Search Results

Search found 11785 results on 472 pages for 'password protection'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 73/472 | < Previous Page | 69 70 71 72 73 74 75 76 77 78 79 80  | Next Page >

  • Does MySQL have some kind of DoS protection or per-user query limit?

    - by Ghostrider
    I'm a bit at a loss. I'm running a MySQL database that's roughly 1GB data in indices combined on a dedicated Linux server. DB version is '5.0.89-community'. Configuration is controlled via cPanel. PHP actually runs elsewhere on a shared hosting. IP addresses are static and don't change. Access from remote IP address is properly configured. Website gets around 10K hits per day with each hit generating a a database query. Some of these queries are expensive (~1 sec execution time). All is fine and well until at some point DB server starts refusing connections from the client, claiming that specific user can't access the server from that IP. Resetting the server will always fix the problem for a day or two and then the same thing happens. There are some other DBs on that server, some of which are hit pretty hard on occasion but constantnly. One of the apps maintains several persistent connections since it does couple of updates per minute. Though I don't think it's related. What's driving me mad is that I can't figure out why server would start refusing connections. There is nothing in the logs. This server is a hosted dedicated server so hosting company created the OS image and I didn't write or go over every line of configuration. I'd do it but I'm at a loss as to where start looking. Any advice is appreciated.

    Read the article

  • How to generate the right password format for Apache2 authentication in use with DBD and MySQL 5.1?

    - by Walkman
    I want to authenticate users for a folder from a MySQL 5.1 database with AuthType Basic. The passwords are stored in plain text (they are not really passwords, so doesn't matter). The password format for apache however only allows for SHA1, MD5 on Linux systems as described here. How could I generate the right format with an SQL query ? Seems like apache format is a binary format with a lenght of 20, but the mysql SHA1 function return 40 long. My SQL query is something like this: SELECT CONCAT('{SHA}', BASE64_ENCODE(SHA1(access_key))) FROM user_access_keys INNER JOIN users ON user_access_keys.user_id = users.id WHERE name = %s where base64_encode is a stored function (Mysql 5.1 doesn't have TO_BASE64 yet). This query returns a 61 byte BLOB which is not the same format that apache uses. How could I generate the same format ? You can suggest other method for this too. The point is that I want to authenticate users from a MySQL5.1 database using plain text as password.

    Read the article

  • How should I set up protection for the database against sql injection when all the php scripts are flawed?

    - by Tchalvak
    I've inherited a php web app that is very insecure, with a history of sql injection. I can't fix the scripts immediately, I rather need them to be running to have the website running, and there are too many php scripts to deal with from the php end first. I do, however, have full control over the server and the software on the server, including full control over the mysql database and it's users. Let's estimate it at something like 300 scripts overall, 40 semi-private scripts, and 20 private/secure scripts. So my question is how best to go about securing the data, with the implicit assumption that sql injection from the php side (e.g. somewhere in that list of 300 scripts) is inevitable? My first-draft plan is to create multiple tiers of different permissioned users in the mysql database. In this way I can secure the data & scripts in most need of securing first ("private/secure" category), then the second tier of database tables & scripts ("semi-private"), and finally deal with the security of the rest of the php app overall (with the result of finally securing the database tables that essentially deal with "public" information, e.g. stuff that even just viewing the homepage requires). So, 3 database users (public, semi-private, and secure), with a different user connecting for each of three different groups of scripts (the secure scripts, the semi-private scripts, and the public scripts). In this way, I can prevent all access to "secure" from "public" or from "semi-private", and to "semi-private" from "public". Are there other alternatives that I should look into? If a tiered access system is the way to go, what approaches are best?

    Read the article

  • Does the password get sent in the clear when connecting to Sql-Server?

    - by Scott Chamberlain
    I was asked this today and I honestly did not know the answer. If you connect using a connection string without sspi to a server is there any way a 3rd party can intercept on the wire the password used to log in? "Data Source=MyServer;Initial Catalog=MyDatabase;User Id=sa;Password=CanThisBeSniffed;" I am not asking about MiTM attacks just someone listing on the same computer or on the same hub on the network with wireshark or something similar running. I fired up wireshark myself and did not see it in plain text but it could be a simple obfuscation or proper encryption, I just wanted to know which.

