Search Results

Search found 43 results on 2 pages for 'cleartext'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 1/2 | 1 2  | Next Page >

  • How can I prevent Virtualmin from storing passwords in cleartext?

    - by Josh
    I am really surprised at this behavior. In Virtualmin, I can see the password for any SSH user by clicking the "(Show..)" link next to the "Password ( ) Leave unchanged" option in a variety of locations. I have found that the passwords for all users including users with SSH access are stored in cleartext files in /etc/webmin/... This seems like an unnecessary risk! How can I prevent Virtualmin from storing passwords in this manner?

    Read the article

  • Suggestions for Scheduled Tasks to call OSQL without hard-coding cleartext password

    - by Ian Boyd
    Can anyone think of any techniques where i can have a Windows scheduled task run OSQL, but not have to pass the clear-text password with cleartext password being in the clear? E.g.: >osql -U iboyd -P BabyBatterStapleCorrect Assumption: No Windows Authentication (since it's not an option) i was hoping there was a >OSQL -encryptPassword "BabyBatterStapleCorrect" > > OSQL > Encrypted password: WWVzIGkgd2FudCB0byByYXBlIGJhYmllcy4gQmlnIHdob29wLiBXYW5uYSBmaWdodCBhYm91dCBpdD8= And then i could call OSQL with: >osql -U ian -P WWVzIGkgd2FudCB0byByYXBlIGJhYmllcy4gQmlnIHdob29wLiBXYW5uYSBmaWdodCBhYm91dCBpdD8= But that's not something Microsoft implemented.

    Read the article

  • Possible to get cleartext password?

    - by Farhan
    I have hosting service hosted on more than 20+ Plesk servers, version 11. As in the previous versions, the passwords were not encrypted, then if i had to design some tools to manage the hosting accounts, i just picked up the cleartext passwords from the Database. but as now the passwords are encrypted, is there any way i can decrypt the passwords? through API or any other way so that i can integrate my php based hosting management with plesk 11?

    Read the article

  • SHA1 Password returns as cleartext after DB query

    - by Code Sherpa
    Hi. I have a SHA1 password and PasswordSalt in my aspnet_Membership table. but, when I run a query from the server (a Sql Query), the reader reveals that the pass has returned as its cleartext equivalent. I am wondering if my web.config configuration is causing this? <membership defaultProvider="CustomMembershipProvider" userIsOnlineTimeWindow="20" hashAlgorithmType="SHA1"> <providers> <clear/> <add name="CustomMembershipProvider" type="Custom.Utility.CustomMembershipProvider" connectionStringName="MembershipDB" enablePasswordRetrieval="false" enablePasswordReset="true" requiresUniqueEmail="false" requiresQuestionAndAnswer="false" passwordStrengthRegularExpression="" minRequiredPasswordLength="1" minRequiredNonalphanumericCharacters="0" passwordFormat="Hashed" thanks in advance...

    Read the article

  • How can I prevent Virtualmin from storing passwords in cleartext?

    - by Josh
    I am really surprised at this behavior. In Virtualmin, I can see the password for any SSH user by clicking the "(Show..)" link next to the "Password ( ) Leave unchanged" option in a variety of locations. I have found that the passwords for all users including users with SSH access are stored in cleartext files in /etc/webmin/... This seems like an unnecessary risk! How can I prevent Virtualmin from storing passwords in this manner?

    Read the article

  • Can nginx be an mail proxy for a backend server that does not accept cleartext logins?

    - by 84104
    Can Nginx be an mail proxy for a backend server that does not accept cleartext logins? Preferably I'd like to know what directive to include so that it will invoke STARTTLS/STLS, but communication via IMAPS or POP3S is sufficient. relevant(?) section of nginx.conf mail { auth_http localhost:80/mailproxy/auth.php; proxy on; ssl_prefer_server_ciphers on; ssl_protocols TLSv1 SSLv3; ssl_ciphers HIGH:!ADH:!MD5:@STRENGTH; ssl_session_cache shared:TLSSL:16m; ssl_session_timeout 10m; ssl_certificate /etc/ssl/private/hostname.crt; ssl_certificate_key /etc/ssl/private/hostname.key; imap_capabilities "IMAP4rev1" "UIDPLUS"; server { protocol imap; listen 143; starttls on; } server { protocol imap; listen 993; ssl on; } pop3_capabilities "TOP" "USER"; server { protocol pop3; listen 110; starttls on; pop3_auth plain; } server { protocol pop3; listen 995; ssl on; pop3_auth plain; } }

