Search Results

Search found 6535 results on 262 pages for '3d secure'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 57/262 | < Previous Page | 53 54 55 56 57 58 59 60 61 62 63 64  | Next Page >

  • Gathering entropy in web apps to create (more) secure random numbers

    - by H M
    after several days of research and discussion i came up with this method to gather entropy from visitors (u can see the history of my research here) when a user visits i run this code: $entropy=sha1(microtime().$pepper.$_SERVER['REMOTE_ADDR'].$_SERVER['REMOTE_PORT']. $_SERVER['HTTP_USER_AGENT'].serialize($_POST).serialize($_GET).serialize($_COOKIE)); note: pepper is a per site/setup random string set by hand. then i execute the following (My)SQL query: $query="update `crypto` set `value`=sha1(concat(`value`, '$entropy')) where name='entropy'"; that means we combine the entropy of the visitor's request with the others' gathered already. that's all. then when we want to generate random numbers we combine the gathered entropy with the output: $query="select `value` from `crypto` where `name`='entropy'"; //... extract(unpack('Nrandom', pack('H*', sha1(mt_rand(0, 0x7FFFFFFF).$entropy.microtime())))); note: the last line is a part of a modified version of the crypt_rand function of the phpseclib. please tell me your opinion about the scheme and other ideas/info regarding entropy gathering/random number generation. ps: i know about randomness sources like /dev/urandom. this system is just an auxiliary system or (when we don't have (access to) these sources) a fallback scheme.

    Read the article

  • Does HTML5 make Javascript gaming safer (more secure)?

    - by Sean Madigan
    I know that Javascript is an incredibly unsecure way of programming a persistent game, where for instance you are doing battle calculations in an RPG and then award XP through linking to a PHP page when they win that adds XP to a database (since the player could make their own javascript to always win or just look at the PHP page that you get sent to when you win and just go there anyway). So with that said, I'm wondering if HTML5 makes multiplayer/persistent games any safer in this regard, since I know it still uses Javascript. Or am I still doomed to rely entirely on server-side scripting for doing any calculations that award the player?

    Read the article

  • Where to place web.xml outside WAR file for secure redirect?

    - by Silverhalide
    I am running Tomcat 7 and am deploying a bunch of applications delivered to me by a third party as WAR files. I'd like to force some of those apps to always use SSL. (All the "SSL" apps are in one service; other apps outside this discussion are in another service.) I've figured out how to use conf\web.xml to redirect apps from HTTP to HTTPS, but that applies to all applications hosted by Tomcat. I've also figured out how to put web.xml in an unpacked app's web-inf directory; that does the trick for that specific app, but runs the risk of being overwritten if our vendor gives us a new war file to deploy. I've also tried placing the web.xml file in various places under conf\service\host, or under appbase, but none seem to work. Is it possible to redirect some apps to SSL without forcing all apps to redirect, or to put the web.xml file inside the extracted WAR file? Here's my server.xml: <Service name="secure"> <Connector port="80" connectionTimeout="20000" redirectPort="443" URIEncoding="UTF-8" enableLookups="false" compression="on" protocol="org.apache.coyote.http11.Http11Protocol" compressableMimeType="text/html,text/xml,text/plain,text/javascript,application/json,text/css"/> <Connector port="443" URIEncoding="UTF-8" enableLookups="false" compression="on" protocol="org.apache.coyote.http11.Http11Protocol" compressableMimeType="text/html,text/xml,text/plain,text/javascript,application/json,text/css" scheme="https" secure="true" SSLEnabled="true" sslProtocol="TLS" keystoreFile="..." keystorePass="..." keystoreType="PKCS12" truststoreFile="..." truststorePass="..." truststoreType="JKS" clientAuth="false" ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_AES_128_CBC_SHA"/> <Engine name="secure" defaultHost="localhost"> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/> <Host name="localhost" appBase="webapps" unpackWARs="false" autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false"> </Host> </Engine> </Service> <Service name="mutual-secure"> ... </Service> The content of the web.xml files I'm playing with is: <web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0" metadata-complete="true"> <security-constraint> <web-resource-collection> <web-resource-name>All applications</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <description>Redirect all requests to HTTPS</description> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> </web-app> (For conf\web.xml the security-constraint is added just before the end of the existing file, rather than create a new file.) My webapps directory (currently) contains only the WAR files.

