Search Results

Search found 305 results on 13 pages for 'salt racer'.

Page 6/13 | < Previous Page | 2 3 4 5 6 7 8 9 10 11 12 13  | Next Page >

  • When is it safe to use a broken hash function?

    - by The Rook
    It is trivial to use a secure hash function like SHA256 and continuing to use md5 is reckless behavior. However, there are some complexities to hash function vulnerabilities that I would like to better understand. Collisions have been generated for md4 and md5. According to NIST md5() is not a secure hash function. It only takes 2^39th operations to generate a collision and should never be used for passwords. However SHA1 is vulnerable to a similar collision attack in which a collision can be found in 2^69 operations, where as brute force is 2^80th. No one has generated a sha1 collision and NIST still lists sha1 as a secure message digest function. So when is it safe to use a broken hash function? Even though a function is broken it can still be "big enough". According to Schneier a hash function vulnerable to a collsion attack can still be used as an HMAC. I believe this is because the security of an HMAC is Dependant on its secret key and a collision cannot be found until this key is obtained. Once you have the key used in a HMAC its already broken, so its a moot point. What hash function vulnerabilities would undermine the security of an HMAC? Lets take this property a bit further. Does it then become safe to use a very weak message digest like md4 for passwords if a salt is perpended to the password? Keep in mind the md4 and md5 attacks are prefixing attacks, and if a salt is perpended then an attacker cannot control the prefix of the message. If the salt is truly a secret, and isn't known to the attacker, then does it matter if its a appended to the end of the password? Is it safe to assume that an attacker cannot generate a collision until the entire message has been obtained? Do you know of other cases where a broken hash function can be used in a security context without introducing a vulnerability? (Please post supporting evidence because it is awesome!)

    Read the article

  • What's the best practice for taking MySQL dump, encrypting it and then pushing to s3?

    - by HalogenCreative
    This current project requires that the DB be dumped, encrypted and pushed to s3. I'm wondering what might be some "best practices" for such a task. As of now I'm using a pretty straight ahead method but would like to have some better ideas where security is concerned. Here is the start of my script: mysqldump -u root --password="lepass" --all-databases --single-transaction > db.backup.sql tar -c db.backup.sql | openssl des3 -salt --passphrase foopass > db.backup.tarfile s3put backup/db.backup.tarfile db.backup.tarfile # Let's pull it down again and untar it for kicks s3get surgeryflow-backup/db/db.backup.tarfile db.backup.tarfile cat db.backup.tarfile | openssl des3 -d -salt --passphrase foopass |tar -xvj Obviously the problem is that this script everything an attacker would need to raise hell. Any thoughts, critiques and suggestions for this task will be appreciated.

    Read the article

  • Beware: Upgrade to ASP.NET MVC 2.0 with care if you use AntiForgeryToken

    - by James Crowley
    If you're thinking of upgrading to MVC 2.0, and you take advantage of the AntiForgeryToken support then be careful - you can easily kick out all active visitors after the upgrade until they restart their browser. Why's this?For the anti forgery validation to take place, ASP.NET MVC uses a session cookie called "__RequestVerificationToken_Lw__". This gets checked for and de-serialized on any page where there is an AntiForgeryToken() call. However, the format of this validation cookie has apparently changed between MVC 1.0 and MVC 2.0. What this means is that when you make to switch on your production server to MVC 2.0, suddenly all your visitors session cookies are invalid, resulting in calls to AntiForgeryToken() throwing exceptions (even on a standard GET request) when de-serializing it: [InvalidCastException: Unable to cast object of type 'System.Web.UI.Triplet' to type 'System.Object[]'.]   System.Web.Mvc.AntiForgeryDataSerializer.Deserialize(String serializedToken) +104[HttpAntiForgeryException (0x80004005): A required anti-forgery token was not supplied or was invalid.]   System.Web.Mvc.AntiForgeryDataSerializer.Deserialize(String serializedToken) +368   System.Web.Mvc.HtmlHelper.GetAntiForgeryTokenAndSetCookie(String salt, String domain, String path) +209   System.Web.Mvc.HtmlHelper.AntiForgeryToken(String salt, String domain, String path) +16   System.Web.Mvc.HtmlHelper.AntiForgeryToken() +10  <snip> So you've just kicked all your active users out of your site with exceptions until they think to restart their browser (to clear the session cookies). The only work around for now is to either write some code that wipes this cookie - or disable use of AntiForgeryToken() in your MVC 2.0 site until you're confident all session cookies will have expired. That in itself isn't very straightforward, given how frequently people tend to hibernate/standby their machines - the session cookie will only clear once the browser has been shut down and re-opened. Hope this helps someone out there!