    Read the article

  • Securely wiping a file on a tmpfs

    - by Nanzikambe
    I have a script that decrypts some data to a tmpfs, the directory is secure (permissions), the machine's swap is encrypted (random key on boot) and when the script is done it does a 35 pass wipe (Peter Gutmann) of the cleartext on the tmpfs . I do this because I'm aware wiping files on a journaling file system is insecure, data may be recovered. For discussion, here're the relevant bits extracted: # make the tmpfs mkdir /mnt/tmpfs chmod 0700 /mnt/tmpfs mount -t tmpfs -o size=1M tmpfs /mnt/tmpfs cd /mnt/tmpfs # decrypt the data gpg -o - <crypted_input_file> | \ tar -xjpf - # do processing stuff # wipe contents find . -type f -exec bcwipe -I {} ';' # nuke the tmpfs cd .. umount -f /mnt/tmpfs rm -fR /mnt/tmpfs So, my question, assuming for the moment that nobody is able to read the cleartext in the tmpfs while it exists (I use umask to set cleartext to 0600), is there any way any trace of the cleartext could remain either in memory or on disk after the snippet above completes?

    Read the article

  • Mpd as pppoe server with authorisation by freeradius2

    - by Korjavin Ivan
    I install freeradius2, add to raddb/users: test Cleartext-Password := "test1" Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 10.36.0.2, Framed-IP-Netmask = 255.255.255.0, start radiusd, and check auth: radtest test test1 127.0.0.1 1002 testing123 Sending Access-Request of id 199 to 127.0.0.1 port 1812 User-Name = "test" User-Password = "test1" NAS-IP-Address = 127.0.0.1 NAS-Port = 1002 Message-Authenticator = 0x00000000000000000000000000000000 rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=199, length=44 Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 10.36.0.2 Framed-IP-Netmask = 255.255.255.0 Works fine. Next step. Add to mpd.conf: radius: set auth disable internal set auth max-logins 1 CI set auth enable radius-auth set radius timeout 90 set radius retries 2 set radius server 127.0.0.1 testing123 1812 1813 set radius me 127.0.0.1 create link template L pppoe set link action bundle B set link max-children 1000 set link no multilink set link no shortseq set link no pap chap-md5 chap-msv1 chap-msv2 set link enable chap set pppoe acname Internet load radius create link template em1 L set pppoe iface em1 set link enable incoming And trying to connect, auth failed, here is mpd log: mpd: [em1-2] LCP: auth: peer wants nothing, I want CHAP mpd: [em1-2] CHAP: sending CHALLENGE #1 len: 21 mpd: [em1-2] LCP: LayerUp mpd: [em1-2] CHAP: rec'd RESPONSE #1 len: 58 mpd: [em1-2] Name: "test" mpd: [em1-2] AUTH: Trying RADIUS mpd: [em1-2] RADIUS: Authenticating user 'test' mpd: [em1-2] RADIUS: Rec'd RAD_ACCESS_REJECT for user 'test' mpd: [em1-2] AUTH: RADIUS returned: failed mpd: [em1-2] AUTH: ran out of backends mpd: [em1-2] CHAP: Auth return status: failed mpd: [em1-2] CHAP: Reply message: ^AE=691 R=1 mpd: [em1-2] CHAP: sending FAILURE #1 len: 14 mpd: [em1-2] LCP: authorization failed Then i start freeradius as radiusd -fX, and get this log: rad_recv: Access-Request packet from host 127.0.0.1 port 46400, id=223, length=282 NAS-Identifier = "rubin.svyaz-nt.ru" NAS-IP-Address = 127.0.0.1 Message-Authenticator = 0x14d36639bed8074ec2988118125367ea Acct-Session-Id = "815965-em1-2" NAS-Port = 2 NAS-Port-Type = Ethernet Service-Type = Framed-User Framed-Protocol = PPP Calling-Station-Id = "00e05290b3e3 / 00:e0:52:90:b3:e3 / em1" NAS-Port-Id = "em1" Vendor-12341-Attr-12 = 0x656d312d32 Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Client-Endpoint:0 = "00:e0:52:90:b3:e3" User-Name = "test" MS-CHAP-Challenge = 0xbb1e68d5bbc30f228725a133877de83e MS-CHAP2-Response = 0x010088746ae65b68e435e9d045ad6f9569b60000000000000000b56991b4f20704cb6c68e5982eec5e98a7f4b470c109c1b9 # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop [mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap' ++[mschap] returns ok [eap] No EAP-Message, not doing EAP ++[eap] returns noop [files] users: Matched entry DEFAULT at line 172 ++[files] returns ok Found Auth-Type = MSCHAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Creating challenge hash with username: test [mschap] Client is using MS-CHAPv2 for test, we need NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject Failed to authenticate the user. Login incorrect: [test] (from client localhost port 2 cli 00e05290b3e3 / 00:e0:52:90:b3:e3 / em1) Using Post-Auth-Type REJECT # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> test attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 2 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 2 Sending Access-Reject of id 223 to 127.0.0.1 port 46400 MS-CHAP-Error = "\001E=691 R=1" Why i have error "[mschap] No Cleartext-Password configured. Cannot create LM-Password." ? I define cleartext-password in users. I check raddb/sites-enabled/default authorize { chap mschap eap { ok = return } files } looks ok for me. Whats wrong with mpd/chap/radius ?