    Read the article

  • PHP REMOTE_ADDR and secure sessions

    - by Christopher McCann
    One of the ways I have used to make securer sessions in the past is to also record the clients IP address and user agent at the handshake. Each time the client moves a page and calls session_start() I also check that the IP address and user agent stored is still the same to prevent hiijacking. But if someone is connecting from say a company network then all the users will probably have the same external static IP address and they could also really easily be using the same user agent. Is there other metrics I can use which are local only to the physical machine? Thanks

    Read the article

  • Amazon S3 as secure backup without multiple invoices

    - by Tom Viner
    I'm storing copies of database backups on Amazon S3 using the Python Boto library. But I worry that if my web server was hacked, those backups could be deleted using the credentials I need to do the upload. Ok, so I know you can grant permissions to another Amazon email address, so I can imagine doing that after an upload then removing the original user's write access BUT in this scenario I now end up with 2 accounts and 2 sets of invoices to give to accounts every month. Is there a solution to this that doesn't require a new Amazon account for each web server I run?

    Read the article

  • C++ String tokenisation from 3D .obj files

    - by Ben
    I'm pretty new to C++ and was looking for a good way to pull the data out of this line. A sample line that I might need to tokenise is f 11/65/11 16/70/16 17/69/17 I have a tokenisation method that splits strings into a vector as delimited by a string which may be useful static void Tokenise(const string& str, vector<string>& tokens, const string& delimiters = " ") The only way I can think of doing it is to tokenise with " " as a delimiter, remove the first item from the resulting vector, then tokenise each part by itself. Is there a good way to do this all in one?

    Read the article

  • Secure automated SSH/SFTP after reboot

    - by mozillalives
    I need to give a daemon ssh access to a particular server. Currently I have it setup to use ssh keys and a keychain, but the trouble with this method is if a reboot occurs. Unless I'm missing something, I would need to login after a system reboot and add the key to the keychain. Is there a way I could avoid/automate this? I'm considering using expect if I can't find any other way.

    Read the article

  • What are some arguments to support the position that the Dojo JavasScript library is secure, accessi

    - by LES2
    We have developed a small web application for a client. We decided on the Dojo framework to develop the app (requirements included were full i18n and a11y). Originally, the web app we developed was to be a "prototype", but we made the prototype production quality anyway, just in case. It turns out that the app we developed (or a variant of it) is going to production (many months hence), but it's so awesome that the enterprise architecture group is a little afraid. 508c compliant is a concern, as is security for this group. I now need to justify the use of Dojo to this architecture group, explicitly making the case that Dojo does not pose a security risk and that Dojo will not hurt accessibility (and that Dojo is there to help meet core requirements). Note: the web app currently requires JavaScript to be turned on and a stylesheet to work. We use a relatively minor subset of Dojo: of course, dojo core, and dijit.form.Form, ValidationTextBox and a few others. We do use dojox.grid.DataGrid (but no drag N drop or editable cells, which are not fully a11y). I have done some research of my own, of course, but I any information or advice you have would be most helpful. Regards, LES2

    Read the article

  • Making AJAX calls secure

    - by iamdadude
    What happens if a user looks at my JavaScript file, copies the content of a function and sends a request to my server using AJAX? And is there a way to properly protect against this from happening?

    Read the article

  • How to secure images with Rails?

    - by NotDan
    I have a gallery in my rails app that needs to only allow certain images to be shown to specific, logged in users. I am using Paperclip for image processing now, but it saves all images in a public folder available to anyone. Note that I don't have to use Paperclip if there is a better way, and I already have the login system in place. I just need a way to place the images in a non-public location, but still be able to serve them as needed. Is it possible to only allow these images to be served to authenticated users?