    Read the article

  • BasicAuthProvider in ServiceStack

    - by Per
    I've got an issue with the BasicAuthProvider in ServiceStack. POST-ing to the CredentialsAuthProvider (/auth/credentials) is working fine. The problem is that when GET-ing (in Chrome): http://foo:pwd@localhost:81/tag/string/list the following is the result Handler for Request not found: Request.HttpMethod: GET Request.HttpMethod: GET Request.PathInfo: /login Request.QueryString: System.Collections.Specialized.NameValueCollection Request.RawUrl: /login?redirect=http%3a%2f%2flocalhost%3a81%2ftag%2fstring%2flist which tells me that it redirected me to /login instead of serving the /tag/... request. Here's the entire code for my AppHost: public class AppHost : AppHostHttpListenerBase, IMessageSubscriber { private ITagProvider myTagProvider; private IMessageSender mySender; private const string UserName = "foo"; private const string Password = "pwd"; public AppHost( TagConfig config, IMessageSender sender ) : base( "BM App Host", typeof( AppHost ).Assembly ) { myTagProvider = new TagProvider( config ); mySender = sender; } public class CustomUserSession : AuthUserSession { public override void OnAuthenticated( IServiceBase authService, IAuthSession session, IOAuthTokens tokens, System.Collections.Generic.Dictionary<string, string> authInfo ) { authService.RequestContext.Get<IHttpRequest>().SaveSession( session ); } } public override void Configure( Funq.Container container ) { Plugins.Add( new MetadataFeature() ); container.Register<BeyondMeasure.WebAPI.Services.Tags.ITagProvider>( myTagProvider ); container.Register<IMessageSender>( mySender ); Plugins.Add( new AuthFeature( () => new CustomUserSession(), new AuthProvider[] { new CredentialsAuthProvider(), //HTML Form post of UserName/Password credentials new BasicAuthProvider(), //Sign-in with Basic Auth } ) ); container.Register<ICacheClient>( new MemoryCacheClient() ); var userRep = new InMemoryAuthRepository(); container.Register<IUserAuthRepository>( userRep ); string hash; string salt; new SaltedHash().GetHashAndSaltString( Password, out hash, out salt ); // Create test user userRep.CreateUserAuth( new UserAuth { Id = 1, DisplayName = "DisplayName", Email = "[email protected]", UserName = UserName, FirstName = "FirstName", LastName = "LastName", PasswordHash = hash, Salt = salt, }, Password ); } } Could someone please tell me what I'm doing wrong with either the SS configuration or how I am calling the service, i.e. why does it not accept the supplied user/pwd? Update1: Request/Response captured in Fiddler2when only BasicAuthProvider is used. No Auth header sent in the request, but also no Auth header in the response. GET /tag/string/AAA HTTP/1.1 Host: localhost:81 Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8,sv;q=0.6 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: ss-pid=Hu2zuD/T8USgvC8FinMC9Q==; X-UAId=1; ss-id=1HTqSQI9IUqRAGxM8vKlPA== HTTP/1.1 302 Found Location: /login?redirect=http%3a%2f%2flocalhost%3a81%2ftag%2fstring%2fAAA Server: Microsoft-HTTPAPI/2.0 X-Powered-By: ServiceStack/3,926 Win32NT/.NET Date: Sat, 10 Nov 2012 22:41:51 GMT Content-Length: 0 Update2 Request/Response with HtmlRedirect = null . SS now answers with the Auth header, which Chrome then issues a second request for and authentication succeeds GET http://localhost:81/tag/string/Abc HTTP/1.1 Host: localhost:81 Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8,sv;q=0.6 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: ss-pid=Hu2zuD/T8USgvC8FinMC9Q==; X-UAId=1; ss-id=1HTqSQI9IUqRAGxM8vKlPA== HTTP/1.1 401 Unauthorized Transfer-Encoding: chunked Server: Microsoft-HTTPAPI/2.0 X-Powered-By: ServiceStack/3,926 Win32NT/.NET WWW-Authenticate: basic realm="/auth/basic" Date: Sat, 10 Nov 2012 22:49:19 GMT 0 GET http://localhost:81/tag/string/Abc HTTP/1.1 Host: localhost:81 Connection: keep-alive Authorization: Basic Zm9vOnB3ZA== User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8,sv;q=0.6 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: ss-pid=Hu2zuD/T8USgvC8FinMC9Q==; X-UAId=1; ss-id=1HTqSQI9IUqRAGxM8vKlPA==

    Read the article

  • Oracle Fusion Middleware 12c Updates (2013/10/17)

    - by Hiro
    Oracle Fusion Middleware 12c Media Pack ?????2013/10/17 ???????????????? 1. Oracle Tuxedo?? Oracle Tuxedo System and Applications Monitor Plus 12c Release 1 (12.1.1.1) for Oracle Tuxedo 9.1 for Linux x86 (32-bit) Oracle Tuxedo System and Applications Monitor Plus 12c Release 1 (12.1.1.1) for Oracle Tuxedo 9.1 for HP-UX PA-RISC (32-bit) Oracle Tuxedo System and Applications Monitor Plus 12c Release 1 (12.1.1.1) for Oracle Tuxedo 11.1.1.2.0 for HP-UX Itanium (64-bit) Oracle Service Architecture Leveraging Tuxedo (SALT) 12cR1 (12.1.1.0) for HP-UX Itanium (64-bit) ??????????????? ???3????????????????·?????????????????????????????? (OS)???????Oracle Tuxedo 9.1, ????11.1.1.2.0 ????????????????Oracle Tuxedo System and Applications Monitor Plus (TSAM Plus) 12c?????? ???Oracle Service Architecture Leveraging Tuxedo (SALT) 12c???HP-UX Itanium????????????? 2. Data Integration?? Oracle Data Integrator 12c (12.1.2.0.0) Oracle Enterprise Data Quality 9.0.8 ??????????????? Oracle Data Integrator 12c????????????????? ????????????????·???????????????????????????·???????????????????????????? ???????????? Oracle GoldenGate???????????????E-LT (Extract, Load, Transform) ???????·?????????????·???????????????????????????????? ???·??????????·?????????????????????????????????????????·????????????????????????? Oracle Warehouse Builder???????????????????????????????Oracle Data Integrator?????????????????? Oracle Enterprise Manager Cloud Control 12c?????????????????IT??????? ????????????????????????????????????????????????·????????? ???(??)????·???????Oracle Data Integrator 12c????Oracle GoldenGate 12c??????????????????? ????????Oracle Data Integrator??????(??)?????·???????????????????????????? ?????