    Read the article

  • Suggestions? Password & Encrypted Read/Write File like a Mac (.dmg or .SparseBundle) also R/W on Windows, Ubuntu

    - by Jeff Drew
    For years I have used .dmg or .sparsebundle (Encrypted and Password Protected) to safely keep home directory backups on my Mac. Now, I am looking for a similar Full Permissions/Read/Write that maintains an encrypted, and password protected file that it Tri-Platform. I'd like to have the future ability to use it on Mac OS X, Windows 7/8, and Ubuntu (current releases+). I appreciate your recommendations. Thank you. (I like mounting a DMG and having a file directory structure that can be easily maintained and organized. When done, un-mounting the file.) (I've seen Windows tools to open encrypted DMG files? and I will explore these options, but with the desire to also keep the file accessible on on three OSes, someone might have additional suggestions.)

    Read the article

  • How can I implement ansible with per-host passwords, securely?

    - by supervacuo
    I would like to use ansible to manage a group of existing servers. I have created an ansible_hosts file, and tested successfully (with the -K option) with commands that only target a single host ansible -i ansible_hosts host1 --sudo -K # + commands ... My problem now is that the user passwords on each host are different, but I can't find a way of handling this in Ansible. Using -K, I am only prompted for a single sudo password up-front, which then seems to be tried for all subsequent hosts without prompting: host1 | ... host2 | FAILED => Incorrect sudo password host3 | FAILED => Incorrect sudo password host4 | FAILED => Incorrect sudo password host5 | FAILED => Incorrect sudo password Research so far: a StackOverflow question with one incorrect answer ("use -K") and one response by the author saying "Found out I needed passwordless sudo" the Ansible docs, which say "Use of passwordless sudo makes things easier to automate, but it’s not required." (emphasis mine) this security StackExchange question which takes it as read that NOPASSWD is required article "Scalable and Understandable Provisioning..." which says: "running sudo may require typing a password, which is a sure way of blocking Ansible forever. A simple fix is to run visudo on the target host, and make sure that the user Ansible will use to login does not have to type a password" article "Basic Ansible Playbooks", which says "Ansible could log into the target server as root and avoid the need for sudo, or let the ansible user have sudo without a password, but the thought of doing either makes my spleen threaten to leap up my gullet and block my windpipe, so I don’t" My thoughts exactly, but then how to extend beyond a single server? ansible issue #1227, "Ansible should ask for sudo password for all users in a playbook", which was closed a year ago by mpdehaan with the comment "Haven't seen much demand for this, I think most people are sudoing from only one user account or using keys most of the time." So... how are people using Ansible in situations like these? Setting NOPASSWD in /etc/sudoers, reusing password across hosts or enabling root SSH login all seem rather drastic reductions in security.

    Read the article

  • configure HTTPS server on a cisco router

    - by Sara
    For the past week I was trying to configure an HTTPS server on a cisco 2900 router, I've used the following commands and assigned a username and password to privilege 15 however, when Im trying to access a given ip it requires a username and password however when I insert the username and password I configured it does not allow me to enter and i'm not sure where the problem is. Router(config)# ip http secure-server Router(config)# ip http authentication local These were the commands i used for the https server and also I used the following to assign the username and password Router(config)#username name privilege 15 secret 0 password where 'name' and 'password' represent the username and password respectively I'm trying to access the 192.168.14.1 interface on the router and the username and password i created are not authorized to enter (I got the commands from a cisco router manual)

    Read the article

  • Samba users not added untill they logon first? Edit: How do I add users to tdbsam without a password prompt?

    - by glisignoli
    I add users to my server with the command useradd -m -p PASS_HASH -s /usr/sbin/nologin USERNAME Then I try to access their samba home share, but it never shows up until I login with the user: root:~$sudo login failtest Password:###### Added user failtest. Is there some way of added the user without logging in? Edit: The problem is that the user is added with the useradd command, but ubuntu seems to run an initalisation script when the user logs on for the first time. This script then adds that user to the tdbsam user database. Finding the initalisation script or the method it uses to add a user to the tdbsam database without requiring any user input (as smbpasswd -a USER prompts the user for a password). So all I need is a way to add a user+pass to the tdbsam database without prompting a user for a password (eg: samaba-add-user.sh USERNAME PASSWORD).

    Read the article

  • How secure is using "Normal password" for SMTP with connection type = STARTTLS?