    Read the article

  • Ball Bouncing effect in Unity 3d

    - by Mythili
    hii How to bring a ball bouncing effect on different surfaces like wood, water,mud sand, and metal. In unity, i tried it by using bouncy material.In all surfaces the ball bouncing effect is same. I dont know how to differentiate the surfaces

    Read the article

  • Issue with transparent texture on 3D primitive, XNA 4.0

    - by Bevin
    I need to draw a large set of cubes, all with (possibly) unique textures on each side. Some of the textures also have parts of transparency. The cubes that are behind ones with transparent textures should show through the transparent texture. However, it seems that the order in which I draw the cubes decides if the transparency works or not, which is something I want to avoid. Look here: cubeEffect.CurrentTechnique = cubeEffect.Techniques["Textured"]; Block[] cubes = new Block[4]; cubes[0] = new Block(BlockType.leaves, new Vector3(0, 0, 3)); cubes[1] = new Block(BlockType.dirt, new Vector3(0, 1, 3)); cubes[2] = new Block(BlockType.log, new Vector3(0, 0, 4)); cubes[3] = new Block(BlockType.gold, new Vector3(0, 1, 4)); foreach(Block b in cubes) { b.shape.RenderShape(GraphicsDevice, cubeEffect); } This is the code in the Draw method. It produces this result: As you can see, the textures behind the leaf cube are not visible on the other side. When i reverse index 3 and 0 on in the array, I get this: It is clear that the order of drawing is affecting the cubes. I suspect it may have to do with the blend mode, but I have no idea where to start with that.

    Read the article

  • Chrome 22 disponible : une version dédiée aux jeux 3D en ligne, API Pointer Lock et améliorations pour Windows 8 et écrans Retina

    Chrome 22 disponible : une version destinée aux FPS et jeux 3D en ligne Support de l'API « Pointer Lock » et améliorations pour Windows 8 et écrans Retina Google ne cesse d'améliorer son navigateur qui devient une véritable plateforme polyvalente. La firme met à jour son navigateur Web Chrome afin qu'il soit plus exploitable par les adeptes et développeurs de FPS (jeux de tirs subjectifs) et de jeux 3D en ligne. [IMG]http://ftp-developpez.com/gordon-fowler/Chrome%20Logo.png[/IMG] Google vient de sortir une nouvelle version "majeure" et stable de Chrome, 22 au compteur. Celle-ci inclut désormais le support pour l'API JavaScript « Pointer...

    Read the article

  • Will 3D games run in a VirtualBox4-hosted Windows system under Ubuntu with Intel GMA X4500HD card?

    - by Ivan
    I've just got a laptop with Intel GMA X4500HD card (which is said to be DirectX10-compliant, while my previous laptop had Intel 82852/855GM and no chance to play modern 3D games at all). It would be nice if I could play some games (like HalfLife 2, StarCraft 2, Fallout 3) from time to time (while I am ok using lo-fi settings and having low performance) but as I strongly prefer Ubuntu environment and don't need Windows usually I'd like to install Windows inside VirtualBox instead of using a dedicated partition and dual-boot. So the question is if VirtualBox can use 3D acceleration of Intel GMA X4500HD if run on Ubuntu.

    Read the article

  • Symfony: Routing 'secure' and 'login' actions to another application

    - by Darmen
    Hello, Suppose we have 3 apps - appMain, app1 and app2. Applications 1 and 2 are protected, they have is_secure: true and everything works fine with sfDoctrineGuard plugin. A behavior I want to achieve is when a user is not authenticated, current application to forward him to another one, say appMain with defined module and action. Is that possible? Or can someone tell me where to dig about security mechanisms in symfony?

    Read the article

  • How secure is .htaccess protected pages

    - by Steven smethurst
    Are there any known flaws with htaccess protected pages? I know they are acceptable to brute force attacks as there is no limit to the amount of times someone can attempt to login. And a user can uploaded and execute a file on the server all bets are off... Anything other .htaccess flaws?

    Read the article

  • Best Practices For Secure APIs?

    - by Ferrett Steinmetz
    Let's say I have a website that has a lot of information on our products. I'd like some of our customers (including us!) to be able to look up our products for various methods, including: 1) Pulling data from AJAX calls that return data in cool, JavaScripty-ways 2) Creating iPhone applications that use that data; 3) Having other web applications use that data for their own end. Normally, I'd just create an API and be done with it. However, this data is in fact mildly confidential - which is to say that we don't want our competitors to be able to look up all our products every morning and then automatically set their prices to undercut us. And we also want to be able to look at who might be abusing the system, so if someone's making ten million complex calls to our API a day and bogging down our server, we can cut them off. My next logical step would be then to create a developers' key to restrict access - which would work fine for web apps, but not so much for any AJAX calls. (As I see it, they'd need to provide the key in the JavaScript, which is in plaintext and easily seen, and hence there's actually no security at all. Particularly if we'd be using our own developers' keys on our site to make these AJAX calls.) So my question: after looking around at Oauth and OpenID for some time, I'm not sure there is a solution that would handle all three of the above. Is there some sort of canonical "best practices" for developers' keys, or can Oauth and OpenID handle AJAX calls easily in some fashion I have yet to grok, or am I missing something entirely?