    Read the article

  • Submit to open up a popup window and carry through input data

    - by zac
    Hi, I have a input box on one page that on submit opens a new page with a longer form and the first field is populated with what was entered from the previous pages input box. So on page 1 there is this code: <form action="sign-up.php"> <input type="text" name="email" value="sign up for email" onFocus="clearText(this)" onBlur="clearText(this)" style="float: left;"> <input value='Submit' /> </form> Then on the sign-up page the receiving form grabs the string out of the url //<!-- Begin function getParams() { var idx = document.URL.indexOf('?'); if (idx != -1) { var tempParams = new Object(); var pairs = document.URL.substring(idx+1,document.URL.length).split('&'); for (var i=0; i<pairs.length; i++) { nameVal = pairs[i].split('='); tempParams[nameVal[0]] = nameVal[1]; } return tempParams; } } var params = getParams(); // End --> I would like to keep all of this functionality but it have it occur in a popup. I added this function to the submit: function myPopup() { window.open( "sign-up.php", "myWindow", "status = 1, height = 300, width = 300, resizable = 0" ) and the form becomes <form> <input type="text" name="email" value="sign up for email" onFocus="clearText(this)" onBlur="clearText(this)" style="float: left;"> <input onClick="myPopup()" value='Submit' /> </form> But it no longer appends the input data to the url string. Anyone have any ideas on how I can accomplish this?

    Read the article

  • Can I get all active directory passwords in clear text using reversible encryption?

    - by christian123
    EDIT: Can anybody actually answer the question? Thanks, I don't need no audit trail, I WILL know all the passwords and users can't change them and I will continue to do so. This is not for hacking! We recently migrated away from a old and rusty Linux/Samba domain to an active directory. We had a custom little interface to manage accounts there. It always stored the passwords of all users and all service accounts in cleartext in a secure location (Of course, many of you will certainly not think of this a being secure, but without real exploits nobody could read that) and disabled password changing on the samba domain controller. In addition, no user can ever select his own passwords, we create them using pwgen. We don't change them every 40 days or so, but only every 2 years to reward employees for really learning them and NOT writing them down. We need the passwords to e.g. go into user accounts and modify settings that are too complicated for group policies or to help users. These might certainly be controversial policies, but I want to continue them on AD. Now I save new accounts and their PWGEN-generated (pwgen creates nice sounding random words with nice amounts of vowels, consonants and numbers) manually into the old text-file that the old scripts used to maintain automatically. How can I get this functionality back in AD? I see that there is "reversible encryption" in AD accounts, probably for challenge response authentication systems that need the cleartext password stored on the server. Is there a script that displays all these passwords? That would be great. (Again: I trust my DC not to be compromised.) Or can I have a plugin into AD users&computers that gets a notification of every new password and stores it into a file? On clients that is possible with GINA-dlls, they can get notified about passwords and get the cleartext.

