Search Results

Search found 13810 results on 553 pages for 'security roles'.

Page 86/553 | < Previous Page | 82 83 84 85 86 87 88 89 90 91 92 93  | Next Page >

  • Approach to Authenticate Clients to TCP Server

    - by dab
    I'm writing a Server/Client application where clients will connect to the server. What I want to do, is make sure that the client connecting to the server is actually using my protocol and I can "trust" the data being sent from the client to the server. What I thought about doing is creating a sort of hash on the client's machine that follows a particular algorithm. What I did in a previous version was took their IP address, the client version, and a few other attributes of the client and sent it as a calculated hash to the server, who then took their IP, and the version of the protocol the client claimed to be using, and calculated that number to see if they matched. This works ok until you get clients that connect from within a router environment where their internal IP is different from their external IP. My fix for this was to pass the client's internal IP used to calculate this hash with the authentication protocol. My fear is this approach is not secure enough. Since I'm passing the data used to create the "auth hash". Here's an example of what I'm talking about: Client IP: 192.168.1.10, Version: 2.4.5.2 hash = 2*4*5*1 * (1+9+2) * (1+6+8) * (1) * (1+0) Client Connects to Server client sends: auth hash ip version Server calculates that info, and accepts or denies the hash. Before I go and come up with another algorithm to prove a client can provide data a server (or use this existing algorithm), I was wondering if there are any existing, proven, and secure systems out there for generating a hash that both sides can generate with general knowledge. The server won't know about the client until the very first connection is established. The protocol's intent is to manage a network of clients who will be contributing data to the server periodically. New clients will be added simply by connecting the client to the server and "registering" with the server. So a client connects to the server for the first time, and registers their info (mac address or some other kind of unique computer identifier), then when they connect again, the server will recognize that client as a previous person and associate them with their data in the database.

    Read the article

  • Microsoft Offers Cheap Windows 8 Upgrade

    Though the software giant hasn't answered all of the questions, Computerworld collected many of them in one place and included the answers. You can also visit Microsoft's blog post for the details. Starting at general availability, if your PC is running Windows XP, Windows Vista, or Windows 7 you will qualify to download an upgrade to Windows 8 Pro for just $39.99 in 131 markets. And if you want, you can add Windows Media Center for free through the 'add features' option within Windows 8 Pro after your upgrade, the Microsoft blog post helpfully states. If you choose to upgrade, the Windows 8...

    Read the article

  • How to suspend a user from coming back on my website and register again? any ideas? [closed]

    - by ahmed amro
    i am an outsourcing person not a programmer and i am working on shopping website like ebay , so my question might be beginner for everyone.my website will need a user suspension in case he violates the terms and conditions. here is some thoughts on my mind: -IP address tracking -User information ( email address or any information are going to be repeated on second time of registration after suspension) -session Id cookies are also a way to identify the users after log in any more creative suggested ideas to avoid fraud and scammers, it it possible to make 100% impossible to avoid those bad users from coming back ?

    Read the article

  • How to enable home directory encryption for a particular user?

    - by Ivan
    I prefer to have a dedicated "administrator" user for technical purposes and that was one I've set up during installation. I've also refused to encrypt the home folder of the user. Now, as I've added a user account for my actual work usage I want my (but not the "administrator") home folder to be encrypted. How to turn this on? If it is not possible then how to enable encryption for all users home directories on a system already installed? I've found questions and answers about how to disable it but am not sure how to enable it.

    Read the article

  • Techniques to prevent non-official clients in network gaming?

    - by UpTheCreek
    In multi-player network games, what techniques exist to try to ensure that users are connecting with the official client application, and not some hacked client app? I realise there is probably no sure-fire way to do this, but rather I'm interested in techniques that can be employed to mitigate the problem. I'm especially interested in any techniques that can be used for web based games, but I imagine most can be applied generally. Thank you!

    Read the article

  • Is using dirname(__FILE__) a good practice?

