Search Results

Search found 2089 results on 84 pages for 'symmertric encryption'.

Page 77/84 | < Previous Page | 73 74 75 76 77 78 79 80 81 82 83 84  | Next Page >

  • Uncompress OpenOffice files for better storage in version control

    - by Craig McQueen
    I've heard discussion about how OpenOffice (ODF) files are compressed zip files of XML and other data. So making a tiny change to the file can potentially totally change the data, so delta compression doesn't work well in version control systems. I've done basic testing on an OpenOffice file, unzipping it and then rezipping it with zero compression. I used the Linux zip utility for my testing. OpenOffice will still happily open it. So I'm wondering if it's worth developing a small utility to run on ODF files each time just before I commit to version control. Any thoughts on this idea? Possible better alternatives? Secondly, what would be a good and robust way to implement this little utility? Bash shell that calls zip (probably Linux only)? Python? Any gotchas you can think of? Obviously I don't want to accidentally mangle a file, and there are several ways that could happen. Possible gotchas I can think of: Insufficient disk space Some other permissions issue that prevents writing the file or temporary files ODF document is encrypted (probably should just leave these alone; the encryption probably also causes large file changes and thus prevents efficient delta compression)

    Read the article

  • Rijndael managed: plaintext length detction

    - by sheepsimulator
    I am spending some time learning how to use the RijndaelManaged library in .NET, and developed the following function to test encrypting text with slight modifications from the MSDN library: Function encryptBytesToBytes_AES(ByVal plainText As Byte(), ByVal Key() As Byte, ByVal IV() As Byte) As Byte() ' Check arguments. If plainText Is Nothing OrElse plainText.Length <= 0 Then Throw New ArgumentNullException("plainText") End If If Key Is Nothing OrElse Key.Length <= 0 Then Throw New ArgumentNullException("Key") End If If IV Is Nothing OrElse IV.Length <= 0 Then Throw New ArgumentNullException("IV") End If ' Declare the RijndaelManaged object ' used to encrypt the data. Dim aesAlg As RijndaelManaged = Nothing ' Declare the stream used to encrypt to an in memory ' array of bytes. Dim msEncrypt As MemoryStream = Nothing Try ' Create a RijndaelManaged object ' with the specified key and IV. aesAlg = New RijndaelManaged() aesAlg.BlockSize = 128 aesAlg.KeySize = 128 aesAlg.Mode = CipherMode.ECB aesAlg.Padding = PaddingMode.None aesAlg.Key = Key aesAlg.IV = IV ' Create a decrytor to perform the stream transform. Dim encryptor As ICryptoTransform = aesAlg.CreateEncryptor(aesAlg.Key, aesAlg.IV) ' Create the streams used for encryption. msEncrypt = New MemoryStream() Using csEncrypt As New CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write) Using swEncrypt As New StreamWriter(csEncrypt) 'Write all data to the stream. swEncrypt.Write(plainText) End Using End Using Finally ' Clear the RijndaelManaged object. If Not (aesAlg Is Nothing) Then aesAlg.Clear() End If End Try ' Return the encrypted bytes from the memory stream. Return msEncrypt.ToArray() End Function Here's the actual code I am calling encryptBytesToBytes_AES() with: Private Sub btnEncrypt_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnEncrypt.Click Dim bZeroKey As Byte() = {&H0, &H0, &H0, &H0, &H0, &H0, &H0, &H0, &H0, &H0, &H0, &H0, &H0, &H0, &H0, &H0} PrintBytesToRTF(encryptBytesToBytes_AES(bZeroKey, bZeroKey, bZeroKey)) End Sub However, I get an exception thrown on swEncrypt.Write(plainText) stating that the 'Length of the data to encrypt is invalid.' However, I know that the size of my key, iv, and plaintext are 16 bytes == 128 bits == aesAlg.BlockSize. Why is it throwing this exception? Is it because the StreamWriter is trying to make a String (ostensibly with some encoding) and it doesn't like &H0 as a value?