    - by harshath.jr
    I'm using an email client for the first time - for the most part I've always used gmail via the web interface. Now I'm setting up thunderbird to connect to an email server of my own (on my own server, own domain name, etc). The server machine (and the email server on it) was preconfigured for me. Now i figured out away by which I'm able to send and receive email, but I noticed that in the outgoing and incoming servers section, the connection type was STARTTLS (and not SSL/TLS), and the Authentication Type was "Normal Password". Does this mean that the password will be sent across in plain text? I'm very paranoid about security - its the only way that it works for me. Can someone please post links that explain how SMTP (my outbound server) and IMAP (my inbound server) servers work, and what connection type means what? Thanks! PS: If this question does not belong here, please redirect me.

    Read the article

  • Does ZFS replace the need for hardware/software RAID?

    - by user53744
    I want to provide protection against data loss on my servers. Typically, I'd use hardware RAID 1 or 5, but I've been reading up on ZFS. Is it correct that ZFS itself provides RAID 1 or 5 like data protection WITHOUT needing a RAID controller card? If so, I assume a single hard drive is not enough to provide data protection since if that drive fails, all data fails, so how many hard drives do I need to be running for ZFS to provide this protection?

    Read the article

  • TrueCrypt - "Warning! Password locked: Fixed disk0" error message on boot

    - by Tibi
    TrueCrypt - "Warning! Password locked: Fixed disk0" error message on boot. When i start my laptop (Acer TravelMate 2410). after the starting memory check, the screen goes full black, and a message appears for about 3 seconds: Warning! Password locked: Fixed disk0 and after that, disappears, and next message comes out: Operating System Not Found and all stops here. Windows Xp was installed on it, before this came. TrueCrypt cd (witch was made during the process of full encryption) is not working, not in restoring MBR, no even in decrypting my drive - completely useless. Note: I detected some short of boot sector errors (i dont know the amount) on my drive before this happened. Please, i would greatfully thank every comment, or suggestion, because my computer is unusable now. The HDD is a Samsung HDD, 160Gb. Other preferences: Acer TravelMate 2410 Notebook, 2 Gb RAM, 1500 Mhz Intel Celeron M processor. Regards

    Read the article

  • Why do I have to enter my password every time I activate / deactivate AirPort (WiFi) on my MacBook P

    - by Another Registered User
    I use Snow Leopard, and I'm used to activate / deactivate WiFi like 20 times per day. The reason is that WiFi stops working properly after a few minutes of use. So every time I try to surf, I must stop/reactivate it first. But now, suddenly I have to enter my user password every time I want to do it. It's so annoying! The dialogue details say: Right: com.apple.airport.power Program: SystemUIServer What can I do that the Mac won't ask me for the password every time? It's hard enough that I have to stop/reactivate WiFi all the time (hardware bug). I have a admin account with full rights.

    Read the article

  • How can I disable write protection in my USB flash drive?

    - by 97847658
    My USB flash drive is currently unusable because it somehow (quite suddenly!) became write protected. I have googled around and tried many solutions to this problem, but none of them have worked so far. Here are some of the solutions I've tried: The drive has no tangible switch or button. Formatting the drive won't work, even in command line, even "low level formatting", because the drive is (after all) write protected. Changing certain registry keys to 0 doesn't seem to work. Repair_Neo2.9.exe says "USB Flash Disk not found!" One factor that may make it more difficult to find a solution: I have no idea what the make or model is, because I received the USB flash drive from my university as a gift. So if anyone knows how to find the make and model, that alone might be helpful. Any ideas? Thanks.

    Read the article

  • Non-volatile cache RAID controllers: what kind of protection is there against NVCACHE failure?

    - by astrostl
    The battery back-up (BBU) model: admin enables write-back cache with BBU writes are cached to the RAID controller's RAM (major performance benefit) the battery saves uncommitted and cached data in the event of a power loss (reliability) If I lose power and come back within a day or so, my data should be both complete and uncorrupted. The downside to this is that, if the battery is dead or low, OR EVEN IF IT IS IN A RELEARN CYCLE (drain/charge loops to ensure the battery's health), the controller reverts to write-through mode and performance will suffer. What's more, the relearn cycles are usually automated on a schedule which may or may not happen in the middle of big traffic. So, that has to be manually disabled and manually scheduled for off-hours if it's a concern. Annoying either way. NV caches have capacitors with a sufficient charge to commit any uncommitted-to-disk data to flash. Not only is that more survivable in longer loss situations, but you don't have to concern yourself with battery death, wear-out, or relearning. All of that sounds great to me. What doesn't sound great to me is the prospect of that flash module having an issue, though. What if it's completely hosed? What if it's only partially hosed? A bit corrupted at the edges? Relearn cycles can tell when something like a simple battery is failing, but is there a similar process to verify that the flash is functional? I'm just far more trusting of a battery, warts and all. I know the card's RAM can fail, the card itself can fail - that's common territory, though. In case you didn't guess, yeah, I've experienced a shocking-to-me amount of flash/SSD/etc. failure :)