    Read the article

  • How to do MVC the right way

    - by Ieyasu Sawada
    I've been doing MVC for a few months now using the CodeIgniter framework in PHP but I still don't know if I'm really doing things right. What I currently do is: Model - this is where I put database queries (select, insert, update, delete). Here's a sample from one of the models that I have: function register_user($user_login, $user_profile, $department, $role) { $department_id = $this->get_department_id($department); $role_id = $this->get_role_id($role); array_push($user_login, $department_id, $role_id); $this->db->query("INSERT INTO tbl_users SET username=?, hashed_password=?, salt=?, department_id=?, role_id=?", $user_login); $user_id = $this->db->insert_id(); array_push($user_profile, $user_id); $this->db->query(" INSERT INTO tbl_userprofile SET firstname=?, midname=?, lastname=?, user_id=? ", $user_profile); } Controller - talks to the model, calls up the methods in the model which queries the database, supplies the data which the views will display(success alerts, error alerts, data from database), inherits a parent controller which checks if user is logged in. Here's a sample: function create_user(){ $this->load->helper('encryption/Bcrypt'); $bcrypt = new Bcrypt(15); $user_data = array( 'username' => 'Username', 'firstname' => 'Firstname', 'middlename' => 'Middlename', 'lastname' => 'Lastname', 'password' => 'Password', 'department' => 'Department', 'role' => 'Role' ); foreach ($user_data as $key => $value) { $this->form_validation->set_rules($key, $value, 'required|trim'); } if ($this->form_validation->run() == FALSE) { $departments = $this->user_model->list_departments(); $it_roles = $this->user_model->list_roles(1); $tc_roles = $this->user_model->list_roles(2); $assessor_roles = $this->user_model->list_roles(3); $data['data'] = array('departments' => $departments, 'it_roles' => $it_roles, 'tc_roles' => $tc_roles, 'assessor_roles' => $assessor_roles); $data['content'] = 'admin/create_user'; parent::error_alert(); $this->load->view($this->_at, $data); } else { $username = $this->input->post('username'); $salt = $bcrypt->getSalt(); $hashed_password = $bcrypt->hash($this->input->post('password'), $salt); $fname = $this->input->post('firstname'); $mname = $this->input->post('middlename'); $lname = $this->input->post('lastname'); $department = $this->input->post('department'); $role = $this->input->post('role'); $user_login = array($username, $hashed_password, $salt); $user_profile = array($fname, $mname, $lname); $this->user_model->register_user($user_login, $user_profile, $department, $role); $data['content'] = 'admin/view_user'; parent::success_alert(4, 'User Sucessfully Registered!', 'You may now login using your account'); $data['data'] = array('username' => $username, 'fname' => $fname, 'mname' => $mname, 'lname' => $lname, 'department' => $department, 'role' => $role); $this->load->view($this->_at, $data); } } Views - this is where I put html, css, and JavaScript code (form validation code for the current form, looping through the data supplied by controller, a few if statements to hide and show things depending on the data supplied by the controller). <!--User registration form--> <form class="well min-form" method="post"> <div class="form-heading"> <h3>User Registration</h3> </div> <label for="username">Username</label> <input type="text" id="username" name="username" class="span3" autofocus> <label for="password">Password</label> <input type="password" id="password" name="password" class="span3"> <label for="firstname">First name</label> <input type="text" id="firstname" name="firstname" class="span3"> <label for="middlename">Middle name</label> <input type="text" id="middlename" name="middlename" class="span3"> <label for="lastname">Last name</label> <input type="text" id="lastname" name="lastname" class="span3"> <label for="department">Department</label> <input type="text" id="department" name="department" class="span3" list="list_departments"> <datalist id="list_departments"> <?php foreach ($data['departments'] as $row) { ?> <option data-id="<?php echo $row['department_id']; ?>" value="<?php echo $row['department']; ?>"><?php echo $row['department']; ?></option> <?php } ?> </datalist> <label for="role">Role</label> <input type="text" id="role" name="role" class="span3" list=""> <datalist id="list_it"> <?php foreach ($data['it_roles'] as $row) { ?> <option data-id="<?php echo $row['role_id']; ?>" value="<?php echo $row['role']; ?>"><?php echo $row['role']; ?></option> <?php } ?> </datalist> <datalist id="list_collection"> <?php foreach ($data['tc_roles'] as $row) { ?> <option data-id="<?php echo $row['role_id']; ?>" value="<?php echo $row['role']; ?>"><?php echo $row['role']; ?></option> <?php } ?> </datalist> <datalist id="list_assessor"> <?php foreach ($data['assessor_roles'] as $row) { ?> <option data-id="<?php echo $row['role_id']; ?>" value="<?php echo $row['role']; ?>"><?php echo $row['role']; ?></option> <?php } ?> </datalist> <p> <button type="submit" class="btn btn-success">Create User</button> </p> </form> <script> var departments = []; var roles = []; $('#list_departments option').each(function(i){ departments[i] = $(this).val(); }); $('#list_it option').each(function(i){ roles[roles.length + 1] = $(this).val(); }); $('#list_collection option').each(function(i){ roles[roles.length + 1] = $(this).val(); }); $('#list_assessor option').each(function(i){ roles[roles.length + 1] = $(this).val(); }); $('#department').blur(function(){ var department = $.trim($(this).val()); $('#role').attr('list', 'list_' + department); }); var password = new LiveValidation('password'); password.add(Validate.Presence); password.add(Validate.Length, {minimum: 10}); $('input[type=text]').each(function(i){ var field_id = $(this).attr('id'); var field = new LiveValidation(field_id); field.add(Validate.Presence); if(field_id == 'department'){ field.add(Validate.Inclusion, {within : departments}); } else if(field_id == 'role'){ field.add(Validate.Inclusion, {within : roles}) } }); </script> The codes above are actually code from the application that I'm currently working on. I'm working on it alone so I don't really have someone to review my code for me and point out the wrong things in it so I'm posting it here in hopes that someone could point out the wrong things that I've done in here. I'm also looking for some guidelines in writing MVC code like what are the things that should be and shouldn't be included in views, models and controllers. How else can I improve the current code that I have right now. I've written some really terrible code before(duplication of logic, etc.) that's why I want to improve my code so that I can easily maintain it in the future. Thanks!

    Read the article

  • Fusion Middleware 11gR1 : 6??????

    - by Hiroyuki Yoshino
    2010?6??Fusion Middleware 11gR1 ?????????????? ?????????????3??????? 1. Oracle Enterprise Single Sign-On ?????Microsoft Windows (32-bit), Microsoft Windows x64 ???????????????? 10g?????????????????????????????????????Logon Manager?64-bit???????????? ????·????????????????????????·????????Non Oracle LDAP Certification?????????????? 2. Oracle Tuxedo Oracle Tuxedo 11g???????????? 10g???Oracle Tuxedo System and Application Monitor (TSAM), Oracle Service Architecture Leveraging Tuxedo (SALT)??????????? ??????AIX on Power Systems, HP-UX Itanium, Linux x86, Linux x86-64, Microsoft Windows (32-bit), Microsoft Windows x64, Solaris SPARC (64-bit), Other Platforms ?????????????????????????????????? ????·?????????????????Oracle Tuxedo ? Platform Data Sheets, TSAM ? Supported Platforms, SALT ? Supported Platforms ?????????? 3. Application Adapters ???Mainframe Adapters, CDC Adapters????Application Adapters?11g????????????? JD Edwards, PeopleSoft, SAP, Siebel ??????????????????? ??????AIX on Power Systems, HP-UX Itanium, HP-UX PA-RISC, Linux x86, Linux x86-64, Microsoft Windows (32-bit), Microsoft Windows x64, Solaris SPARC (64-bit) ??????????????? ??????(??????????????????)????????·????????Adapter Certification?????????????? ????? ????????(Media Pack)??????????????(Media Pack)????????????????? (2010?6??????????????????????)