    Read the article

  • How does browser know when to prompt user to save password?

    - by Eric
    This is related to the question I asked here: http://stackoverflow.com/questions/2382329/how-can-i-get-browser-to-prompt-to-save-password This is the problem: I CAN'T get my browser to prompt me to save the password for the site I'm developing. (I'm talking about the bar that appears sometimes when you submit a form on Firefox, that says "Remember the password for yoursite.com? Yes / Not now / Never") This is super frustrating because this feature of Firefox (and most other modern browsers, which I hope work in a similar fashion) seems to be a mystery. It's like a magic trick the browser does, where it looks at your code, or what you submit, or something, and if it "looks" like a login form with a username (or email address) field and a password field, it offers to save. Except in this case, where it's not offering my users that option after they use my login form, and it's making me nuts. :-) (I checked my Firefox settings-- I have NOT told the browser "never" for this site. It should be prompting.) My question: exactly what the heuristics are that Firefox (or any other modern browser) uses to know when it should prompt the user to save? This shouldn't be too difficult to answer, since it's right there in the Mozilla source (I don't know where to look or else I'd try to dig it out myself). You'd think there would be a blog post or some other similar developer note from the Mozilla developers about this but I can't find that either. (* Note that if your answer to me has anything to do with cookies, encryption or anything else that is about how I'm storing the user's passwords in the database, you've probably misread my question. :-)

    Read the article

  • Designing secure consumer blackberry application

    - by Kiran Kuppa
    I am evaluating a requirement for a consumer blackberry application that places high premium on security of user's data. Seems like it is an insurance company. Here are my ideas on how I could go about it. I am sure this would be useful for others who are looking for similar stuff Force the user to use device password. (I am guessing that this would be possible - though not checked it yet). Application can request notifications when the device is about to be locked and just after it has been unlocked. Encryption of application specific data can be managed at those times. Application data would be encrypted with user's password. User's credentials would be encrypted with device password. Remote backup of the data could be done over HTTPS (any better ideas are appreciated) Questions: What if the user forgets his device password. If the user forgets his application password, what is the best and secure way to reset the password? If the user losses the phone, remote backup must be done and the application data must be cleaned up. I have some ideas on how to achieve (3) and shall share them. There must be an off-line verification of the user's identity and the administrator must provide a channel using which the user must be able to send command to the device to perform the wiping of application data. The idea is that the user is ALWAYS in control of his data. Without the user's consent, even the admin must not be able to do activities such as cleaning up the data. In the above scheme of things, it appears as if the user's password need not be sent over the air to server. Am I correct? Thanks, --Kiran Kumar

    Read the article

  • m2crypto aes-256-cbc not working against encoded openssl files.

    - by Gary
    $ echo 'this is text' > text.1 $ openssl enc -aes-256-cbc -a -k "thisisapassword" -in text.1 -out text.enc $ openssl enc -d -aes-256-cbc -a -k "thisisapassword" -in text.enc -out text.2 $ cat text.2 this is text I can do this with openssl. Now, how do I do the same in m2crypto. Documentation is lacking this. I looked at the snv test cases, still nothing there. I found one sample, http://passingcuriosity.com/2009/aes-encryption-in-python-with-m2crypto/ (changed to aes_256_cbc), and it will encrypted/descrypt it's own strings, but it cannot decrypt anything made with openssl, and anything it encrypts isn't decryptable from openssl. I need to be able enc/dec with aes-256-cbc as have many files already encrypted with this and we have many other systems in place that also handle the aes-256-cbc output just fine. We use password phrases only, with no IV. So setting the IV to \0 * 16 makes sense, but I'm not sure if this is also part of the problem. Anyone have any working samples of doing AES 256 that is compatible with m2crypto? I will also be trying some additional libraries and seeing if they work any better.

