Search Results

Search found 3339 results on 134 pages for 'hash collision'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 90/134 | < Previous Page | 86 87 88 89 90 91 92 93 94 95 96 97  | Next Page >

  • Hashes or tokens for "remember me" cookies?

    - by Emanuil Rusev
    When it comes to remember me cookies, there are 2 distinct approaches: Hashes The remember me cookie stores a string that can identify the user (i.e. user ID) and a string that can prove that the identified user is the one it pretends to be - usually a hash based on the user password. Tokens The remember me cookie stores a random (meaningless), yet unique string that corresponds with with a record in a tokens table, that stores a user ID. Which approach is more secure and what are its disadvantages?

    Read the article

  • Cross-site request forgery protections: Where do I put all these lines?

    - by brilliant
    Hello, I was looking for a python code that would be able to log in from "Google App Engine" to some of my accounts on some websites (like yahoo or eBay) and was given this code: import urllib, urllib2, cookielib url = "https://login.yahoo.com/config/login?" form_data = {'login' : 'my-login-here', 'passwd' : 'my-password-here'} jar = cookielib.CookieJar() opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(jar)) form_data = urllib.urlencode(form_data) # data returned from this pages contains redirection resp = opener.open(url, form_data) # yahoo redirects to http://my.yahoo.com, so lets go there instead resp = opener.open('http://mail.yahoo.com') print resp.read() Unfortunately, this code didn't work, so I asked another question here and one supporter among other things said this: "You send MD5 hash and not plain password. Also you'd have to play along with all kinds of CSRF protections etc. that they're implementing. Look: <input type="hidden" name=".tries" value="1"> <input type="hidden" name=".src" value="ym"> <input type="hidden" name=".md5" value=""> <input type="hidden" name=".hash" value=""> <input type="hidden" name=".js" value=""> <input type="hidden" name=".last" value=""> <input type="hidden" name="promo" value=""> <input type="hidden" name=".intl" value="us"> <input type="hidden" name=".bypass" value=""> <input type="hidden" name=".partner" value=""> <input type="hidden" name=".u" value="bd5tdpd5rf2pg"> <input type="hidden" name=".v" value="0"> <input type="hidden" name=".challenge" value="5qUiIPGVFzRZ2BHhvtdGXoehfiOj"> <input type="hidden" name=".yplus" value=""> <input type="hidden" name=".emailCode" value=""> <input type="hidden" name="pkg" value=""> <input type="hidden" name="stepid" value=""> <input type="hidden" name=".ev" value=""> <input type="hidden" name="hasMsgr" value="0"> <input type="hidden" name=".chkP" value="Y"> <input type="hidden" name=".done" value="http://mail.yahoo.com"> <input type="hidden" name=".pd" value="ym_ver=0&c=&ivt=&sg="> I am not quite sure where he got all these lines from and where in my code I am supposed to add them. Do You have any idea? I know I was supposed to ask him this question first, and I did, but he never returned, so I decided to ask a separate question here.

    Read the article

  • Digest authentication using LDAP only

    - by Elephant
    Is there a way to validate digest authentication using LDAP only? I.e. if I have the following request from a client (stealed from Wikipedia): GET /dir/index.html HTTP/1.0 Host: localhost Authorization: Digest username="Mufasa", realm="[email protected]", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", uri="/dir/index.html", qop=auth, nc=00000001, cnonce="0a4f113b", response="6629fae49393a05397450978507c4ef1", opaque="5ccc069c403ebaf9f0171e9517f40e41" could I validate the user against LDAP, meaning if I don't now user password hence is not able to construct a digest hash to compare with the response?

    Read the article

  • Your creative PHP Obfuscation - Dynamic Variables

    - by Email
    Hi No thread about use or unuse of obfuscusion please ^^ Just share creative approaches how to obfuscate in php the really smart way plz. plain md5 and base64_decode is too static .. what you think regarding hash, salt what about dynamic Variables (even for the same $var). Thx for any creative input

    Read the article

  • How to grep in the git history?

    - by Ortwin Gentz
    I have deleted a file or some code in a file sometime in the past. Can I grep in the content (not in the commit messages)? A very poor solution is to grep the log: git log -p | grep However this doesn't return the commit hash straight away. I played around with "git grep" to no avail.

    Read the article

  • How can i run code on the client side from a browser?

    - by acidzombie24
    With LLVM and silverlight this may be possible now (or it may be possible with flash). I like the user to select a file and then do the following things 1) Hash it with md5 and sha1 2) If archive check if an exe is in it 3) If archive check if password protected The first to see if the user has uploaded it already (today, yesterday, last month) 2nd to prevent viruses 3rd i should be fine without but if i decide to not allow protected archives i can warn before the user uploads it. How may i do this through the browser?