    Read the article

  • how to use rsa in application i found code but dont know how to implement [closed]

    - by Smart Guy
    HOW TO I USE THIS RSA http://xtrace.blogspot.com/2012/03/rsa-demo-example.html?showComment=1349091173502#c199333123405145467 TUTOTIAL CODE IN MY LOGIN CODE BELOW I found code but dnt know how to implement public class LoginScreen extends Activity implements OnClickListener{ public void onCreate(Bundle icicle) { super.onCreate(icicle); setContentView(R.layout.login.xml); TextView lblMobileNo = (TextView)findViewById(R.id.lblMobileNo); lblMobileNo.setTextColor(getResources().getColor(R.color.text_color_red)); mobile = (EditText)findViewById(R.id.txtMobileNo); TextView lblPinNo = (TextView)findViewById(R.id.lblPinNo); lblPinNo.setTextColor(getResources().getColor(R.color.text_color_red)); pin = (EditText)findViewById(R.id.txtPinNo); btnLogin = (Button)findViewById(R.id.btnLogin); btnClear = (Button)findViewById(R.id.btnClear); btnLogin.setOnClickListener(new OnClickListener() { public void onClick(View view) { postLoginData(); } }); btnClear.setOnClickListener(new OnClickListener() { public void onClick(View v) { cleartext(); } }); /* btnClear.setOnClickListener(new OnClickListener() { public void onClick(View arg0) { } }); */ } public void postLoginData() { Intent i = new Intent(this.getApplicationContext(),NEWCLASS.class); Bundle bundle = new Bundle(); bundle.putString("mno", mobile.getText().toString()); bundle.putString("pinno", pin.getText().toString()); i.putExtras(bundle); startActivity(i); } } @Override public void onClick(View v) { } public void cleartext() { { pin.setText("") ; mobile.setText(""); } } }

    Read the article

  • Invalid length for a Base-64 char array.

    - by Code Sherpa
    As the title says, I am getting: Invalid length for a Base-64 char array. I have read about this problem on here and it seems that the suggestion is to store ViewState in SQL if it is large. I am using a wizard with a good deal of data collection so chances are my ViewSate is large. But, before I turn to the "store-in-DB" solution, maybe somebody can take a look and tell me if I have other options? I construct the email for delivery using the below method: public void SendEmailAddressVerificationEmail(string userName, string to) { string msg = "Please click on the link below or paste it into a browser to verify your email account.<BR><BR>" + "<a href=\"" + _configuration.RootURL + "Accounts/VerifyEmail.aspx?a=" + userName.Encrypt("verify") + "\">" + _configuration.RootURL + "Accounts/VerifyEmail.aspx?a=" + userName.Encrypt("verify") + "</a>"; SendEmail(to, "", "", "Account created! Email verification required.", msg); } The Encrypt method looks like this: public static string Encrypt(string clearText, string Password) { byte[] clearBytes = System.Text.Encoding.Unicode.GetBytes(clearText); PasswordDeriveBytes pdb = new PasswordDeriveBytes(Password, new byte[] { 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76 }); byte[] encryptedData = Encrypt(clearBytes, pdb.GetBytes(32), pdb.GetBytes(16)); return Convert.ToBase64String(encryptedData); } On the receiving end, the VerifyEmail.aspx.cs page has the line: string username = Cryptography.Decrypt(_webContext.UserNameToVerify, "verify"); And the decrypt method looks like: public static string Decrypt(string cipherText, string password) { **// THE ERROR IS THROWN HERE!!** byte[] cipherBytes = Convert.FromBase64String(cipherText); Can this error be remedied with a code fix or must I store ViewState in the database? Thanks in advance.

    Read the article

  • Can PPP CHAP authentication use Cisco "Type 5" MD5 passwords?

    - by romandas
    Looking over Cisco's documentation, and RFC 1994 (PPP CHAP authentication), my initial guess is "no", because CHAP requires a cleartext password to rehash every time it sends a challenge. Is this true? If so, is there another way to configure CHAP so it doesn't use the easily-decoded type 7 passwords? The Cisco device in question uses local authentication, not a TACACS+ or RADIUS server. Would using RADIUS eliminate the problem or just move it to the RADIUS server?

    Read the article

  • Squid authentication encryption

    - by barbarossa12d
    Hi, I use Squid and the users must authenticate. The users are authenticating in cleartext. I found tutorials about stunnel (http://www.jeffyestrumskas.com/?page_id=3), but the clients also need this software. Is there no possibility that for user authentication SSL (or some other encryption technology) can be used?. Thanks.