    Read the article

  • Login for webapp, needs to be availible for supportstaff

    - by Christian W
    I know the title is a little off, but it's hard to explain the problem in a short sentence. I am the administrator of a legacy webapp that lets users create surveys and distribute them to a group of people. We have two kinds of "users". 1. Authorized licenseholders which does all setup themselves. 2. Clients who just want to have a survey run, but still need a user (because the webapp has "User" as the top entity in a surveyenvironment.) Sometimes users in #1 want's us to do the setup for them (which we offer to do). This means that we have to login as them. This is also how we do support, we login as them and then follow them along, guiding them. Which brings me to my dilemma. Currently our security is below par. But this makes it simple for us to do support. We do want to increase our security, and one thing I have been considering is just doing the normal hashing to DB, however, we need to be able to login as a customer, and if they change their password without telling us, and the password is hashed in the db, we have no way of knowing it. So I was thinking of some kind of twoway encryption for the passwords. Either that or some kind of master password. Any suggestions? (The platform is classic ASP... I said it was legacy...)

    Read the article

  • How is unautenticated site navigation handled in ASP.NET?

    - by Code Sherpa
    Hi. I am wondering how to do the following... I have a registration system. When the user successfully registers, he is then led down a series of data gathering pages (for his profile) and then, finally, ends on his profile's home page where he can start to use the site. All this happens without ever logging into the system so, he is unauthenticated and unconfirmed. My question is, how does this happen? How can I allow my user to be unauthenticated (and unconfirmed, but this I understand) and use all aspects of the Web site? The way I have things set up right now, my code should be doing this: case CreateProfileStatus.Success: //FormsAuthentication.SetAuthCookie(userName, false); Response.Redirect("NextPage.aspx", false); break; but, I am being redirected to the login page after registration which is not the result I want. This is what the relevant nodes in my web.config look like: <authentication mode="Forms"> <forms name=".AuthCookie" loginUrl="default.aspx" protection="All"/> </authentication> <authorization> <deny users="?"/> <allow roles="Administrators" /> </authorization> <anonymousIdentification enabled="true" cookieName=".ASPXANONYMOUS" cookieTimeout="100000" cookiePath="/" cookieRequireSSL="false" cookieSlidingExpiration="true" cookieProtection="Encryption" cookieless="UseCookies" domain="" /> When the user logs out after the registration and initial interaction with the site he will be required to log in upon return. At this point he must be authenticated but does not need to be confirmed for a period of time. Eventually, he will be reminded. So, how is this done? Thanks in advance.

    Read the article

  • Alternatives to using web.config to store settings (for complex solutions)

    - by Brian MacKay
    In our web applications, we seperate our Data Access Layers out into their own projects. This creates some problems related to settings. Because the DAL will eventually need to be consumed from perhaps more than one application, web.config does not seem like a good place to keep the connection strings and some of the other DAL-related settings. To solve this, on some of our recent projects we introduced a third project just for settings. We put the setting in a system of .Setting files... With a simple wrapper, the ability to have different settings for various enviroments (Dev, QA, Staging, Production, etc) was easy to achieve. The only problem there is that the settings project (including the .Settings class) compiles into an assembly, so you can't change it without doing a build/deployment, and some of our customers want to be able to configure their projects without Visual Studio. So, is there a best practice for this? I have that sense that I'm reinventing the wheel. Some solutions such as storing settings in a fixed directory on the server in, say, our own XML format occurred to us. But again, I would rather avoid having to re-create encryption for sensitive values and so on. And I would rather keep the solution self-contained if possible. EDIT: The original question did not contain the really penetrating reason that we can't (I think) use web.config ... That puts a few (very good) answers out of context, my bad.

