Search Results

Search found 6535 results on 262 pages for '3d secure'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 72/262 | < Previous Page | 68 69 70 71 72 73 74 75 76 77 78 79  | Next Page >

  • Is it fair for us to conclude XOR string encryption is less secure than well known encryption (Say Blowfish)

    - by Yan Cheng CHEOK
    I was wondering, is it fair to conclude, XOR string encryption is less secure than other encryption method, say Blowfish This is because for both methods, their input are Unencrypted string A secret key string XOR(string value,string key) { string retval(value); short unsigned int klen=key.length(); short unsigned int vlen=value.length(); short unsigned int k=0; short unsigned int v=0; for(v;v<vlen;v++) { retval[v]=value[v]^key[k]; k=(++k<klen?k:0); } return retval; } Is there any proof that XOR encryption method is more easy to be "broken" than Blowfish if the same key is being chosen?

    Read the article

  • How do you: Symfony functional test on a secure app?

    - by Dan Tudor
    Im trying to perform some function tests in symfony 1.4. My application is secure so the tests return 401 response codes not 200 as expected. I've tried creating a context and authentication the user prior to performing the test but to no avail. Any suggestions? Do I need to pass sfContext to the sfTestFunctional? Thanks include(dirname(FILE).'/../../bootstrap/functional.php'); $configuration = ProjectConfiguration::getApplicationConfiguration('backend', 'test', true); $context = sfContext::createInstance($configuration); new sfDatabaseManager($configuration); $loader = new sfPropelData(); $loader-loadData(sfConfig::get('sf_test_dir').'/fixtures'); // load test data $user = sfGuardUserPeer::retrieveByUsername('test'); $context-getUser()-signin($user); $browser = new sfTestFunctional(new sfBrowser()); $browser- get('/')- with('request')-begin()- isParameter('module', 'video')- isParameter('action', 'index')- end()- with('response')-begin()- isStatusCode(200)- //checkElement('body', '!/This is a temporary page/')- end() ;

    Read the article

  • How do I get secure AuthSub session tokens in PHP ?

    - by robertdd
    I am using the Google/YouTube APIs to develop web application which needs access to a users YouTube account. Normal unsecure requests work fine and I can upgrade one time tokens to session tokens without any hassle. The problem comes when I try and upgrade a secure token to a session token, I get: ERROR - Token upgrade for CIzF3546351vmq_P____834654G failed : Token upgrade failed. Reason: Invalid AuthSub header. Error 401 i use this: function updateAuthSubToken($singleUseToken) { try { $client = new Zend_Gdata_HttpClient(); $client->setAuthSubPrivateKeyFile('/home/www/key.pem', null, true); $sessionToken = Zend_Gdata_AuthSub::AuthSubRevokeToken($sessionToken, $client); $client->setAuthSubToken($sessionToken); } catch (Zend_Gdata_App_Exception $e) { print 'ERROR - Token upgrade for ' . $singleUseToken . ' failed : ' . $e->getMessage(); return; } $_SESSION['sessionToken'] = $sessionToken; generateUrlInformation(); header('Location: ' . $_SESSION['homeUrl']); }

    Read the article

  • What language or application should be used in developing website to make it secure and make it toug

    - by niladri
    I am planning to get my website development outsourced to a third party developer. Need your help in deciding on how/ what technology to be used to make it very secure. Since I am not a techie I need the website developed in a way, so that it is easy for me to maintain it and modify content easily if required. The main purpose of the website is to provide company information about services offered and then also to exchange documents and other file using FTP server. Will be sending out surevey and newletters sometime Looking for your advice to guide me to the right direction

    Read the article

  • How to generate a cryptographically secure Double between 0 and 1?