    - by webose
    Looking at the code of Joomla I see that in the first line of the index, it defines the base path of installation with dirname(__FILE__). Is this a possible risk for the site? If a non controlled error message show the internal path of the Joomla directory, because of, for example a failed include, can it be used to perform some kind of attack to the site? If yes, is it convenient to use this function?

    Read the article

  • Log of data transfer and copied from Ubuntu

    - by Gaurav_Java
    Yesterday my friend ask me for some files i told him that take it from my system i don't see . what extra files or data he take from my system . I was thinking is here any application or method which shows what data is copied to which USB (if name available then shows name or otherwise device id ). and what data is beign copied to ubuntu machine . It is some like history of USB and System data . i think this feature is in KDE this will really useful in may ways. it provides real time and monitoring utility to monitor USB mass storage devices activities on any machine .

    Read the article

  • How safe is ubuntu?

    - by VJo
    Last week I started desktop sharing using krfb. Since I continue last session, this program keep on starting again. Two days ago I noticed messages poping up saying something like "rejecting uninvited connection from (some ip)", but today I figured it might be because of this and I was right. The krfb was running in the background. Hence the question. How safe is ubuntu? Should I expect someone to connect to my computer and erase everything I got on disk? EDIT To extend my question : how safe it is comparing to other OSs (windows, mac,...)? How safe it is comparing to other distros?

    Read the article

  • Avira Software Update Mistakenly Disabled Windows PCs

    While Avira currently holds the number two ranking in terms of usage amongst antivirus manufacturers worldwide, its latest slipup will likely put a dent in its reputation. The problem with the latest service pack can be pinpointed to ProActiv, a program that monitors for any suspicious events that could lead to infection or attack. Users who applied the updates noticed that ProActiv was preventing their systems from booting, as critical Windows files could not run. Others also reported that ProActiv was blocking all .exe, or executable files, in Windows, making it impossible to launch appl...

    Read the article

  • Get root access for copying files to /usr/share/...?

    - by Vinaychalluru
    To be short, I want to copy a folder to a location /usr/share/screenlets/..... I don't know how to do it. I am using Ubuntu 10.04. I tried by logging in as root from terminal giving "su with my password". I even changed my user account type to ADMINISTRATOR by giving the root password when asked, yet, no use. Think all of you know that, even the option PASTE in the context menu's list in the folder "/usr/share/..." is INACTIVE. How can I copy those files?

    Read the article

  • How do web servers enforce the same-origin policy?

    - by BBnyc
    I'm diving deeper into developing RESTful APIs and have so far worked with a few different frameworks to achieve this. Of course I've run into the same-origin policy, and now I'm wondering how web servers (rather than web browsers) enforce it. From what I understand, some enforcing seems to happen on the browser's end (e.g., honoring a Access-Control-Allow-Origin header received from a server). But what about the server? For example, let's say a web server is hosting a Javascript web app that accesses an API, also hosted on that server. I assume that server would enforce the same-origin policy --- so that only the javascript that is hosted on that server would be allowed to access the API. This would prevent someone else from writing a javascript client for that API and hosting it on another site, right? So how would a web server be able to stop a malicious client that would try to make AJAX requests to its api endpoints while claiming to be running javascript that originated from that same web server? What's the way most popular servers (Apache, nginx) protect against this kind of attack? Or is my understanding of this somehow off the mark? Or is the cross-origin policy only enforced on the client end?

    Read the article

  • Does facebook store multiple password hashes for each user?

    - by loxxy
    I noticed that Facebook allows multiple variants of my own password : My password as it is. My password with first letter capitalized. My password with all letters capitalized. It is commonly known that passwords are stored as hashes. So my question is, does facebook store multiple hashes for each user? Since the hash of each variant should be completely different... Or am I missing something, here? And there may be more combinations, besides the one I observed as well. This is obviously done to provide a better user experience & they probably have a statistical explanation of people repeating these mistakes. But I could not help but wonder, is it worth to increase so many lookups (in their database) just to help the user type a wrong password? On top of this, they warn about the caps lock (even though they don't seem to care) :

    Read the article

  • Making HTML5 videos stored on AWS S3 **difficult** to download (because I cant make it impossible)