    Read the article

  • Login for webapp, needs to be available for support staff

    - by Christian W
    I know the title is a little off, but it's hard to explain the problem in a short sentence. I am the administrator of a legacy webapp that lets users create surveys and distribute them to a group of people. We have two kinds of "users". Authorized licenseholders which does all setup themselves. Clients who just want to have a survey run, but still need a user (because the webapp has "User" as the top entity in a surveyenvironment.) Sometimes users in #1 want us to do the setup for them (which we offer to do). This means that we have to login as them. This is also how we do support: we login as them and then follow them along, guiding them. Which brings me to my dilemma. Currently our security is below par. But this makes it simple for us to do support. We do want to increase our security, and one thing I have been considering is just doing the normal hashing to DB, however, we need to be able to login as a customer, and if they change their password without telling us, and the password is hashed in the db, we have no way of knowing it. So I was thinking of some kind of twoway encryption for the passwords. Either that or some kind of master password. Any suggestions? (The platform is classic ASP... I said it was legacy...)

    Read the article

  • Reversible pseudo-random sequence generator

    - by user350651
    I would like some sort of method to create a fairly long sequence of random numbers that I can flip through backwards and forwards. Like a machine with "next" and "previous" buttons, that will give you random numbers. Something like 10-bit resolution (i.e. positive integers in a range from 0 to 1023) is enough, and a sequence of 100k numbers. It's for a simple game-type app, I don't need encryption-strength randomness or anything, but I want it to feel fairly random. I have a limited amount of memory available though, so I can't just generate a chunk of random data and go through it. I need to get the numbers in "interactive time" - I can easily spend a few ms thinking about the next number, but not comfortably much more than that. Eventually it will run on some sort of microcontroller, probably just an Arduino. I could do it with a simple linear congruential generator (LCG). Going forwards is simple, to go backwards I'd have to cache the most recent numbers and store some points at intervals so I can recreate the sequence from there. But maybe there IS some pseudo-random generator that allows you to go both forwards and forwards? It should be possible to hook up two linear feedback shift registers (LFSRs) to roll in different directions, no? Or maybe I can just get by with garbling the index number using a hash function of some sort? I'm going to try that first. Any other ideas?

    Read the article

  • Incorporating Devise Authentication into an already existing user structure?

    - by Kevin
    I have a fully functional authentication system with a user table that has over fifty columns. It's simple but it does hash encryption with salt, uses email instead of usernames, and has two separate kinds of users with an admin as well. I'm looking to incorporate Devise authentication into my application to beef up the extra parts like email validation, forgetting passwords, remember me tokens, etc... I just wanted to see if anyone has any advice or problems they've encountered when incorporating Devise into an already existing user structure. The essential fields in my user model are: t.string :first_name, :null => false t.string :last_name, :null => false t.string :email, :null => false t.string :hashed_password t.string :salt t.boolean :is_userA, :default => false t.boolean :is_userB, :default => false t.boolean :is_admin, :default => false t.boolean :active, :default => true t.timestamps For reference sake, here's the Devise fields from the migration: t.database_authenticatable :null => false t.confirmable t.recoverable t.rememberable t.trackable That eventually turn into these actual fields in the schema: t.string "email", :default => "", :null => false t.string "encrypted_password", :limit => 128, :default => "", :null => false t.string "password_salt", :default => "", :null => false t.string "confirmation_token" t.datetime "confirmed_at" t.datetime "confirmation_sent_at" t.string "reset_password_token" t.string "remember_token" t.datetime "remember_created_at" t.integer "sign_in_count", :default => 0 t.datetime "current_sign_in_at" t.datetime "last_sign_in_at" t.string "current_sign_in_ip" t.string "last_sign_in_ip" t.datetime "created_at" t.datetime "updated_at" What do you guys recommend? Do I just remove email, hashed_password, and salt from my migration and put in the 5 Devise migration fields and everything will be OK or do I need to do something else?