    - by Portman
    I know how to generate a random number between 0 and 1 using the NextDouble method of the pseudo-random number generator. var rng1 = new System.Random(); var random1 = rng1.NextDouble(); // generates a random double between 0 and 1.0 And I know how to fill a random byte array using the cryptographically secure random number generator. Byte[] bytes = new Byte[8]; var rng2 = new System.Security.Cryptography.RNGCryptoServiceProvider(); rng2.GetBytes(bytes); // generates 8 random bytes But how can I convert the byte-array output of RNGCryptoServiceProvider into a random number between 0 (inclusive) and 1 (exclusive)?

    Read the article

  • is this a secure approach in ActiveRecords in Rails?

    - by Adnan
    Hello, I am using the following for my customers to unsubscribe from my mailing list; def index @user = User.find_by_salt(params[:subscribe_code]) if @user.nil? flash[:notice] = "the link is not valid...." render :action => 'index' else Notification.delete_all(:user_id => @user.id) flash[:notice] = "you have been unsubscribed....." redirect_to :controller => 'home' end end my link looks like; http://site.com/unsubscribe/32hj5h2j33j3h333 so the above compares the random string to a field in my user table and accordingly deletes data from the notification table. My question; is this approach secure? is there a better/more efficient way for doing this? All suggestions are welcome.

    Read the article

  • Architecture of a secure application that encrypts data in the database.

    - by Przemyslaw Rózycki
    I need to design an application that protects some data in a database against root attack. It means, that even if the aggressor takes control over the machine where data is stored or machine with the application server, he can't read some business critical data from the database. This is a customer's requirement. I'm going to encrypt data with some assymetric algorithm and I need some good ideas, where to store private keys, so that data is secure as well as the application usability was quite comfortable? We can assume, for simplicity, that only one key pair is used.

    Read the article

  • How do I secure a folder used to let users upload files?

    - by Eduardo Molteni
    I have a folder in my web server used for the users to upload photos using an ASP page. Is it safe enough to give IUSR write permissions to the folder? Must I secure something else? I am afraid of hackers bypassing the ASP page and uploading content directly to the folder. I'm using ASP classic and IIS6 on Windows 2003 Server. The upload is through HTTP, not FTP. Edit: Changing the question for clarity and changing my answers as comments.

    Read the article

  • How do I secure password parameters in RESTful web service URIs?

    - by adam
    i'm a newbie to server-side programming, so please forgive me if this gets messy. i've been contracted to create a web service to allow authenticated users to access a database. users have to enter a login and password. been reading and reading about REST vs SOAP, and i thought i'd settled on a RESTful design when i came across this statement: "Data that needs to be secure should not be sent as parameters in URIs." this seems like a major demerit against a RESTful approach. i'm aware that with https the password would be encrypted to prevent man-in-the-middle interception, but that leaves the server logs and client history as possible exposure points. is there a RESTful solution out there for this problem, or do i need to go SOAPy? any advice appreciated.

    Read the article

  • Secure xml messages being read from database into app.

    - by scope-creep
    I have an app that reads xml from a database using NHibernate Dal. The dal calls stored procedures to read and encapsulate the data from the schema into an xml message, wrap it up to a message and enqueue it on an internal queue for processing. I would to secure the channel from the database reads to the dequeue action. What would be the best way to do it. I was thinking of signing the xml using System.Security.Cryptography.Xml namespace, but is their any other techniques or approaches I need to know about? Any help would be appreciated. Bob.

    Read the article

  • Post data with jQuery to ASP.net, am I doing this secure enough?

    - by Wim Haanstra
    For a website I am building, I am using jQuery to post data to Generic Handlers I created for this purpose. Because you need to be logged in, to do most post actions (like 'rate a picture'), I am currently using the following technique: User visits page Page determines if user is logged in On Page_Load the page fills a hidden field with an encrypted string, which contains several needed variables, like User ID, Picture ID (of the picture they are currently viewing), the DateTime when the page was rendered. When the user clicks a "I like this picture"-button, I do a $.ajax post to my Generic Handler, with the encrypted string and the value whether or not they liked the picture. The Generic Handler decrypts the supplied encrypted string and takes a look at the DateTime to determine if it was not too long ago When everything works out, the vote is submitted to the database. In my understanding this is a pretty secure way to handle a situation like this. But maybe I am missing a very important point here. Any advice would be very welcome.