    Read the article

  • numerical computation locks up ruby

    - by kolosy
    i'm trying to implement an id obfuscation scheme, with a simple hash borrowed elsewhere. i've added a method on the application helper: @@M_ID = 2**31-1 @@PRIME = 1580030173 @@PRIME_INVERSE = 59260789 # (calculated from MAXID and PRIME offline) def obfuscate_id(x) if x return ((x * @@PRIME) & @@M_ID) else x end end for some reason, whenever this is called, ruby locks up, and starts eating up disk space on my mac... like - gigs of it. any ideas?

    Read the article

  • Confusing Javascript class declaration

    - by clutch
    I have some third-party Javascript that has statements like this: FOO = function() { ...functions() ... return { hash } }(); It is working as designed but I'm confused by it. Can anybody define what this structure is doing? Is it just a weird way to create a class?

    Read the article

  • storing original password text

    - by Richard
    My application stores external website login/passwords for interaction with them. To interact with these website I need to use the original password text, so storing just the hash in my database is not going to work. How should I store these passwords?

    Read the article

  • To share a table or not share?

    - by acidzombie24
    Right now on my (beta) site i have a table called user data which stores name, hash(password), ipaddr, sessionkey, email and message number. Now i would like the user to have a profile description, signature, location (optional) and maybe other things. Should i have this in a separate mysql table? or should i share the table? and why?

    Read the article

  • Safely escaping and reading back a file path in ruby

    - by user336851
    I need to save a few informations about some files. Nothing too fancy so I thought I would go with a simple one line per item text file. Something like this : # write io.print "%i %s %s\n" % [File.mtime(fname), fname, Digest::SHA1.file(fname).hexdigest] # read io.each do |line| mtime, name, hash = line.scanf "%i %s %s" end Of course this doesn't work because a file name can contain spaces (breaking scanf) and line breaks (breaking IO#each). The line break problem can be avoided by dropping the use of each and going with a bunch of gets(' ') while not io.eof? mtime = Time.at(io.gets(" ").to_i) name = io.gets " " hash = io.gets "\n" end Dealing with spaces in the names is another matter. Now we need to do some escaping. note : I like space as a record delimiter but I'd have no issue changing it for one easier to use. In the case of filenames though, the only one that could help is ascii nul "\0" but a nul delimited file isn't really a text file anymore... I initially had a wall of text detailing the iterations of my struggle to make a correct escaping function and its reciprocal but it was just boring and not really useful. I'll just give you the final result: def write_name(io, val) io << val.gsub(/([\\ ])/, "\\\\\\1") # yes that' 6 backslashes ! end def read_name(io) name, continued = "", true while continued continued = false name += io.gets(' ').gsub(/\\(.)/) do |c| if c=="\\\\" "\\" elsif c=="\\ " continued=true " " else raise "unexpected backslash escape : %p (%s %i)" % [c, io.path, io.pos] end end end return name.chomp(' ') end I'm not happy at all with read_name. Way too long and akward, I feel it shouldn't be that hard. While trying to make this work I tried to come up with other ways : the bittorrent encoded / php serialize way : prefix the file name with the length of the name then just io.read(name_len.to_i). It works but it's a real pita to edit the file by hand. At this point we're halfway to a binary format. String#inspect : This one looks expressly made for that purpose ! Except it seems like the only way to get the value back is through eval. I hate the idea of eval-ing a string I didn't generate from trusted data. So. Opinions ? Isn't there some lib which can do all this ? Am I missing something obvious ? How would you do that ?

    Read the article

  • Password hashing in Django

    - by Philip Mais
    I'm trying to integrate vBulliten and Django's user databases. I know vB uses a md5 algorithm to hash it's passwords, with a salt. I have the salt data and the password for each vB user, and would like to know how to import those accounts onto Django. I've tried the obvious, changing the Django user's password to; md5$vb's_salt$vb's_password This just throws back Django's log-in form, with a message saying "username and password does not match" Any ideas?

    Read the article

  • What's the deal with reftype { } ?

    - by friedo
    I recently saw some code that reminded me to ask this question. Lately, I've been seeing a lot of this: use Scalar::Util 'reftype'; if ( reftype $some_ref eq reftype { } ) { ... } What is the purpose of calling reftype on an anonymous hashref? Why not just say eq 'HASH' ?

    Read the article

  • How can I show the contents of a file at a specific state of a git repo?