    Read the article

  • Execute binary from memory in C# .net with binary protected from a 3rd party software

    - by NoobTom
    i've the following scenario: i've a C# application.exe i pack application.exe inside TheMida, a software anti-piracy/reverse engineering. i encrypt application.exe with aes256. (i wrote my own aes encryption/decryption and it is working) Now, when i want to execute my application i do the following: decrypt application.exe in memory execute the application.exe with the following code: BinaryReader br = new BinaryReader(decOutput); byte[] bin = br.ReadBytes(Convert.ToInt32(decOutput.Length)); decOutput.Close(); br.Close(); // load the bytes into Assembly Assembly a = Assembly.Load(bin); // search for the Entry Point MethodInfo method = a.EntryPoint; if (method != null) { // create an istance of the Startup form Main method object o = a.CreateInstance(method.Name); // invoke the application starting point method.Invoke(o, null); the application does not execute correctly. Now, the problem i think, is that this method is only to execute .NET executable. Since i packed my application.exe inside TheMida this does not work. Is there a workaround to this situation? Any suggestion? Thank you in advance.

    Read the article

  • How to achieve high availability?

    - by tanyehzheng
    My boss wants to have a system that takes into concern of continent wide catastrophic event. He wants to have two servers in US and two servers in Asia (1 login server and 1 worker server in each continent). In the event that earthquake breaks the connection between the two continents, both should work alone. When the connection is revived, they should sync each other back to normal. External cloud system not allowed as he has no confidence. The system should take into account of scalability which means addition of new servers should be easy to configure. The servers should be load balanced. The connection between the servers should be very secure(encrypted and send through SSL although SSL takes care of encryption). The system should let one and only one user log in with one account. (beware of latency between continent and two users sharing account may reach both login server at the same time) Please help. I'm already at the end of my wit. Thank you in advance.

    Read the article

  • Spring 2.0.0/2.0.6 to 3.0.5 migration stories

    - by Pangea
    We are in the process of migrating to 3.0.5 of spring from 2.0.x. We mainly use spring in below scenarios custom scope: thread local scope persistence: jdbc+hibernate 3.6 (but moving to mix of ejb 3.0+jpa 2.0+hibernate, not sure if all 3 can co-exist in 1 app) transactions: local (but planning to use jta due to the necessity of using multiple persistence inits, and has to use ejb+jpa+hibernate in 1 single trans), declarative trans mgmt parent-child contexts cxf annotations+xml OracleLobHandler Resource/ResourceBundleMessageResource JSF/Facelets with FacesSpringVariableResolver ActiveMQ integration Quartz integration TaskExecutor JMX exporter HttpExporter/Invoker Appreciate if someone can share their experiences like what to watch out for head aches/pain points which ones to drop for better alternate choices in new 3.0.5 release Is it better to switch from commons/iscreen validator to Hibernate Validator (Spec impl) or Spring Validator Is there a bean mapping framework in spring that i can use instead of Dozer XSLT transformation helper: currently we have small homegrown framework to cache xslts during load. if spring can do that for me then I would like to drop this Encryption/Decryption support. Password generation support. Authentication with SALT any SAML (or claims based secur New ideas Suggestions Switch to latest version of aspectj Upgrade guide from 2.5 to 3.0.5

    Read the article

  • Low-Hanging Fruit: Obfuscating non-critical values in JavaScript

    - by Piskvor
    I'm making an in-browser game of the type "guess what place/monument/etc. is in this satellite/aerial view", using Google Maps JS API v3. However, I need to protect against cheaters - you have to pass a google.maps.LatLng and a zoom level to the map constructor, which means a cheating user only needs to view source to get to this data. I am already unsetting every value I possibly can without breaking the map (such as center and the manipulation functions like setZoom()), and initializing the map in an anonymous function (so the object is not visible in global namespace). Now, this is of course in-browser, client-side, untrusted JavaScript; I've read much of the obfuscation tag and I'm not trying to make the script bullet-proof (it's just a game, after all). I only need to make the obfuscation reasonably hard against the 1337 Java5kryp7 haxz0rz - "kid sister encryption", as Bruce Schneier puts it. Anything harder than base64 encoding would deter most cheaters by eliminating the lowest-hanging fruit - if the cheater is smart and determined enough to use a JS debugger, he can bypass anything I can do (as I need to pass the value to Google Maps API in plaintext), but that's unlikely to happen on a mass scale (there will also be other, not-code-related ways to prevent cheating). I've tried various minimizers and obfuscators, but those will mostly deal with code - the values are still shown verbatim. TL;DR: I need to obfuscate three values in JavaScript. I'm not looking for bullet-proof armor, just a sneeze-guard. What should I use?