    - by Jimmery
    I am building a website that hosts video's stored on AWS's S3 service. The videos are played thru a HTML5 player we have built. Ive just been asked to make sure "nobody can steal our video's". Now I know that if you really don't want something stolen, don't put it up on the internet. However I just need to secure these videos as good as possible, the videos need to at the very least resist someone going thru the source code and trying to download them manually. One option available to me is to completely rebuild the video player in flash. This is not ideal, for several reasons, notably because I would also then have to build an App for mobile devices to be able to view this site. So I am looking for other options. I have heard about using a token to make the file available only during certain times. I have heard of using a separate file to serve the videos that sits between the HTML5 page and the video file. I am also having a look at IAM, the Secure AWS Access Control, in the hopes AWS can solve this problem for me. Can anyone here recommend any of these options? Or perhaps suggest other options available to me? Any help would be greatly appreciated.

    Read the article

  • Microsoft Secret Event: New Tablet Unveiling?

    If you read the headline, you know what everyone thinks it will be: a new tablet computer, that Microsoft will manufacture from beginning to end. Apparently, the company believes it will be better able to compete against Apple if it controls both the hardware and the software. But why choose this location for the announcement? Wired thinks it makes sense if the tablet features Xbox live streaming. That would turn the humble device into something of a media machine. Speaking of the device itself, what kind of specs will this hypothetical tablet have? It's hard to say. Microsoft boasts software...

    Read the article

  • Will using HTTPS hurt my site's SEO or other statistics?

    - by yannbane
    I've set up a WordPress blog. Since I have to log into it from many different locations/machines, I've also got an SSL certificate, and set up Apache to redirect HTTP to HTTPS. It all works, but I'm wondering whether that's an overkill. Since most people who go to my site don't have to log in, I'm starting to wonder whether HTTPS has some drawbacks. If so, should I look for a way to make HTTPS optional?

    Read the article

  • Is it possible to configure Ubuntu as a software firewall?

    - by user3215
    I have some systems running on Ubuntu in the private IP range 192.168.2.0-255 . These systems are connected to a switch and the switch is connected to the ISP's modem. Neither the switch nor the modem support firewall options. I don't have any firewall device and I'm not willing to individually configure firewalls on all the systems (via gui/iptables). Is it possible to make an Ubuntu system into something like a software firewall, so that all the traffic/packets sent to or from the WAN(internet) would be allowed/denied based on its firewall rules?

    Read the article

  • Is this buffer overflow working on Mac OSX? [migrated]

    - by cobie
    Was reading through some text and playing around with attempting to write past the size of an array in C i.e buffer overflow. The text indicates that whenever you attempt to write to say array[5] when the length of the array is 5 then you get a segmentation fault but I dont seem to be getting that When using the code below. The code actually runs. #include <stdio.h> #include <string.h> int main () { int i; int array[5] = {1, 2, 3, 4, 5}; for (i = 0; i <= 255; i++) { array[i] = 10; } int len = sizeof(array) / sizeof(int); printf("%d\n", len); printf("%d\n", array[254]); } On execution of the last statement, a 10 is printed. Am wondering whether this is a vulnerability or if there is something I am missing. I am running the code from iterm2 on a macbook pro.

    Read the article

  • Microsoft Unveils Xbox SmartGlass

    SmartGlass won't be available to consumers until the fall, and if the reviews of the feature's capability are any indication, it's going to feel like a very long wait. SmartGlass lets you switch from watching something on your TV to watching it on your tablet or smartphone, and vice versa. But that's only the beginning. SmartGlass also lets developers turn smartphones and tablets into Xbox 360 controllers. Thus, if you're playing a sports-based game with your friends, you can enter your strategic plays into your smartphone, so he can't tell what your team is about to do. Or, with a baseball ga...

    Read the article

  • How can robots beat CAPTCHAs?