    Read the article

  • Is there an easy way to add a secure file upload form (username, password, select file) to a website

    - by user346602
    Hi, I am very new to website design. Have an architect who wants his clients to enable his clients to upload (ftp - but don't know if http could be a better alternative?) files (plans etc.) to him, through the website I'm designing for him. I have seen similar things available on printers websites... I have seen uploadify, but it requires flash (I can only code HTML, CSS and a tiny bit of PHP), and don't think it is a secure option. I have also seen net2ftp, but don't really understand how it works. Any direction would be sincerely appreciated.

    Read the article

  • Python - Why ever use SHA1 when SHA512 is more secure?

    - by orokusaki
    I don't mean for this to be a debate, but I'm trying to understand the technical rationale behind why so many apps use SHA1, when SHA512 is more secure. Perhaps it's simply for backwards compatibility. Besides the obvious larger size (128 chars vs 40), or slight speed differences, is there any other reason why folks use the former? Also, SHA-1 I believe was first cracked by a VCR's processor years ago. Has anyone cracked 512 yet (perhaps with a leaf blower), or is it still safe to use without salting?

    Read the article

  • require user to login in at login screen before giving access to iPhone app that accesses secure web

    - by MikeN
    On iPhone, how do I show a login screen to get username and password before giving access to iPhone app? Also, does the iPhone store a cookie to the secure website like a web browser? I was thinking of giving users to my website a long API key to store in the settings of their iPhone instead of asking them to login with a username/password (seems to be the Slicehost iPhone app approach.) Which is the best way to get a user to login securely? I have full control over the design of the iPhone app and website so have a lot of flexibility.

    Read the article

  • Correcting an UPDATE statement (and making it more secure!)

    - by Jess
    I'm trying to a single value in my DB...When I run it through the console, it works correctly (as I'm replacing the variables with numbers and text).. However, My query is not running correctly. It's just prompting a syntax error Here is what I have: "UPDATE books SET readstatus='".$readstatus."' WHERE book_id=".$book_id; This won't work, I also tried doing something like this as I'm told this makes it a bit more secure? : "UPDATE books SET readstatus='{$readstatus}', WHERE read_id='{read_id}'"; This does not prompt any errors, but no change is happeneing to the value in the DB, I'm guessing the syntax is incorrect.

    Read the article

  • How do I MVVM-ize this MouseDown code in my WPF 3D app?

    - by DanM
    In my view, I have: <UserControl x:Class ... MouseDown="UserControl_MouseDown"> <Viewport3D Name="Viewport" Grid.Column="0"> ... </Viewport3D > </UserControl> In my code-behind, I have: private void UserControl_MouseDown(object sender, MouseButtonEventArgs e) { ((MapPanelViewModel)DataContext).OnMouseDown(e, Viewport); } And in my view-model, I have: public void OnMouseDown(MouseEventArgs e, Viewport3D viewport) { var range = new LineRange(); var isValid = ViewportInfo.Point2DtoPoint3D(viewport, e.GetPosition(viewport), out range); if (!isValid) MouseCoordinates = "(no data)"; else { var point3D = range.PointFromZ(0); var point = ViewportInfo.Point3DtoPoint2D(viewport, point3D); MouseCoordinates = e.GetPosition(viewport).ToString() + "\n" + point3D + "\n" + point; } } I really don't have a good sense of how to handle mouse events with MVVM. I always just end up putting them in the code-behind and casting the DataContext as SomeViewModel, then passing the MouseEventArgs on to a handler in my view-model. That's bad enough already, but in this case, I'm actually passing in a control (a Viewport3D), which is necessary for translating coordinates between 2D and 3D. Any suggestions on how to make this more in tune with MVVM?