    Read the article

  • Please Critique this PHP Login Script

    - by NightMICU
    Greetings, A site I developed was recently compromised, most likely by a brute force or Rainbow Table attack. The original log-in script did not have a SALT, passwords were stored in MD5. Below is an updated script, complete with SALT and IP address banning. In addition, it will send a Mayday email & SMS and disable the account should the same IP address or account attempt 4 failed log-ins. Please look it over and let me know what could be improved, what is missing, and what is just plain strange. Many thanks! <?php //Start session session_start(); //Include DB config include $_SERVER['DOCUMENT_ROOT'] . '/includes/pdo_conn.inc.php'; //Error message array $errmsg_arr = array(); $errflag = false; //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return $str; } //Define a SALT, the one here is for demo define('SALT', '63Yf5QNA'); //Sanitize the POST values $login = clean($_POST['login']); $password = clean($_POST['password']); //Encrypt password $encryptedPassword = md5(SALT . $password); //Input Validations //Obtain IP address and check for past failed attempts $ip_address = $_SERVER['REMOTE_ADDR']; $checkIPBan = $db->prepare("SELECT COUNT(*) FROM ip_ban WHERE ipAddr = ? OR login = ?"); $checkIPBan->execute(array($ip_address, $login)); $numAttempts = $checkIPBan->fetchColumn(); //If there are 4 failed attempts, send back to login and temporarily ban IP address if ($numAttempts == 1) { $getTotalAttempts = $db->prepare("SELECT attempts FROM ip_ban WHERE ipAddr = ? OR login = ?"); $getTotalAttempts->execute(array($ip_address, $login)); $totalAttempts = $getTotalAttempts->fetch(); $totalAttempts = $totalAttempts['attempts']; if ($totalAttempts >= 4) { //Send Mayday SMS $to = "[email protected]"; $subject = "Banned Account - $login"; $mailheaders = 'From: [email protected]' . "\r\n"; $mailheaders .= 'Reply-To: [email protected]' . "\r\n"; $mailheaders .= 'MIME-Version: 1.0' . "\r\n"; $mailheaders .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; $msg = "<p>IP Address - " . $ip_address . ", Username - " . $login . "</p>"; mail($to, $subject, $msg, $mailheaders); $setAccountBan = $db->query("UPDATE ip_ban SET isBanned = 1 WHERE ipAddr = '$ip_address'"); $setAccountBan->execute(); $errmsg_arr[] = 'Too Many Login Attempts'; $errflag = true; } } if($login == '') { $errmsg_arr[] = 'Login ID missing'; $errflag = true; } if($password == '') { $errmsg_arr[] = 'Password missing'; $errflag = true; } //If there are input validations, redirect back to the login form if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header('Location: http://somewhere.com/login.php'); exit(); } //Query database $loginSQL = $db->prepare("SELECT password FROM user_control WHERE username = ?"); $loginSQL->execute(array($login)); $loginResult = $loginSQL->fetch(); //Compare passwords if($loginResult['password'] == $encryptedPassword) { //Login Successful session_regenerate_id(); //Collect details about user and assign session details $getMemDetails = $db->prepare("SELECT * FROM user_control WHERE username = ?"); $getMemDetails->execute(array($login)); $member = $getMemDetails->fetch(); $_SESSION['SESS_MEMBER_ID'] = $member['user_id']; $_SESSION['SESS_USERNAME'] = $member['username']; $_SESSION['SESS_FIRST_NAME'] = $member['name_f']; $_SESSION['SESS_LAST_NAME'] = $member['name_l']; $_SESSION['SESS_STATUS'] = $member['status']; $_SESSION['SESS_LEVEL'] = $member['level']; //Get Last Login $_SESSION['SESS_LAST_LOGIN'] = $member['lastLogin']; //Set Last Login info $updateLog = $db->prepare("UPDATE user_control SET lastLogin = DATE_ADD(NOW(), INTERVAL 1 HOUR), ip_addr = ? WHERE user_id = ?"); $updateLog->execute(array($ip_address, $member['user_id'])); session_write_close(); //If there are past failed log-in attempts, delete old entries if ($numAttempts > 0) { //Past failed log-ins from this IP address. Delete old entries $deleteIPBan = $db->prepare("DELETE FROM ip_ban WHERE ipAddr = ?"); $deleteIPBan->execute(array($ip_address)); } if ($member['level'] != "3" || $member['status'] == "Suspended") { header("location: http://somewhere.com"); } else { header('Location: http://somewhere.com'); } exit(); } else { //Login failed. Add IP address and other details to ban table if ($numAttempts < 1) { //Add a new entry to IP Ban table $addBanEntry = $db->prepare("INSERT INTO ip_ban (ipAddr, login, attempts) VALUES (?,?,?)"); $addBanEntry->execute(array($ip_address, $login, 1)); } else { //increment Attempts count $updateBanEntry = $db->prepare("UPDATE ip_ban SET ipAddr = ?, login = ?, attempts = attempts+1 WHERE ipAddr = ? OR login = ?"); $updateBanEntry->execute(array($ip_address, $login, $ip_address, $login)); } header('Location: http://somewhere.com/login.php'); exit(); } ?>

    Read the article

  • Email Verification plugin for rails?

    - by Larry K
    Hi, I'd like to verify a user's email address by sending them a verify-email-message. Do you know of a good Rails plugin that they've used or seen? Since I didn't see anything good via Google, at this point, my thought is: Add a verified boolean field to the user model. Default false. After user is added (unverified), combine email with a salt (a secret), and create the sha1 hash of the email/salt combo. The result is the verification. Send a welcoming / verification email to the user. Email includes a url that has the email address and verification as GET args to a verify action on my server. The verify action recomputes the verification using the supplied email and checks that the new verification matches the one in the url. If it does, then the User rec for the email is marked 'verified' Also will provide action to re-send the verification email. Any comments on the above? Thanks, Larry