    Read the article

  • Cannot open database "DataDir" requested by the login. The login failed

    - by Turkan Caglar
    Hi, I have a single user software that uses SQL Server database 2005. My computer was crushed while my software was on. I saved a copy of my database after I rescued my computer. However my software gives my following message. ( I don't know anything about SQL) However, I guess my database has the last login information. Since software was not shot down properly, it still thinks that I am logged in doesn't allow me to login again. How can I solve the problem? Can you help me? Or do you know any source that I can get help? Cannot open database "DataDir" requested by the login. The login failed ComputerName = GURELS User ID=sa;Initial Catalog=DataDir;Data Source=GURELS\CSS;Application Name=ChefTec User ID=sa;Initial Catalog=CTDir;Data Source=GURELS\CSS;Use Procedure for Prepare=1;Auto Translate=True;Packet Size=4096;Application Name=ChefTec;Workstation ID=GURELS;Use Encryption for Data=False;Tag with column collation when possible=False Thank you very much Turkan e-mail" [email protected] phone:617 259 6644

    Read the article

  • "rsAccessDenied" error for SSRS 2008

    - by JackLocke
    Hi All, I have been trying to access SSRS Web Service URL hxxp://myServer:80/ReportServer (from Reporting Service Configuration Manager), but my IE always shows "rsAccessDenied" message saying that my account doesn't have privilage required to view. Here are my system specs. Its my laptop with Windows 7 x64, and SQL Server 2008 with SP1 and I am using Mixed Mode Authentication with My account as SysAdmin privilages and this is what I have been trying / tried ... (ofcourse with restarting the service everytime I make any change in configuration), I changed service account from Reporting Service Configuration Manager to make it use My account but nothing happend. I tried running my IE as admin, by RUN AS ADMIN but still same message. Then I read somewhere I have to delete/recreate my encryption keys as well, so I tried again with that, then it was asking me to enter ID/PWD to access server here I am totally blank because it was not accepting my account credentials !!!. Weird thing is I can see my existing reports if I follow this URL hxxp://myServer:80/Reports , for which My guess is solely used to view reports. I have read post here about kind of same problem, but it seems that OP just left forum after asking question... Also, MSDN does have these helps hxxp://msdn.microsoft.com/en-us/library/ms156034.aspx hxxp://msdn.microsoft.com/en-us/library/bb630430.aspx but both of this didn't workout for me. I will really appriciate it if any one can help me out. Jack p.s. I was not allowed to post more than 1 URL because of my "reputation" so I had to change the string a bit. Please replace hxxp wih http in URLs.

    Read the article

  • Is anyone familiar with SDPT.clsSDPT?

    - by David Stratton
    Normally I wouldn't ask this kind of question here, but I'm desperate at this point. I'm attempting to support a classic ASP app written by a predecessor who is no longer available. Keeping it short, several applications use a dll to perform encryption of sensitive data. This dll is named SDPT.dll, and the line of code used to create an object is set objSDPT = server.CreateObject("SDPT.clsSDPT") At this point, I am getting errors in a critical app on one of my servers, and I've actually hit a dead end. The error is a standard "Server.CreateObject Failed" message, which I know how to troubleshoot in most cases. However, in this case, all of my normal tries, plus several hours of Google searches are coming up with nothing that works. At this point, I'm not so much looking for help in troubleshooting the issue as I am in finding any sort of reference on this third party component. Even finding that is proving to be difficult, so I'm resorting to asking any of the seasoned developers that hang out here if they are familiar with this product, who it was developed by, and if any documentation on it exists anywhere.

    Read the article

  • How to efficiently convert String, integer, double, datetime to binary and vica versa?