    Read the article

  • input field placeholder in jQuery

    - by Hristo
    I'm trying to create a Login page, not worrying about actually logging in yet, but I'm trying to achieve the effect where there is some faded text inside the input field and when you click on it, the text disappears or if you click away the text reappears. I have this working for my "Username" input field, but the "Password" field is giving me problems because I can't just do $("#password").attr("type","password"). Here's my code: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Insert title here</title> <!-- Links --> <link rel="stylesheet" type="text/css" href="style.css" /> <!-- Scripts --> <script type="text/javascript" src="jQuery.js"></script> <script> // document script $(document).ready(function(){ // login box event handler $('#login').click(function(){ $('.loginBox').animate({ height: '150px' }, '1000' ); $('#username').show(); // add pw placeholder field $('#password').after('<input type="text" id="placeHolder" value="Password" class="placeHolder" />'); $('#password').hide(); }); // username field focus and blur event handlers $('#username').focus(function() { if($(this).hasClass('placeHolder')){ $(this).val(''); $(this).removeClass('placeHolder'); } }); $('#username').blur(function() { if($(this).val() == '') { $(this).val('Username'); $(this).addClass('placeHolder'); } }); // password field focus and blur event handlers $('#placeHolder').focus(function() { $('#placeHolder').hide(); $('#password').show(); $('#password').focus(); }); $('#password').blur(function() { if($('#password').val() == '') { $('#placeHolder').show(); $('#password').hide(); } }); }); </script> </head> <body> <div id="loginBox" class="loginBox"> <a id="login">Proceed to Login</a><br /> <div id="loginForm"> <form> <input type="text" id="username" class="placeHolder" value="Username" /> <input type="password" id="password" class="placeHolder" value="" /> </form> </div> </div> </body> </html> Right now, I can click on the password input box and type in it, but the text is not disappearing and the "type" doesn't get set to "password"... the new input field I create isn't being hidden, it just stays visible, and I'm not sure where the problem is. Any ideas? Thanks, Hristo

    Read the article

  • Error connecting to online fossil repository after changing password.

    - by Toby Allen
    I set up a fossil repository on a shared hosting account I have. I created a perl script fossil.pl that points to a cloned repository that I put up on the webspace. I set all the correct permissions (755). When I go to fossil.pl I get the web ui. Everythings cool. However I'm having a problem with pushes and hoping someone could point me to a solution. When I clone a repository it sets a new password for me (Toby) in the new cloned repository. If I push to this repository online without changing the password it works fine, I can push up changes from my local machine to the online repository. However once I change the password for Toby (to something more easily remembered by me) I get the following error. Bytes Cards Artifacts Deltas Send: 1810 9 0 2 1Server Error: not authorized to write fossil: server says: not authorized to write Anyone know why this is happening? Anyone know how to fix it?

    Read the article

  • Copying (or recovering) a .PFX password to another machine?

    - by Adam Robinson
    First things first, I'm aware of all of the finger-wagging potential that this question provides. However, I'm attempting to help out a friend with a project so I haven't been part of the decision making process thus far. I'm attempting to set up a new development machine, but one of the projects is signed with a .PFX key that's password protected and the original developer does not remember the password. The current development machine can open and build the project just fine, so I'm wondering if there is any way either to copy or to recover the saved password that Visual Studio is using on the original box so that the file can be used on the new box. Signing with a new file is obviously an option, but one that we'd prefer to avoid. Does anyone know of a way either to recover or copy the credentials for this file to a new machine?

    Read the article

  • Rails: Accessing the username/password used for HTTP Basic Auth?

    - by Shpigford
    I'm building a basic API where user information can be retrieved after that user's login and password are correctly sent. Right now I'm using something like this: http://foo:[email protected]/api/user.xml So, what I need to do is access the user/password sent in the request (the foo and bar) but am not sure how to access that info in a Rails controller. Then I'd check those variables via a quick User.find and then set those as the username and password variables for authenticate_or_request_with_http_basic. It's possible I'm looking at this at the completely wrong way, but that's where I'm at right now. :)

    Read the article

  • Symfony 1.3 and forms: the password changes when i click on 'Save', why??