    Read the article

  • How to secure connection strings in VS?

    - by salvationishere
    I see several others have posted this question, however, none of the solutions I've tried have fixed this yet. I have a 32-bit XP running VS 2008 and I am trying to encrypt my connection string in my web.config file. But I am getting the error: The configuration section '...' was not found. Failed! The command I give it: C:\Program Files\Microsoft Visual Studio 9.0\VCAspnet_regiis.exe -pe "system.we b/AdventureWorksConnectionString2" -app "/Documents and Settings/Admin/My Docume nts/Visual Studio 2008/Projects/AddFileToSQL2" Also, how does -app map virtual directory? In other words the path above is the directory right below c:. Is this the correct path to use? And AddFileToSQL2 is the name of my project, although it is part of the AddFileToSQL solution. I have this folder web shared with all of the permissions. And the relevant part of my web.config file: <add name="AdventureWorksConnectionString2" connectionString="Data Source=SIDEKICK;Initial Catalog=AdventureWorks;Persist Security Info=true; User ID=AdventureWorks;Password=sqlMagic" providerName="System.Data.SqlClient" />

    Read the article

  • XNA 2D/3D Drawing method?

    - by Adir
    What would be a better parctice, writing the drawing method inside the GameObject class or in the Game class? GameObject obj = new GameObject(); obj.Draw(); Or GameObject obj = new GameObject(); DrawGameObject(obj);

    Read the article

  • Jagged Array in C (3D)

    - by Daniel
    How could I do the following? double layer1[][3] = { {0.1,0.1,0.8}, {0.1,0.1,0.8}, {0.1,0.1,0.8}, {0.1,0.1,0.8} }; double layer2[][5] = { {0.1,0.1,0.1,0.1,0.8} }; double *upper[] = {layer1, layer2}; I read the following after trying different ideas; to no avail. jagged array in c I understand (I hope) that double **upper[] = {layer1, layer2}; Is similar to what I'd like, but would not work because the layers are not arrays of pointers. I am using C intentionally. I am trying to abstain from doing this (which works). double l10[] = {0.1,0.1,0.8}; //l11 etc double *l1[] = {l10,l11,l12,l13}; double l20[] = {0.1,0.1,0.1,0.1,0.8}; double *l2[] = {l20}; double **both[] = {l1, l2};

    Read the article

  • WebGL 1.0, spécification finalisée pour la bibliothèques d'accélération 3D libre soutenue par Chrome, Firefox, Opera et Safari

    La spécification de WebGL 1.0 est finalisée Pour la bibliothèques d'accélération 3D libre soutenue par Chrome, Firefox, Opera et Safari Ces dernier temps, vous avez entendu parler de la mise en place de WebGL dans les nouvelles versions des différents navigateurs web. Comme vous devez déjà le savoir, Firefox 4, Google Chrome 9 (rendez-vous à l'adresse "about:flags" pour activer WebGL supportent la nouvelle technologie (également soutenue par Apple pour Safari et par Opera). Khronos, un consortium de constructeurs de cartes graphiques (NVidia, AMD, Imagination Technologies, ...) et de différents grand acteurs dans le monde de la 3D (Activision, Epic Games, ...) annonce dur...

    Read the article

  • C# Create "wireframe"/3D "map"

    - by Qrew
    How can I produce a similar output in C# window forms in the easiest way? Each individual points should be "editable" by pressing some keys to increment or decrement and navigate trough it with arrow keys. Is there a good library for this purpose?

    Read the article

  • Cross domain secure cookie usage?

    - by asdasda
    I have a website that came with a SSL site for HTTPS but its on a different server. Example being my website: http://example.com my SSL site: http://myhostingcompany.com/~myuseraccount/ So I can do transactions over HTTPS and we have user accounts and everything but it is located on a different domain. The cookie domain is set for that one. Is there a way I can check on my actual site to see if a cookie is set for the other one? And possibly grab its data and auth a user? I think this violates a major principle of security and can't be done for good reasons, but am i wrong? is this possible?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 53 54 55 56 57 58 59 60 61 62 63 64  | Next Page >