    Read the article

  • Securing data inside Azure SQL? Any good libraries or DIY?

    - by Sid
    Azure SQL doesn't support many of the encryption features found in SQL Server (Table and Column encryption). We need to store some sensitive information that needs to be encrypted and we've rolled our own using AesCryptoServiceProvider to encrypt/decrypt data to/from the database. This solves the immediate issue (no cleartext in db) but poses other problems like Key rotation (we have to roll our own code for this, walking through the db converting old cipher text into new cipher text) metadata mapping of which tables and which columns are encrypted. This is simple with it's a few but quickly gets out of hand ... So are there any libraries out there that do this well? Any other resources or design patterns I can be pointed to?

    Read the article

  • How to safely back up the "Private" folder?

    - by ImaginaryRobots
    I have an ecryptfs "Private" folder in my home directory, and it is set up to automatically mount whenever I log in. I want to set up automatic backups to a network drive, but I don't want the contents of Private to be readable on the remote server. My understanding is that the Ubuntu "Backup" utility would run while I'm logged in, so it would see the folder contents without encryption. I'm backing up from a laptop, so it is essentially only on when I am logged in. I know that the Private folder is essentially a mounted filesystem, so it seems like I should be able to backup the encrypted image rather than the cleartext contents. What steps are needed to safely back it up, while maintaining the encryption? Note that I'm already familiar with the backup tools available, this question is about dealing with the ecryptfs folder safely.

    Read the article

  • Can I use OAuth for a SOAP web service?

    - by Olaseni
    The standard HTTP Authentication for SOAP passed the password etc in cleartext,and I'm looking for an alternative, possibly a key based mechanism to authenticate web services in lieu of the password. OAuth is gaining a lot of popularity; would it be appropriate, and how would I implement it? Or perhaps there are other methods I should use. The project itself is relatively simple, with just a one or two methods to be exposed, but security is of the utmost importance.

    Read the article

  • loading an asp after starting a session

    - by Noam Smadja
    the jQuery $("#loginform").submit(function(){ $.ajax({ type: "POST", url: "loginrespajax.asp", data: $("#loginform").serialize(), success: function(){ $("#loginform").hide("slow"); $("#loginform").load("userheader.asp"); $("#loginform").show("slow"); } }); }); thats userheader.asp <div class="userlinks"> <%if (session("userlevel")) then%> <% select case session("userlevel") case 1 %> <a href="managenews.asp"><%langstring("header_news")%></a> | <a href="managebooks.asp"><%langstring("header_books")%></a> | <a href="manageusers.asp"><%langstring("manage_users")%></a> | <a href="manageorders.asp"><%langstring("manage_orders")%></a> | <a href="managelanguage.asp"><%langstring("manage_language")%></a> | <a href="youthregistration.asp"><%langstring("youthreg_header")%></a> | <a href="manageregistrants.asp"><%langstring("youthlist_header")%></a> | <% case 2 %> <a href="managenews.asp"><%langstring("header_news")%></a> | <a href="managebooks.asp"><%langstring("header_books")%></a> | <a href="youthregistration.asp"><%langstring("youthreg_header")%></a> | <a href="manageregistrants.asp"><%langstring("youthlist_header")%></a> | <% case 3 %> <a href="youthregistration.asp"><%langstring("youthreg_header")%></a> | <a href="manageregistrants.asp"><%langstring("youthlist_header")%></a> | <% End select %> <a href="editprofile.asp"><%langstring("editprofile_header")%></a> | <a href="changepassword.asp"><%langstring("changepassword_header")%></a> | <a href="logout.asp"><%langstring("logout_header")%></a> <%else%> <form action="loginrespajax.asp" method="POST" name="loginform" id="loginform" class="loginform" onSubmit="return false;"> <input type="text" name="username" value="username" class="input inline" onFocus="clearText(this);"> <input type="password" name="password" value="password" class="input inline" onFocus="clearText(this);"> <input type="submit" value="Log In" class="submit inline"> </form> <%End if%> </div> i am submiting the login form using AJAX and the jQuery partially works. it does hide and show again. but it prints the ELSE part of in userheader.asp. the session does start, for sure :)

    Read the article

  • How do I tie a cmbBox that selects all drives (local and network) into a treeNode VB