    - by richcollins
    I want to show the contents of a file given by a path at a specific state of a git repo. I unsuccessfully tried this: git show f825334150cd4bc8f46656b2daa8fa1e92f7796d:Katana/source/Git/GitLocalBranch.h fatal: ambiguous argument 'f825334150cd4bc8f46656b2daa8fa1e92f7796d:Katana/source/Git/GitLocalBranch.h': unknown revision or path not in the working tree. Use '--' to separate paths from revisions The commit in question didn't modify the file specified. How can I show the contents of a file at a given state (specified by a commit hash) regardless of the involvement of the file in the commit?

    Read the article

  • What is an alternative for split in Perl?

    - by joe
    My file contains a: b d: e f: a:b:c g: a b c d f:g:h h: d d:dd:d J: g,j How can I parse this file into lefthand side values into one array and right hand side to another array? I tried with split, but I am not able to get it back. I want to store them into hash.

    Read the article

  • What is Logically and semantically correct, A-grade browsers compatible and W3C valid way to clear f

    - by metal-gear-solid
    What is Logically correct and W3C valid way to clear float? zoom:1 is not valid by W3C and IE8 don't have hash layout problem overflow:hidden and overflow:hidden were not made to do this,as the spec intended overflow to be used <div class="clear"/> is not semantically correct and i don't want to add extra markup. clearfix hack generates content that really hasn’t any semantic value. I've asked many questions and read many articles on this issue but haven't find best way.

    Read the article

  • PHP, MySQL - My own version of SALT (I call salty) - Login Issue

    - by Fabio Anselmo
    Ok I wrote my own version of SALT I call it salty lol don't make fun of me.. Anyway the registration part of my script as follows is working 100% correctly. //generate SALTY my own version of SALT and I likes me salt.. lol function rand_string( $length ) { $chars = "ABCDEFGHIJKLMNOPQRSTUWXYZabcdefghijklmnopqrstuwxyz1234567890"; $size = strlen( $chars ); for( $i = 0; $i < $length; $i++ ) { $str .= $chars[ rand( 0, $size - 1 ) ]; } return $str; } $salty = rand_string( 256 ); //generate my extra salty pw $password = crypt('password'); $hash = $password . $salty; $newpass = $hash; //insert the data in the database include ('../../scripts/dbconnect.php'); //Update db record with my salty pw ;) // TESTED WITH AND WITHOUT SALTY //HENCE $password and $newpass mysql_query("UPDATE `Register` SET `Password` = '$password' WHERE `emailinput` = '$email'"); mysql_close($connect); However my LOGIN script is failing. I have it setup to TEST and echo if its login or not. It always returns FAILED. I entered the DB and changed the crypted salty pw to "TEST" and I got a SUCCESS. So my problem is somewhere in this LOGIN script I assume. Now I am not sure how to implement my $Salty in this. But also be advised that even without SALTY (just using crypt to store my pass) - I was still unable to perform a login successfully. And if you're gonna suggest i use blowfish - note that my webhost doesn't have it supported and i don't know how to install it. here's my login script: if (isset($_POST['formsubmitted'])) { include ('../../scripts/dbconnect.php'); $username = mysql_real_escape_string($_POST['username']); $password = crypt(mysql_real_escape_string($_POST['password'])); $qry = "SELECT ID FROM Register WHERE emailinput='$username' AND Password='$password'"; $result = mysql_query($qry); if(mysql_num_rows($result) > 0) { echo 'SUCCESS'; //START SESSION } else { echo 'FAILED'; //YOU ARE NOT LOGGED IN } } So what's wrong with this login? Why isn't it working just using the crypt/storing only crypt? How can i make it work storing both the crypt and randomly generated SALTY :) ? Ty advance

    Read the article

  • Is there a concurrent container library for C++

    - by Lirik
    I'm looking for implementations of lock-free containers: Blocking Queue Blocking Stack Hash Map etc... Are there any good libraries out there? I would like to refrain from writing these data structures... I would much rather use something that has been tested by the community.

    Read the article

  • Is the "lock" statement in C# time-consuming?

    - by markattwood
    I have a method which has been called many times by other methods to hash data. Inside the method, some lock statements are used. Could you please let me know whether the lock statement is time-consuming and what is the best way to improve it. P/S: I have been finding a way to avoid using the lock statement in this method.

    Read the article

  • Is possible to generate constant value during compilation?

    - by AOI Karasu
    I would like my classes to be identified each type by an unique hash code. But I don't want these hashed to be generated every time a method, eg. int GetHashCode(), is invoked during runtime. I'd like to use already generated constants and I was hoping there is a way to make the compiler do some come computing and set these constants. Can it be done using templates? Could you give me some example, if it is possible.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 86 87 88 89 90 91 92 93 94 95 96 97  | Next Page >