    Read the article

  • Request Limit Length Limits for IIS&rsquo;s requestFiltering Module

    - by Rick Strahl
    Today I updated my CodePaste.net site to MVC 3 and pushed an update to the site. The update of MVC went pretty smooth as well as most of the update process to the live site. Short of missing a web.config change in the /views folder that caused blank pages on the server, the process was relatively painless. However, one issue that kicked my ass for about an hour – and not foe the first time – was a problem with my OpenId authentication using DotNetOpenAuth. I tested the site operation fairly extensively locally and everything worked no problem, but on the server the OpenId returns resulted in a 404 response from IIS for a nice friendly OpenId return URL like this: http://codepaste.net/Account/OpenIdLogon?dnoa.userSuppliedIdentifier=http%3A%2F%2Frstrahl.myopenid.com%2F&dnoa.return_to_sig_handle=%7B634239223364590000%7D%7BjbHzkg%3D%3D%7D&dnoa.return_to_sig=7%2BcGhp7UUkcV2B8W29ibIDnZuoGoqzyS%2F%2FbF%2FhhYscgWzjg%2BB%2Fj10ZpNdBkUCu86dkTL6f4OK2zY5qHhCnJ2Dw%3D%3D&openid.assoc_handle=%7BHMAC-SHA256%7D%7B4cca49b2%7D%7BMVGByQ%3D%3D%7D&openid.claimed_id=http%3A%2F%2Frstrahl.myopenid.com%2F&openid.identity=http%3A%2F%2Frstrahl.myopenid.com%2F&openid.mode=id_res&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.ns.sreg=http%3A%2F%2Fopenid.net%2Fextensions%2Fsreg%2F1.1&openid.op_endpoint=http%3A%2F%2Fwww.myopenid.com%2Fserver&openid.response_nonce=2010-10-29T04%3A12%3A53Zn5F4r5&openid.return_to=http%3A%2F%2Fcodepaste.net%2FAccount%2FOpenIdLogon%3Fdnoa.userSuppliedIdentifier%3Dhttp%253A%252F%252Frstrahl.myopenid.com%252F%26dnoa.return_to_sig_handle%3D%257B634239223364590000%257D%257BjbHzkg%253D%253D%257D%26dnoa.return_to_sig%3D7%252BcGhp7UUkcV2B8W29ibIDnZuoGoqzyS%252F%252FbF%252FhhYscgWzjg%252BB%252Fj10ZpNdBkUCu86dkTL6f4OK2zY5qHhCnJ2Dw%253D%253D&openid.sig=h1GCSBTDAn1on98sLA6cti%2Bj1M6RffNerdVEI80mnYE%3D&openid.signed=assoc_handle%2Cclaimed_id%2Cidentity%2Cmode%2Cns%2Cns.sreg%2Cop_endpoint%2Cresponse_nonce%2Creturn_to%2Csigned%2Csreg.email%2Csreg.fullname&openid.sreg.email=rstrahl%40host.com&openid.sreg.fullname=Rick+Strahl A 404 of course isn’t terribly helpful – normally a 404 is a resource not found error, but the resource is definitely there. So how the heck do you figure out what’s wrong? If you’re just interested in the solution, here’s the short version: IIS by default allows only for a 1024 byte query string, which is obviously exceeded by the above. The setting is controlled by the RequestFiltering module in IIS 6 and later which can be configured in ApplicationHost.config (in \%windir\system32\inetsvr\config). To set the value configure the requestLimits key like so: <configuration> <security> <requestFiltering> <requestLimits maxQueryString="2048"> </requestLimits> </requestFiltering> </security> </configuration> This fixed me right up and made the requests work. How do you find out about problems like this? Ah yes the troubles of an administrator? Read on and I’ll take you through a quick review of how I tracked this down. Finding the Problem The issue with the error returned is that IIS returns a 404 Resource not found error and doesn’t provide much information about it. If you’re lucky enough to be able to run your site from the localhost IIS is actually very helpful and gives you the right information immediately in a nicely detailed error page. The bottom of the page actually describes exactly what needs to be fixed. One problem with this easy way to find an error: You HAVE TO run localhost. On my server which has about 10 domains running localhost doesn’t point at the particular site I had problems with so I didn’t get the luxury of this nice error page. Using Failed Request Tracing to retrieve Error Info The first place I go with IIS errors is to turn on Failed Request Tracing in IIS to get more error information. If you have access to the server to make a configuration change you can enable Failed Request Tracing like this: Find the Failed Request Tracing Rules in the IIS Service Manager.   Select the option and then Edit Site Tracing to enable tracing. Then add a rule for * (all content) and specify status codes from 100-999 to capture all errors. if you know exactly what error you’re looking for it might help to specify it exactly to keep the number of errors down. Then run your request and let it fail. IIS will throw error log files into a folder like this C:\inetpub\logs\FailedReqLogFiles\W3SVC5 where the last 5 is the instance ID of the site. These files are XML but they include an XSL stylesheet that provides some decent formatting. In this case it pointed me straight at the offending module:   Ok, it’s the RequestFilteringModule. Request Filtering is built into IIS 6-7 and configured in ApplicationHost.config. This module defines a few basic rules about what paths and extensions are allowed in requests and among other things how long a query string is allowed to be. Most of these settings are pretty sensible but the query string value can easily become a problem especially if you’re dealing with OpenId since these return URLs are quite extensive. Debugging failed requests is never fun, but IIS 6 and forward at least provides us the tools that can help us point in the right direction. The error message the FRT report isn’t as nice as the IIS error message but it at least points at the offending module which gave me the clue I needed to look at request restrictions in ApplicationHost.config. This would still be a stretch if you’re not intimately familiar, but I think with some Google searches it would be easy to track this down with a few tries… Hope this was useful to some of you. Useful to me to put this out as a reminder – I’ve run into this issue before myself and totally forgot. Next time I got it, right?© Rick Strahl, West Wind Technologies, 2005-2010Posted in ASP.NET  Security  