    - by totymedli
    I have a website e-mail form. I use a custom CAPTCHA to prevent spam from robots. Despite this, I still get spam. Why? How do robots beat the CAPTCHA? Do they use some kind of advanced OCR or just get the solution from where it is stored? How can I prevent this? Should I change to another type of CAPTCHA? I am sure the e-mails are coming from the form, because it is sent from my email-sender that serves the form messages. Also the letter style is the same. For the record, I am using PHP + MySQL, but I'm not searching for a solution to this problem. I was interested in the general situation how the robots beat these technologies. I just told this situation as an example, so you can understand better what I'm asking about.

    Read the article

  • Protecting the integrity of a game state while minimizing amount of data sent

    - by espais
    I'm developing a game in PHP/jQuery, and naturally have to be wary of any sort of data coming from the client. At present, I have tables of data representing the map (2D roguelike), monsters, items, and player(s). Initially, my thought was to simply package it all in a JSON object and send it every game tick, however when actually looking at the data I realized that's quite a large packet to be sending. So, my question is what is a good approach for minimizing data sent to the client? Obviously I would need to figure out some way of validating whatever it sends back. Initially we'd hoped to do some minimal verification on the client-side, but each time we thought of one thing we could do it is immediately invalidated with tools like Firebug. Kind of an open question I realize, but we want to get this right before we move on with our implementation so we don't have to shoehorn in bugfixes later on.

    Read the article

  • Is the php method md5() secure? Can it be used for passwords? [migrated]

    - by awiebe
    So executing a php script causes the form values to be sent to the server, and then they are processed. If you want to store a password in your db than you want it to be a cryptographic hash(so your client side is secure, can you generate an md5 using php securely( without submitting the user:password pair in the clear), or is there an alternative standard method of doing this, without having the unecrypted pasword leaving the clients machine? Sorry if this is a stupid question I'm kind of new at this. I think this can be done somehow using https, and on that note if a site's login page does not use https, does that mean that while the databse storage is secure, the transportation is not?

    Read the article

  • Patch Tuesday Fixes, Valentine`s Scams

    Microsoft plans to release nine bulletins on Tuesday that cover 21 vulnerabilities across its wide portfolio of products. Of the nine bulletins, four have been tagged with the software giant's critical rating, meaning they should be given the utmost importance with regard to the overall patching process exercised by users and organizations. The four critical updates address vulnerabilities in Microsoft's Internet Explorer browser, its Windows operating system, and Silverlight. As for the remaining five updates, Microsoft has labeled them as being important. Those will cover issues foun...

    Read the article

  • Microsoft Patches Internet Explorer 9, Launches YourBrowserMatter

    Due to the critical status of the Internet Explorer 9 fix, any users with the recommended Windows Update setting of install updates automatically enabled should receive it by default. Microsoft urges users with automatic updates disabled to install the fix manually via Windows Update. IT administrators in charge of handling organizations are urged to do the same using their go-to software for managing patches in-house. Of the eight vulnerabilities targeted by the IE9 update, the most crucial make it possible for remote code execution to occur on PCs where users have visited certain affecte...

    Read the article

  • The server principal '<domain>\User' already exists. But it doesn’t

    - by simonsabin
    Interesting little situation occurred today, the person I was working with was trying to add a login to a server and was getting the following error. “The server principal '<domain>\User' already exists” They were using a command like this and couldn’t figure out why they were getting the error above because when they looked at the logins setup on the system the login definitely didn’t exist. CREATE LOGIN [<domain>\<user>] FROM WINDOWS WITH DEFAULT_DATABASE = [master] The...(read more)

    Read the article

  • secure offline PC storage accessible through javascript

    - by turbo2oh
    I'm attempting to build a browser-based HTML5 application that has the ability to store data locally on a PC (not mobile device) when offline. This data is sensitive and must be secure. Of course the trick is trying to find a way to be able to access the secure data with Javascript. I've ruled out browser local storage since its not secure. Could this be accomplished with a local database? If so, where could the DB credentials be stored? Javascript obviously doesn't seem like a good option to store them since its user-readable.

    Read the article

< Previous Page | 82 83 84 85 86 87 88 89 90 91 92 93  | Next Page >