    Read the article

  • JSON, Ajax login and signup form problem, critique

    - by user552828
    Here is my problem; indexdeneme2.php has two forms Sign up and Login form, and there is validation.js and login.js which are handling the AJAX and JSON response, there are validate.php and login.php which are my scripts for validating and login. When you sign up, it sends the data to validate.php perfectly and validate.php response with JSON perfectly, validate.js must show the error in #error div. validation.js works perfectly if it is working alone. I use same kind of script for login form. Login.php also works perfectly it responses with JSON and login.js shows the errors are appear in #errorlogin div. But this works when login.js works alone. When I try to work login.js and validate.js together, it is not working. validate.php and login.php works perfectly but login.js and validation.js are not working together. They can't handle the responses coming from php scripts. It is not showing the errors in #errorlogin and #error div. They intercept each other I guess. By the way if you can critique my login.php and validate.php I will be really appreciated. Thank you all. this is indexdeneme2.php <?php include('functions.php')?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> <link rel="stylesheet" href="css/cssdeneme1.css" /> <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script> <script type="text/javascript" src="validation.js"></script> <script type="text/javascript" src="login.js"></script> <script type="text/javascript"> var RecaptchaOptions = { theme : 'custom', custom_theme_widget: 'recaptcha_widget' }; </script> </head> <body onload="document.signup.reset()"> <div id="topbar"> <div class="wrapper"> </div> </div> <div id="middlebar"> <div class="wrapper"> <div id="middleleft"> <div id="mainformsecondcover"> <div id="mainform"> <div id="formhead"> <div id="signup">Sign Up</div> </div> <form method="post" action="validate.php" id="myform" name="signup"> <div id="form"> <table border="0" cellpadding="0" cellspacing="1"> <tbody> <tr> <td class="formlabel"> <label for="name">First Name:</label> </td> <td class="forminput"> <input type="text" name="name" id="name" /> </td> </tr> <tr> <td class="formlabel"> <label for="lastname">Last Name:</label> </td> <td class="forminput"> <input type="text" name="surname" id="lastname" /> </td> </tr> <tr> <td class="formlabel"> <label for="email">Email:</label> </td> <td class="forminput"> <input type="text" name="email" id="email" /> </td> </tr> <tr> <td class="formlabel"> <label for="remail">Re-Enter Email:</label> </td> <td class="forminput"> <input type="text" name="remail" id="remail" /> </td> </tr> <tr> <td class="formlabel"> <label for="password">Password:</label> </td> <td class="forminput"> <input type="password" name="password" id="password" maxlength="16" /> </td> </tr> <tr> <td class="formlabel"> <label for="gender">I am:</label> </td> <td class="forminput"> <select name="gender" id="gender"> <option value="0" selected="selected">-Select Sex-</option> <option value="1">Male</option> <option value="2">Female</option> </select> </td> </tr> <tr> <td class="formlabel"> <label>My Birthday:</label> </td> <td class="forminput"> <select size="1" name="day"> <option value="0" selected="selected">Day</option> <?php formDay(); ?> </select>&nbsp; <select size="1" name="month"> <option value="0" selected="selected">Month</option> <option value="1">January</option> <option value="2">February</option> <option value="3">March</option> <option value="4">April</option> <option value="5">May</option> <option value="6">June</option> <option value="7">July</option> <option value="8">August</option> <option value="9">September</option> <option value="10">October</option> <option value="11">November</option> <option value="12">December</option> </select>&nbsp; <select size="1" name="year"> <option value="0" selected="selected">Year</option> <?php formYear(); ?> </select> </td> </tr> <tr> <td class="formlabel"> <label for="recaptcha_response_field">Security Check:</label> </td> </tr> </tbody> </table> <?php require_once('captchalib.php'); ?> </div> <div id="formbottom"> <div id="error"> </div> <div id="formbottomright"> <input type="submit" id="formbutton" value="Sign Up" /> <img id="loading" src="css/images/ajax-loader.gif" height="35" width="35" alt="Processing.." style="float:right; display:block" /> </div> </div> </form> </div> </div> </div> <div id="middleright"> <div id="loginform"> <form name="login" action="login.php" method="post" id="login"> <label for="username">Email:</label> <input type="text" name="emaillogin" /> <label for="password">Password:</label> <input type="password" name="passwordlogin" maxlength="16" /> <input type="submit" value="Login" /> <img id="loading2" src="css/images/ajax-loader.gif" height="35" width="35" alt="Processing.." style="float:right; display:block" /> </form> </div> <div id="errorlogin"></div> </div> </div> </div> <div id="bottombar"> <div class="wrapper"></div> </div> </body> </html> validation.js $(document).ready(function(){ $('#myform').submit(function(e) { register(); e.preventDefault(); }); }); function register() { hideshow('loading',1); error(0); $.ajax({ type: "POST", url: "validate.php", data: $('#myform').serialize(), dataType: "json", success: function(msg){ if(parseInt(msg.status)==1) { window.location=msg.txt; } else if(parseInt(msg.status)==0) { error(1,msg.txt); Recaptcha.reload(); } hideshow('loading',0); } }); } function hideshow(el,act) { if(act) $('#'+el).css('visibility','visible'); else $('#'+el).css('visibility','hidden'); } function error(act,txt) { hideshow('error',act); if(txt) $('#error').html(txt); } login.js $(document).ready(function(){ $('#login').submit(function(e) { login(); e.preventDefault(); }); }); function login() { error(2); $.ajax({ type: "POST", url: "login.php", data: $('#login').serialize(), dataType: "json", success: function(msg){ if(parseInt(msg.status)==3) { window.location=msg.txt; } else if(parseInt(msg.status)==2) { error(3,msg.txt); } } }); } function error(act,txt) { hideshow('error',act); if(txt) $('#errorlogin').html(txt); } login.php <?php session_start(); require("connect.php"); $email = $_POST['emaillogin']; $password = $_POST['passwordlogin']; $email = mysql_real_escape_string($email); $password = mysql_real_escape_string($password); if(empty($email)) { die('{status:2,txt:"Enter your email address."}'); } if(!filter_var($email, FILTER_VALIDATE_EMAIL)) { die('{status:2,txt:"Invalid email or password"}'); } if(empty($password)) { die('{status:2,txt:"Enter your password."}'); } if(strlen($password)<6 || strlen($password)>16) { die('{status:2,txt:"Invalid email or password"}'); } $query = "SELECT password, salt FROM users WHERE Email = '$email';"; $result = mysql_query($query); if(mysql_num_rows($result) < 1) //no such user exists { die('{status:2,txt:"Invalid email or password"}'); } $userData = mysql_fetch_array($result, MYSQL_ASSOC); $hash = hash('sha256', $userData['salt'] . hash('sha256', $password) ); if($hash != $userData['password']) //incorrect password { die('{status:2,txt:"Invalid email or password"}'); } //////////////////////////////////////////////////////////////////////////////////// if('{status:3}') { session_regenerate_id (); //this is a security measure $getMemDetails = "SELECT * FROM users WHERE Email = '$email'"; $link = mysql_query($getMemDetails); $member = mysql_fetch_row($link); $_SESSION['valid'] = 1; $_SESSION['userid'] = $member[0]; $_SESSION['name'] = $member[1]; session_write_close(); mysql_close($con); echo '{status:3,txt:"success.php"}'; } validate.php <?php $name = $_POST['name']; $surname = $_POST['surname']; $email = $_POST['email']; $remail = $_POST['remail']; $gender = $_POST['gender']; $bdate = $_POST['year'].'-'.$_POST['month'].'-'.$_POST['day']; $bday = $_POST['day']; $bmon = $_POST['month']; $byear = $_POST['year']; $cdate = date("Y-n-j"); $password = $_POST['password']; $hash = hash('sha256', $password); $regdate = date("Y-m-d"); function createSalt() { $string = md5(uniqid(rand(), true)); return substr($string, 0, 3); } $salt = createSalt(); $hash = hash('sha256', $salt . $hash); if(empty($name) || empty($surname) || empty($email) || empty($remail) || empty($password) ) { die('{status:0,txt:"All the fields are required"}'); } if(!preg_match('/^[A-Za-z\s ]+$/', $name)) { die('{status:0,txt:"Please check your name"}'); } if(!preg_match('/^[A-Za-z\s ]+$/', $surname)) { die('{status:0,txt:"Please check your last name"}'); } if($bdate > $cdate) { die('{status:0,txt:"Please check your birthday"}'); } if(!(int)$gender) { die('{status:0,txt:"You have to select your sex"}'); } if(!(int)$bday || !(int)$bmon || !(int)$byear) { die('{status:0,txt:"You have to fill in your birthday"}'); } if(!$email == $remail) { die('{status:0,txt:"Emails doesn&sbquo;t match"}'); } if(!filter_var($email, FILTER_VALIDATE_EMAIL)) { die('{status:0,txt:"Enter a valid email"}'); } if(strlen($password)<6 || strlen($password)>16) { die('{status:0,txt:"Password must be between 6-16 characters"}'); } if (!$_POST["recaptcha_challenge_field"]===$_POST["recaptcha_response_field"]) { die('{status:0,txt:"You entered incorrect security code"}'); } if('{status:1}') { require("connect.php"); function getRealIpAddr() { if (!empty($_SERVER['HTTP_CLIENT_IP'])) { $ip=$_SERVER['HTTP_CLIENT_IP']; } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { $ip=$_SERVER['HTTP_X_FORWARDED_FOR']; } else { $ip=$_SERVER['REMOTE_ADDR']; } return $ip; } $rip = getRealIpAddr(); $ipn = inet_pton($rip); $checkuser = mysql_query("SELECT Email FROM users WHERE Email = '$email'"); $username_exist = mysql_num_rows($checkuser); if ( $username_exist !== 0 ) { mysql_close($con); die('{status:0,txt:"This email Address is already registered!"}'); } else { $query = "INSERT INTO users (name, surname, date, Email, Gender, password, salt, RegistrationDate, IP) VALUES ('$name', '$surname', '$bdate', '$email', '$gender', '$hash', '$salt', '$cdate', '$ipn')"; $link = mysql_query($query); if(!$link) { die('Becerilemedi: ' . mysql_error()); } else { mysql_close($con); echo '{status:1,txt:"afterreg.php"}'; } } } ?> css of indexdeneme2.php * { padding:0; margin:0; } #topbar { width:100%; height:50px; } .wrapper { margin:0 auto; width:1000px; height:100%; } #middlebar { width:100%; height:650px; } #middleleft { width:55%; float:left; height:650px; } #middleright { width:45%; float:right; height:650px; } #mainformsecondcover { width:404px; padding:0px; margin:0px; border:4px solid #59B; border-radius: 14px; -moz-border-radius: 14px; -webkit-border-radius: 14px; } #mainform { width:400px; border:2px solid #CCC; border-radius: 11px; -moz-border-radius: 11px; -webkit-border-radius: 11px; } #formhead { margin:7px; } #signup { margin-top:13px; margin-left:13px; margin-bottom:3px; color:#333; font-size:18px; font-family:"Lucida Sans Unicode", "Lucida Grande", sans-serif; font-weight:bold } #form { margin:7px; } #form table { margin:0px; width:380px; } #form table tr{ height:28px; } #form table td{ height:18px; } .formlabel { cursor:pointer; display:table-cell; text-align:right; font-size:12px; color:#000; font-weight:normal; vertical-align:middle; font-family:"Lucida Sans Unicode", "Lucida Grande", sans-serif; letter-spacing:1px; width:120px; height:37px; padding-right:5px; } .formlabel label{ cursor:pointer } .forminput input { width:240px; font-size:13px; padding:4px; } #recaptcha_image { width:300px; height:57px; border:2px solid #CCC; } #recaptcha_widget { margin-left:35px; } #securityinfo { font-size: 11px; line-height: 16px; } #formbottom { width:360px; min-height:45px; } #error { float:left; width:200px; border:1px solid #F00; margin-left:20px; margin-top:7px; text-align:center; color:#F00; font-family:"Lucida Sans Unicode", "Lucida Grande", sans-serif; font-size:11px; line-height:16px; padding:2px; visibility:hidden; } #errorlogin { float:left; width:200px; border:1px solid #F00; margin-left:20px; margin-top:7px; text-align:center; color:#F00; font-family:"Lucida Sans Unicode", "Lucida Grande", sans-serif; font-size:11px; line-height:16px; padding:2px; visibility:hidden; } #formbottomright { float:right; height:45px; width:115px; margin-left:5px; } #loading { visibility:hidden; } #loading2 { visibility:hidden; } #formbutton { display:block; font-size:14px; color:#FFF; background: #0b85c6; /* Old browsers */ background: -moz-linear-gradient(top, #0b85c6 0%, #59b 100%); /* FF3.6+ */ background: -webkit-gradient(linear, left top, left bottom, color-stop(0%,#0b85c6), color-stop(100%,#59b)); /* Chrome,Safari4+ */ background: -webkit-linear-gradient(top, #0b85c6 0%,#59b 100%); /* Chrome10+,Safari5.1+ */ background: -o-linear-gradient(top, #0b85c6 0%,#59b 100%); /* Opera11.10+ */ background: -ms-linear-gradient(top, #0b85c6 0%,#59b 100%); /* IE10+ */ filter: progid:DXImageTransform.Microsoft.gradient( startColorstr='#0B85C6', endColorstr='#59B',GradientType=0 ); /* IE6-9 */ background: linear-gradient(top, #0b85c6 0%,#59b 100%); /* W3C */ font-family:"Lucida Sans Unicode", "Lucida Grande", sans-serif; height:26px; width:60px; margin:7px; text-align:center; padding-bottom:4px; padding-left:4px; padding-right:4px; float:left; margin-right:5px; } #bottombar { width:100%; height:50px; } {}