    Read the article

  • 2.5D game development

    - by ne5tebiu
    2.5D ("two-and-a-half-dimensional"), 3/4 perspective and pseudo-3D are terms used to describe either: graphical projections and techniques which cause a series of images or scenes to fake or appear to be three-dimensional (3D) when in fact they are not, or gameplay in an otherwise three-dimensional video game that is restricted to a two-dimensional plane. (Information taken from Wikipedia.org) I have a question based on 2.5D game development. As stated before, 2.5D uses graphical projections and techniques to make fake 3d or a gameplay restricted to a two-dimensional plane. A good example is a TQ Digital made game: Zero Online (screenshot) the whole map is made of 2d images and only NPCs and players are 3d. The maps were drawn manually by hand without any 3d software rendering. As I'm playing the game I feel like I'm going from a lower part of the map (ground) to a higher one (some metal platform) and it feels like I'm moving in 3 dimensions. But when I look closely, I see that the player size didn't change and the shadow too but I'm still feeling like I'm somehow higher then before (I had rendered a simple map myself that I made in 3dmax but it didn't quite give the result I wanted). How to accomplish such an effect?

    Read the article

  • How secure is a bluetooth keyboard against password sniffing?

    - by jhs
    In a situation where an admin will enter sensitive information into a keyboard (the root password), what is the risk that a bluetooth keyboard (ship by default with Mac systems these days) would put those passwords at risk? Another way of asking would be: what security and encryption protocols are used, if any, to establish a bluetooth connection between a keyboard and host system?

    Read the article

  • Xcode workspace with Unity3D as a sub-project?