    - by Ben
    Hi, I'm quite new to C# (I'm using .NET 4.0) so please bear with me. I need to save some object properties (their properties are int, double, String, boolean, datetime) to a file. But I want to encrypt the files using my own encryption, so I can't use FileStream to convert to binary. Also I don't want to use object serialization, because of performance issues. The idea is simple, first I need to somehow convert objects (their properties) to binary (array), then encrypt (some sort of xor) the array and append it to the end of the file. When reading first decrypt the array and then somehow convert the binary array back to object properties (from which I'll generate objects). I know (roughly =) ) how to convert these things by hand and I could code it, but it would be useless (too slow). I think the best way would be just to get properties' representation in memory and save that. But I don't know how to do it using C# (maybe using pointers?). Also I though about using MemoryStream but again I think it would be inefficient. I am thinking about class Converter, but it does not support toByte(datetime) (documentation says it always throws exception). For converting back I think the only options is class Converter. Note: I know the structure of objects and they will not change, also the maximum String length is also known. Thank you for all your ideas and time. EDIT: I will be storing only parts of objects, in some cases also parts of different objects (a couple of properties from one object type and a couple from another), thus I think that serialization is not an option for me.

    Read the article

  • SSL over TDS, SQL Server 2005 Express

    - by reuvenab
    I capture packets sent/received by Win Xp machine when connecting to SQL Server 2005 Express using TLS encryption. Server and Client exchange Hello messages Server and Client send ChangeCipherSpec message Then Server and Client server send strange message that is not described in TLS protocol What is the message and if SSL over TDS is standard compliant at all? Server side capture: 16 **SSL Handshake** 03 01 00 4a 02 ServerHello 00 00 46 03 01 4b dd 68 59 GMT 33 13 37 98 10 5d 57 9d ff 71 70 dc d6 6f 9e 2c Random[00..13] cb 96 c0 2e b3 2f 9b 74 67 05 cc 96 Random[14..27] 20 72 26 00 00 0f db 7f d9 b0 51 c2 4f cd 81 4c Session ID 3f e3 d2 d1 da 55 c0 fe 9b 56 b7 6f 70 86 fe bb Session ID 54 Session ID 00 04 Cipher Suite 00 Compression 14 03 01 00 01 01 **ChangeCipherSpec** 16 03 01 ???? Finished ??? 00 20 d0 da cc c4 36 11 43 ff 22 25 8a e1 38 2b ???? ??? 71 ce f3 59 9e 35 b0 be b2 4b 1d c5 21 21 ce 41 ???? ??? 8e 24

    Read the article

  • SharePoint webpart with button to auto-login to 3rd party website

    - by JCdowney
    I have been tasked with creating a SharePoint 2007 webpart that logs the user directly into our website (which uses forms authentication). Most likely the username and password will be same in the SharePoint account as in our website. Ideally we would like it to be fully integrated in that the webpart looks up the SP login & password, somehow encodes that using SHA1, MD5 or similar encryption, then passes that along to our login page on the query string. However given we have little experience with SharePoint, and that it's probably impossible to programmatically access the SP username/password from a webpart we realize this isn't very likely to be possible and if so would probably require a lot of development time. Another option would be to load a login form from the website within an iframe in the webpart, which would show the login & password first but store a "remember me" cookie after the first login, and on each subsequent load display just a button that logs them in directly using the cookie. Has anyone done something similar before? I'm in over my head, any guidance would be much appreciated! :)

    Read the article

  • What library can I use to do simple, lightweight message passing?

    - by Mike
    I will be starting a project which requires communication between distributed nodes(the project is in C++). I need a lightweight message passing library to pass very simple messages(basically just strings of text) between nodes. The library must have the following characteristics: No external setup required. I need to be able to get everything up-and-running in my code - I don't want to require the user to install any packages or edit any configuration files(other than a list of IP addresses and ports to connect to). The underlying protocol which the library uses must be TCP(or if it is UDP, the library must guarantee the eventual receipt of the message). The library must be able to send and receive arbitrarily large strings(think up to 3GB+). The library needn't support any security mechanisms, fault tolerance, or encryption - I just need it to be fast, simple, and easy to use. I've considered MPI, but concluded it would require too much setup on the user's machine for my project. What library would you recommend for such a project? I would roll my own, but due to time constraints, I don't think that will be feasible.