    Read the article

  • Retrieving related data in the Symfony Admin Generator

    - by bjoern
    I have a problem with the Admin Generator. The Table of Pages have the column sf_guard_user_id. The rest of the table looks as this part of the generator.yml in the line display, list: title: Pages display: [=title, sfGuardUser, views, state, privacy, created_at, updated_at] sort: [created_at, desc] fields: sfGuardUser: { label: Author } created_at: { label: Published, date_format: dd.MM.y } updated_at: { label: Updated, date_format: dd.MM.y } table_method: retrieveUserList Now the sf_guard_user_id is been replaced and the username ist displayed. Don't get me wrong, that works fine. But how can I get other variables from the sfGuarsUser relation? When I only add salt or another variable to display I get this, Unknown record property / related component "salt" on "simplePage" But why?

    Read the article

  • Named Blueprints with factory_girl

    - by Jason Nerer
    I am using Factory Girl but like the machinist syntax. So I wonder, if there is any way creating a named blueprint for class, so that I can have something like that: User.blueprint(:no_discount_user) do admin false hashed_password "226bc1eca359a09f5f1b96e26efeb4bb1aeae383" is_trader false name "foolish" salt "21746899800.223524289203464" end User.blueprint(:discount_user) do admin false hashed_password "226bc1eca359a09f5f1b96e26efeb4bb1aeae383" is_trader true name "deadbeef" salt "21746899800.223524289203464" discount_rate { DiscountRate.make(:rate => 20.00) } end DiscountRate.blueprint do rate {10} not_before ... not_after ... end Is there a way making factory_girl with machinist syntax acting like that? I did not find one. Help appreciated. Thx in advance Jason

    Read the article

  • How can * be a safe hashed password?