    - by Di Wu
    Let's say we're developing a 2D game with Cocos2d-iPhone and UIKit and CoreAnimation. But we're also considering leveraging the 3D capabilities of Unity 3D. Is it possible that we add the Unity3D-generated Xcode project as a sub-project into the workspace and expose the 3D UI element as some kind of UIView subclass so that the native UIKit and CoreAnimation code could use them without the need to mess up with their underlying Unity3D implementation?

    Read the article

  • How Do I Secure WordPress Blogs Against Elemento_pcx Exploit?

    - by Volomike
    I have a client who has several WordPress 2.9.2 blogs that he hosts. They are getting a deface kind of hack with the Elemento_pcx exploit somehow. It drops these files in the root folder of the blog: -rw-r--r-- 1 userx userx 1459 Apr 16 04:25 default.htm -rw-r--r-- 1 userx userx 1459 Apr 16 04:25 default.php -rw-r--r-- 1 userx userx 1459 Apr 16 04:25 index.asp -rw-r--r-- 1 userx userx 1459 Apr 16 04:25 index.aspx -rw-r--r-- 1 userx userx 1459 Apr 16 04:25 index.htm -rw-r--r-- 1 userx userx 1459 Apr 16 04:25 index.html -rwxr-xr-x 1 userx userx 1459 Apr 16 04:25 index.php* It overwrites index.php. A keyword inside each file is "Elemento_pcx". It shows a white fist with a black background and the phrase "HACKED" in bold letters above it. We cannot determine how it gets in to do what it does. The wp-admin password isn't hard, but it's also not very easy either. I'll change it up a little to show you what the password sort of looks like: wviking10. Do you think it's using an engine to crack the password? If so, how come our server logs aren't flooded with wp-admin requests as it runs down a random password list? The wp-content folder has no changes inside it, but is run as chmod 777 because wp-cache required it. Also, the wp-content/cache folder is run as chmod 777 too.

    Read the article

  • In Puppet, how would I secure a password variable (in this case a MySQL password)?

    - by Beaming Mel-Bin
    I am using Puppet to provision MySQL with a parameterised class: class mysql::server( $password ) { package { 'mysql-server': ensure => installed } package { 'mysql': ensure => installed } service { 'mysqld': enable => true, ensure => running, require => Package['mysql-server'], } exec { 'set-mysql-password': unless => "mysqladmin -uroot -p$password status", path => ['/bin', '/usr/bin'], command => "mysqladmin -uroot password $password", require => Service['mysqld'], } } How can I protect $password? Currently, I removed the default world readable permission from the node definition file and explicitly gave puppet read permission via ACL. I'm assuming others have come across a similar situation so perhaps there's a better practice.

    Read the article

  • How to stop a tap event from propagating in a XNA / Silverlight game

    - by Mech0z
    I have a game with Silverlight / XNA game where text and buttons are created in Silverlight while 3d is done in XNA. The Silverlight controls are drawn ontop of the 3D and I dont want a click on a button to interact with the 3D underneath So I have private void ButtonPlaceBrick_Tap(object sender, GestureEventArgs e) { e.Handled = true; But my gesture handling on the 3d objects still runs even though I have set handled to true. private void OnUpdate(object sender, GameTimerEventArgs e) { while (TouchPanel.IsGestureAvailable) { // Read the next gesture GestureSample gesture = TouchPanel.ReadGesture(); switch (gesture.GestureType) How am I supposed to stop it from propagating?

    Read the article

  • How can we use Microsoft Groove with peers existing in both secure and unsecured network segments?

    - by MikeHerrera
    We have been instructed to implement a Microsoft Groove workspace. This would normally not be a concern, but the workspace will be utilized by machines which exist in our internal/restricted network as well as from peers from an outside/unknown network. Does there exist a best-practice for such an implementation?... or would this potentially expose the restricted network too broadly?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 68 69 70 71 72 73 74 75 76 77 78 79  | Next Page >