    Read the article

  • Symfony 1.4 - Don't save a blank password on a executeUpdate action.

    - by Twelve47
    I have a form to edit a UserProfile which is stored in mysql db. Which includes the following custom configuration: public function configure() { $this->widgetSchema['password']=new sfWidgetFormInputPassword(); $this->validatorSchema['password']->setOption('required', false); // you don't need to specify a new password if you are editing a user. } When the user tries to save the executeUpdate method is called to commit the changes. If the password is left blank, the password field is set to '', but I want it to retain the old password instead of overwriting it. What is the best (/most in the symfony ethos) way of doing this? My solution was to override the setter method on the model (which i had done anyway for password encryption), and ignore blank values. public function setPassword( $password ) { if ($password=='') return false; // if password is blank don't save it. return $this->_set('password', UserProfile ::encryptPassword( $password )); } It seems to work fine like this, but is there a better way? If you're wondering I cannot use sfDoctrineGuard for this project as I am dealing with a legacy database, and cannot change the schema.

    Read the article

  • Is encrypting session id (or other authenticate value) in cookie useful at all?

    - by Ji
    In web development, when session state is enabled, a session id is stored in cookie(in cookieless mode, query string will be used instead). In asp.net, the session id is encrypted automatically. There are plenty of topics on the internet regarding how you should encrypt your cookie, including session id. I can understand why you want to encrypt private info such as DOB, but any private info should not be stored in cookie at first place. So for other cookie values such as session id, what is the purpose encryption? Does it add security at all? no matter how you secure it, it will be sent back to server for decryption. Be be more specific, For authentication purpose, turn off session, i don't want to deal with session time out any more store some sort of id value in the cookie, on the server side, check if the id value exists and matches, if it is, authenticate user. let the cookie value expire when browser session is ended, this way. vs Asp.net form authentication mechanism (it relies on session or session id, i think) does latter one offer better security?

    Read the article

  • Microsoft JScript runtime error Object doesn't support this property or method

    - by Darxval
    So i am trying to call this function in my javascript but it gives me the error of "Microsoft JScript runtime error Object doesn't support this property or method" and i cant figure out why. It is occuring when trying to call hmacObj.getHMAC. This is from the jsSHA website: http://jssha.sourceforge.net/ to use the hmac-sha1 algorithm encryption. Thank you! hmacObj = new jsSHA(signature_base_string,"HEX"); signature = hmacObj.getHMAC("hgkghk","HEX","SHA-1","HEX"); Above this i have copied the code from sha.js snippet: function jsSHA(srcString, inputFormat) { /* * Configurable variables. Defaults typically work */ jsSHA.charSize = 8; // Number of Bits Per character (8 for ASCII, 16 for Unicode) jsSHA.b64pad = ""; // base-64 pad character. "=" for strict RFC compliance jsSHA.hexCase = 0; // hex output format. 0 - lowercase; 1 - uppercase var sha1 = null; var sha224 = null; The function it is calling (inside of the jsSHA function) (snippet) this.getHMAC = function (key, inputFormat, variant, outputFormat) { var formatFunc = null; var keyToUse = null; var blockByteSize = null; var blockBitSize = null; var keyWithIPad = []; var keyWithOPad = []; var lastArrayIndex = null; var retVal = null; var keyBinLen = null; var hashBitSize = null; // Validate the output format selection switch (outputFormat) { case "HEX": formatFunc = binb2hex; break; case "B64": formatFunc = binb2b64; break; default: return "FORMAT NOT RECOGNIZED"; }

    Read the article

< Previous Page | 73 74 75 76 77 78 79 80 81 82 83 84  | Next Page >