    - by user248959
    Hi, i have installed sfDoctrineGuardUser and have created this model that inherits sfGuardUser model: Usuario: inheritance: extends: sfGuardUser type: simple columns: nombre_apellidos: string(60) sexo: boolean fecha_nac: date provincia: string(60) localidad: string(255) email_address: string(255) avatar: string(255) avatar_mensajes: string(255) I have also created a module called 'miembros' based on that model. Well, I log normally through sfGuardAuth/signin, then i go to "miembros/edit/id/$id_of_the_member_i_used_to_log_in" and push 'Save' button. Then i logout. If i try to log in again, it says: "The username and/or password is invalid". Later, i have realized that when click 'Save' the value of the field 'password' changes (well its encrypted version). So that is the reason why i can not then log in. But, why the value of the password change when i click on 'Save' ??? Regards Javi

    Read the article

  • Why does my PDF ask for a password after being retrieved from Visual SourceSafe?

    - by Schnapple
    PREFACE: Yes we're moving away from VSS in the next few months. One of my web projects contains, as one of its files, a PDF. The PDF on our QA site is being pulled from VSS. A QA tester recently told me he's being prompted for a password when he tries to open it. VSS says the file I have on disk is different than the one it has, so I updated it, but afterwards it's still being shown as different. So basically VSS is mangling my PDF and the results are so wobbly that Adobe Acrobat Reader is confused and thinks it has a password. I've tried adding it as Auto-Detect and as Binary. Same results. Why does my PDF ask for a password after being retrieved from Visual SourceSafe and how can I prevent it?

    Read the article

  • How to change a Datasource's username/password at runtime in a J2EE app?

    - by Toto
    I've deployed a web-module which connects to the database via a datasource configured in the J2EE application server. Currently, the user/password for the database connection is set in the proper J2EE application server's datasources configuration file. I want to change during runtime the datasource's user/password. (e.g.: implement a new web form in which the user is asked to enter de user/password to be used in the database connection). Is there a standard way to do that in J2EE applications or it depends on the J2EE application server? In this case I'm using Orion application server.

    Read the article

  • MD5 hash validation failing for unknown reason in PHP

    - by Sennheiser
    I'm writing a login form, and it converts the given password to an MD5 hash with md5($password), then matches it to an already-hashed record in my database. I know for sure that the database record is correct in this case. However, it doesn't log me in and claims the password is incorrect. Here's my code: $password = mysql_real_escape_string($_POST["password"]); ...more code... $passwordQuery = mysql_fetch_row(mysql_query(("SELECT password FROM users WHERE email = '$userEmail'"))); ...some code... elseif(md5($password) != $passwordQuery) { $_SESSION["noPass"] = "That password is incorrect."; } ...more code after... I tried pulling just the value of md5($password) and that matched up when I visually compared it. However, I can't get the comparison to work in PHP. Perhaps it is because the MySQL record is stored as text, and the MD5 is something else?

    Read the article

  • How do I password protect IIS in a method analogous to Apache's AuthType / AuthUserFile mechanism?

    - by Matt
    I'm used to doing basic password protection for Apache w/ the following method in Apache config files: AuthType Basic AuthName "By Invitation Only" AuthUserFile /path/to/.htpasswd Require valid-user However, I've been asked to put some protection on a subdirectory of a site running ColdFusion on top of IIS6, and I'm unfamiliar with how to do this. How is this done? What should I look out for? I just need to password protect an administrative subdirectory, so I don't need a full user login system - just something that limits who can access the section of the site.

    Read the article

  • jQuery: What listener do I use to check for browser auto filling the password input field?

    - by Jannis
    Hi, I have a simple problem that I cannot seem to find a solution to. Basically on this website here: http://dev.supply.net.nz/vendorapp/ (currently in development) I have some fancy label animations sliding things in and out on focus & blur. However once the user has logged in once the browser will most likely remember the password associated with the users email address/login. (Which is good and should not be disabled.) However I run into issues triggering my label slide out animation when the browser sets the value on the #password field automatically as the event for this is neither focus nor blur. Does anyone know which listener to use to run my function when the browser 'auto fills' the users password? Here is a quick screenshot of the issue:

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 69 70 71 72 73 74 75 76 77 78 79 80  | Next Page >