    - by Exception e
    phpass is a widely used hashing 'framework'. While evaluating phpass' HashPassword I came across this odd method fragment. function HashPassword($password) { // <snip> trying to generate a hash… # Returning '*' on error is safe here, but would _not_ be safe # in a crypt(3)-like function used _both_ for generating new # hashes and for validating passwords against existing hashes. return '*'; } This is the complete phpsalt class: # Portable PHP password hashing framework. # # Version 0.2 / genuine. # # Written by Solar Designer <solar at openwall.com> in 2004-2006 and placed in # the public domain. # # # class PasswordHash { var $itoa64; var $iteration_count_log2; var $portable_hashes; var $random_state; function PasswordHash($iteration_count_log2, $portable_hashes) { $this->itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; if ($iteration_count_log2 < 4 || $iteration_count_log2 > 31) $iteration_count_log2 = 8; $this->iteration_count_log2 = $iteration_count_log2; $this->portable_hashes = $portable_hashes; $this->random_state = microtime() . getmypid(); } function get_random_bytes($count) { $output = ''; if (is_readable('/dev/urandom') && ($fh = @fopen('/dev/urandom', 'rb'))) { $output = fread($fh, $count); fclose($fh); } if (strlen($output) < $count) { $output = ''; for ($i = 0; $i < $count; $i += 16) { $this->random_state = md5(microtime() . $this->random_state); $output .= pack('H*', md5($this->random_state)); } $output = substr($output, 0, $count); } return $output; } function encode64($input, $count) { $output = ''; $i = 0; do { $value = ord($input[$i++]); $output .= $this->itoa64[$value & 0x3f]; if ($i < $count) $value |= ord($input[$i]) << 8; $output .= $this->itoa64[($value >> 6) & 0x3f]; if ($i++ >= $count) break; if ($i < $count) $value |= ord($input[$i]) << 16; $output .= $this->itoa64[($value >> 12) & 0x3f]; if ($i++ >= $count) break; $output .= $this->itoa64[($value >> 18) & 0x3f]; } while ($i < $count); return $output; } function gensalt_private($input) { $output = '$P$'; $output .= $this->itoa64[min($this->iteration_count_log2 + ((PHP_VERSION >= '5') ? 5 : 3), 30)]; $output .= $this->encode64($input, 6); return $output; } function crypt_private($password, $setting) { $output = '*0'; if (substr($setting, 0, 2) == $output) $output = '*1'; if (substr($setting, 0, 3) != '$P$') return $output; $count_log2 = strpos($this->itoa64, $setting[3]); if ($count_log2 < 7 || $count_log2 > 30) return $output; $count = 1 << $count_log2; $salt = substr($setting, 4, 8); if (strlen($salt) != 8) return $output; # We're kind of forced to use MD5 here since it's the only # cryptographic primitive available in all versions of PHP # currently in use. To implement our own low-level crypto # in PHP would result in much worse performance and # consequently in lower iteration counts and hashes that are # quicker to crack (by non-PHP code). if (PHP_VERSION >= '5') { $hash = md5($salt . $password, TRUE); do { $hash = md5($hash . $password, TRUE); } while (--$count); } else { $hash = pack('H*', md5($salt . $password)); do { $hash = pack('H*', md5($hash . $password)); } while (--$count); } $output = substr($setting, 0, 12); $output .= $this->encode64($hash, 16); return $output; } function gensalt_extended($input) { $count_log2 = min($this->iteration_count_log2 + 8, 24); # This should be odd to not reveal weak DES keys, and the # maximum valid value is (2**24 - 1) which is odd anyway. $count = (1 << $count_log2) - 1; $output = '_'; $output .= $this->itoa64[$count & 0x3f]; $output .= $this->itoa64[($count >> 6) & 0x3f]; $output .= $this->itoa64[($count >> 12) & 0x3f]; $output .= $this->itoa64[($count >> 18) & 0x3f]; $output .= $this->encode64($input, 3); return $output; } function gensalt_blowfish($input) { # This one needs to use a different order of characters and a # different encoding scheme from the one in encode64() above. # We care because the last character in our encoded string will # only represent 2 bits. While two known implementations of # bcrypt will happily accept and correct a salt string which # has the 4 unused bits set to non-zero, we do not want to take # chances and we also do not want to waste an additional byte # of entropy. $itoa64 = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; $output = '$2a$'; $output .= chr(ord('0') + $this->iteration_count_log2 / 10); $output .= chr(ord('0') + $this->iteration_count_log2 % 10); $output .= '$'; $i = 0; do { $c1 = ord($input[$i++]); $output .= $itoa64[$c1 >> 2]; $c1 = ($c1 & 0x03) << 4; if ($i >= 16) { $output .= $itoa64[$c1]; break; } $c2 = ord($input[$i++]); $c1 |= $c2 >> 4; $output .= $itoa64[$c1]; $c1 = ($c2 & 0x0f) << 2; $c2 = ord($input[$i++]); $c1 |= $c2 >> 6; $output .= $itoa64[$c1]; $output .= $itoa64[$c2 & 0x3f]; } while (1); return $output; } function HashPassword($password) { $random = ''; if (CRYPT_BLOWFISH == 1 && !$this->portable_hashes) { $random = $this->get_random_bytes(16); $hash = crypt($password, $this->gensalt_blowfish($random)); if (strlen($hash) == 60) return $hash; } if (CRYPT_EXT_DES == 1 && !$this->portable_hashes) { if (strlen($random) < 3) $random = $this->get_random_bytes(3); $hash = crypt($password, $this->gensalt_extended($random)); if (strlen($hash) == 20) return $hash; } if (strlen($random) < 6) $random = $this->get_random_bytes(6); $hash = $this->crypt_private($password, $this->gensalt_private($random)); if (strlen($hash) == 34) return $hash; # Returning '*' on error is safe here, but would _not_ be safe # in a crypt(3)-like function used _both_ for generating new # hashes and for validating passwords against existing hashes. return '*'; } function CheckPassword($password, $stored_hash) { $hash = $this->crypt_private($password, $stored_hash); if ($hash[0] == '*') $hash = crypt($password, $stored_hash); return $hash == $stored_hash; } }

    Read the article

  • Server authorization with MD5 and SQL.

    - by Charles
    I currently have a SQL database of passwords stored in MD5. The server needs to generate a unique key, then sends to the client. In the client, it will use the key as a salt then hash together with the password and send back to the server. The only problem is that the the SQL DB has the passwords in MD5 already. Therefore for this to work, I would have to MD5 the password client side, then MD5 it again with the salt. Am I doing this wrong, because it doesn't seem like a proper solution. Any information is appreciated.

