will make the JVM to go out of memory. any suggestion please ? thanks

    Read the article

  • How to authenticate a user using SQL

    - by Tom
    I have an DLL which is constantly connected to a SQL Server instance. The server itself is connected with "admin" permissions, but "normal" users should be able to access the server with their own username and password. The server would still be connected a "admin". I just want to check if the user can access the database. Is there a way to authenticate the user using a SQL query? It would of course be possible to add a encrypted "password" column to a database table for users, but I would prefer not having to do that.

    Read the article

  • How can I gzinflate and save the inflated data without running it? (Found what I think is a trojan o

    - by Rob
    Well, not my server. My friend found it and sent it to me, trying to make sense of it. What it appears to be is a PHP IRC bot, but I have no idea how to decode it and make any sense of it. Here is the code: <?eval(gzinflate(base64_decode('some base 64 code here')))?> So I decoded the base64, and it output a ton of strange characters, I'm guessing either encrypted or a different file type, like when you change a .jpg to a .txt and open it. But I have no idea how to decode this and determine its source. Any help?

    Read the article

  • C or C++: how do loaders/wrappers work?

    - by guitar-
    Here's an example of what I mean... User runs LOADER.EXE program LOADER.EXE downloads another EXE but keeps it all in memory without saving it to disk Runs the downloaded EXE just as it would if it were executed from disk, but does it straight from memory I've seen a few applications like this, and I've never seen an example or an explanation of how it works. Does anyone know? Another example is having an encrypted EXE embedded in another one. It gets extracted and decrypted in memory, without ever being saved to disk before it gets executed. I've seen that one used in some applications to prevent piracy.

    Read the article

  • database encryption questions

    - by 5YrsLaterDBA
    We are using Sybase SQL Anywhere 11. We need to encrypt some of our tables in our database. I followed the instruction and did it. We selected the "strong" option with encryptionKey and AES256_FIPS algorithm. But there are something I am not clear about them. It will require encryptonKey when we create the database, remove the database and start the database server but it will NOT require encryptionKey when we stop the database server and connect to the server to create tables and add data. Why there is NO encryptionKey asked when we connect to it or try to stop the server? I am doing something wrong? don't know how to test the encryption? I still can see all plain text in the encrypted tables when I use Sybase Central tool. If somebody knows the database user name and password, he/she can connect to the database and read the content without the encryptionKey. is this right?

    Read the article

  • What Java tools/apis to use for decrypting/encrypting

    - by Java_bear
    I am trying to decrypt (and later encrypt) an email message (ebXML). The message contains a Signature element that contains child elements to specify the SignedInfo, SignatureValue and KeyInfo. Also, the message contains an encrypted attachment. Question: What Java tools/apis should be used for decrypting? I would like to find some tool/api that would (automagically) instantiate objects based on whatever is included with the Signature element, so that the data (message) could be easily validated. And the other way around: Creating objects (specifying methods, signature value and keyinfo) and then outputting the xml to go into the message.

    Read the article

  • level of control of the os on the phone hardware

    - by gurnisht
    Hello. I am new to Android and mobile phones development. I want to develop an application that needs to have a total control over the "phone" of the smartphone, i.e. controlling all the communication of the GSM chip with the cellular system, accessing the SIM card identity that it sends (encrypted) to the cellular system, disabling the cellular antenna and resuming it back, and more of that kind... Can it be done with Android? Does the software (OS) have control over all of the phone components in a smartphone, or there are some parts that are done in the hardware level only? (I guess that the Android API won't enable me to do everything i want, but even theoretically is it possible if I recompile the OS after making the changes there?) Thanks!

    Read the article

  • How To Securly Store Data In MySQL Using AES_ENCRYPT

    - by Justin
    We are storing sensitive data in MySQL, and I want to use AES_ENCRYPT(data, 'my-secret-key-here') which works great. My biggest question is how do I secure the key? Previously I just wast storing the key in a web PHP file, so something like: define("ENCRYPTION_KEY", 'my-secret-key-here'); This really doesn't work though, as our MySQL server and web server are the same physical machine, so if somebody gains access to the server, they can get both the encrypted data stored in MySQL and the key. Any ideas? I am thinking I need to move the key to a separate server, and read it in remotely. Or, what about generating the encryption key dynamically for each piece of data. For example taking the customer_id and running md5 on it, and then using that as the key.

    Read the article

< Previous Page | 43 44 45 46 47 48 49 50 51 52 53 54  | Next Page >