    Read the article

  • Invalid character in a Base-64 string

    - by swetha
    I am getting this error when I am validating the user with sql membership provider this.provider.ValidateUser(userName, password); the password i have used is "freetrial". I tried trimming the spaces but still no luck!!! and the call stack is as follows: [FormatException: Invalid character in a Base-64 string.] System.Convert.FromBase64String(String s) +0 System.Web.Security.MembershipProvider.EncodePassword(String pass, Int32 passwordFormat, String salt) +54 System.Web.Security.SqlMembershipProvider.CheckPassword(String username, String password, Boolean updateLastLoginActivityDate, Boolean failIfNotApproved, String& salt, Int32& passwordFormat) +169 System.Web.Security.SqlMembershipProvider.CheckPassword(String username, String password, Boolean updateLastLoginActivityDate, Boolean failIfNotApproved) +42 System.Web.Security.SqlMembershipProvider.ValidateUser(String username, String password) +78

    Read the article

  • Static struct in C++

    - by pingvinus
    Hi, I want to define an structure, where some math constants would be stored. Here what I've got now: struct consts { //salt density kg/m3 static const double gamma; }; const double consts::gamma = 2350; It works fine, but there would be more than 10 floating point constants, so I doesn't want to wrote 'static const' before each of them. And define something like that: static const struct consts { //salt density kg/m3 double gamma; }; const double consts::gamma = 2350; It look fine, but I got these errors: 1. member function redeclaration not allowed 2. a nonstatic data member may not be defined outside its class I wondering if there any C++ way to do it?

    Read the article

  • node.js with SQL Server Native Client 11 scope_identity not being returned

    - by binderbound
    I'm having trouble with inserting a value into a database through node.js. Here is the offending code: sql.query(conn_str ,"INSERT INTO Login(email, hash, salt, firstName, lastName) VALUES(?, ?, ?, ?, ?); SELECT SCOPE_IDENTITY() AS 'Identity';" , [email, hash, salt, firstName, lastName], function(err, results){ console.log(results) } Unfortunately, the console is just echoing [], meaning results is an empty array, I suppose. Does anyone know why the identity is not being returned? Even if it was null, why isn't results then [{Identity: null }] ? Database is on Azure, which does have a "Scope_Identity" function, and the native client also recognises this function. Using node package "msnodesql" Please Help

    Read the article

  • Copying blocks (ie: copying them to instance variables) in Objective-C

    - by RyanWilcox
    I'm trying to understand blocks. I get how to use them normally, when passed directly to a method. I'm interested now in taking a block, storing it (say) in an instance variable and calling it later. The blocks programming guide makes it sound like I can do this, by using Block_copy / retain to copy the block away, but when I try to run it I crash my program. - (void) setupStoredBlock { int salt = 42; m_storedBlock = ^(int incoming){ return 2 + incoming + salt; }; [m_storedBlock retain]; } I try to call it later: - (void) runStoredBlock { int outputValue = m_storedBlock(5); NSLog(@"When we ran our stored blockwe got back: %d", outputValue); [m_storedBlock release]; } Anyone have any insights? (Or, is there something I'm not getting with blocks?) Thank you very much!

    Read the article

  • Find and replace numbers in string with regex

    - by James
    What I'm trying to achieve is to replace the numbers in the string with a new values calculated from the (match * int). So the string input looks like: 500g Flour 14g Salt 7g Dry yeast 45ml Olive oil 309ml Water And the result should look like this: 1000g Flour 14g Salt 14g Dry yeast 90ml Olive oil 618 ml Water row["ingredients"] is a DataRow. This is where I'm at: System.Text.RegularExpressions. Regex.Replace(row["ingredients"].ToString(), @"[^/d]", Delegate(Match match) { return match * 2; }, RegexOptions.Multiline); Any solution is greatly appreciated.

    Read the article

  • Is MD5 really that bad?

    - by Col. Shrapnel
    Everyone says that MD5 is "broken". Though I have never seen a code that can show it's weakness. So, I hope someone of local experts can prove it with simple test. I have an MD5 hash c1e877411f5cb44d10ece283a37e1668 And a simple code to produce it $salt="#bh35^&Res%"; $pass="***"; echo $hash=md5($salt.$pass); So, the question is: 1. Is MD% really that bad? 2. If so, what's the pass behind the asterisks?

    Read the article

  • Spring @Value annotation not using defaults when property is not present

    - by garyj
    Hi All I am trying to use @Value annotation in the parameters of a constructor as follows: @Autowired public StringEncryptor( @Value("${encryptor.password:\"\"}") String password, @Value("${encryptor.algorithm:\"PBEWithMD5AndTripleDES\"}") String algorithm, @Value("${encryptor.poolSize:10}") Integer poolSize, @Value("${encryptor.salt:\"\"}") String salt) { ... } When the properties file is present on the classpath, the properties are loaded perfectly and the test executes fine. However when I remove the properties file from the classpath, I would have expected that the default values would have been used, for example poolSize would be set to 10 or algorithm to PBEWithMD5AndTripleDES however this is not the case. Running the code through a debugger (which would only work after changing @Value("${encryptor.poolSize:10}") Integer poolSize to @Value("${encryptor.poolSize:10}") String poolSize as it was causing NumberFormatExceptions) I find that the defaults are not being set and the parameters are in the form of: poolSize = ${encryptor.poolSize:10} or algorithm = ${encryptor.algorithm:"PBEWithMD5AndTripleDES"} rather than the expected poolSize = 10 or algorithm = "PBEWithMD5AndTripleDES" Based on SPR-4785 the notation such as ${my.property:myDefaultValue} should work. Yet it's not happening for me! Thank you

    Read the article

  • password/login system in php

    - by Jonathan
    For a login system in php would this be a suitable outline of how it would work: users types in username and password, clicks login button. Checks if user exists in database, if it does, then retrieve the salt for that user hash the password and salt (would this be done on the client or server side? I think client side would be better, but php is server side so how would you do this?) check value against value in database, if the values match then user has typed in correct password and they are logged in.

    Read the article

  • Ideas for extending tic-tac-toe game?

    - by pimvdb
    I'm building a 3D tic-tac-toe game and this is what I've implemented so far: 3D renderer with texture mapping Playing against the computer Playing online (multiplayer) Now I'm a little lost what I could add. Obviously, tic-tac-toe isn't that exciting or advanced, but I just miss something to salt it a little bit. Therefore, could anyone please suggest some ideas that would be worth implementing? Thanks!

    Read the article

  • Encrypted Hidden Redux : Let's Get Salty

    - by HeartattacK
    In this article, Ashic Mahtab shows an elegant, reusable and unobtrusive way in which to persist sensitive data to the browser in hidden inputs and restoring them on postback without needing to change any code in controllers or actions. The approach is an improvement of his previous article and incorporates a per session salt during encryption. Note: Cross posted from Heartysoft.com. Permalink

    Read the article

< Previous Page | 2 3 4 5 6 7 8 9 10 11 12 13  | Next Page >