    - by jpavlov
    How do i tie in a selected item from a cmbBox with a treeView? I am looking to just obtain the value of the one selected drive Thanks. Imports System Imports System.IO Imports System.IO.File Imports System.Windows.Forms Public Class F_Treeview_Demo Private Sub F_Treeview_Demo_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load ' Initialize the local directory treeview Dim nodeText As String = "" Dim sb As New C_StringBuilder With My.Computer.FileSystem 'Read in the number of drives For i As Integer = 0 To .Drives.Count - 1 '** Build the drive's node text sb.ClearText() sb.AppendText(.Drives(i).Name) cmbDrives.Items.Add(sb.FullText) Next End With ListRootNodes() End Sub Private Sub btnExit_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnExit.Click Application.Exit() End Sub Private Sub tvwLocalFolders_AfterSelect(ByVal sender As Object, ByVal e As System.Windows.Forms.TreeViewEventArgs) _ Handles tvwLocalFolders.AfterSelect ' Display the path for the selected node Dim folder As String = tvwLocalFolders.SelectedNode.Tag lblLocalPath.Text = folder ListView1.Items.Clear() Dim childNode As TreeNode = e.Node.FirstNode Dim parentPath As String = AddChar(e.Node.Tag) End Sub Private Sub AddToList(ByVal nodes As TreeNodeCollection) For Each node As TreeNode In nodes If node.Checked Then ListView1.Items.Add(node.Text) ListView1.Items.Add(Chr(13)) AddToList(node.Nodes) End If Next End Sub Private Sub tvwLocalFolders_BeforeExpand(ByVal sender As Object, ByVal e As System.Windows.Forms.TreeViewCancelEventArgs) _ Handles tvwLocalFolders.BeforeExpand ' Display the path for the selected node lblLocalPath.Text = e.Node.Tag ' Populate all child nodes below the selected node Dim parentPath As String = AddChar(e.Node.Tag) tvwLocalFolders.BeginUpdate() Dim childNode As TreeNode = e.Node.FirstNode 'this i added Dim smallNode As TreeNode = e.Node.FirstNode Do While childNode IsNot Nothing ListLocalSubFolders(childNode, parentPath & childNode.Text) childNode = childNode.NextNode ''this i added ListLocalFiles(smallNode, parentPath & smallNode.Text) Loop tvwLocalFolders.EndUpdate() tvwLocalFolders.Refresh() ' Select the node being expanded tvwLocalFolders.SelectedNode = e.Node ListView1.Items.Clear() AddToList(tvwLocalFolders.Nodes) ListView1.Items.Add(Environment.NewLine) End Sub Private Sub ListRootNodes() ' Add all local drives to the Local treeview Dim nodeText As String = "" Dim sb As New C_StringBuilder With My.Computer.FileSystem For i As Integer = 0 To .Drives.Count - 1 '** Build the drive's node text sb.ClearText() sb.AppendText(.Drives(i).Name) nodeText = sb.FullText nodeText = Me.cmbDrives.SelectedItem '** Add the drive to the treeview Dim driveNode As TreeNode driveNode = tvwLocalFolders.Nodes.Add(nodeText) 'driveNode.Tag = .Drives(i).Name '** Add the next level of subfolders 'ListLocalSubFolders(driveNode, .Drives(i).Name) ListLocalSubFolders(driveNode, nodeText) 'driveNode = Nothing Next End With End Sub Private Sub ListLocalFiles(ByVal ParentNode As TreeNode, ByVal PParentPath As String) Dim FileNode As String = "" Try For Each FileNode In Directory.GetFiles(PParentPath) Dim smallNode As TreeNode smallNode = ParentNode.Nodes.Add(FilenameFromPath(FileNode)) With smallNode .ImageIndex = 0 .SelectedImageIndex = 1 .Tag = FileNode End With smallNode = Nothing Next Catch ex As Exception End Try End Sub Private Sub ListLocalSubFolders(ByVal ParentNode As TreeNode, _ ByVal ParentPath As String) ' Add all local subfolders below the passed Local treeview node Dim FolderNode As String = "" Try For Each FolderNode In Directory.GetDirectories(ParentPath) Dim childNode As TreeNode childNode = ParentNode.Nodes.Add(FilenameFromPath(FolderNode)) With childNode .ImageIndex = 0 .SelectedImageIndex = 1 .Tag = FolderNode End With childNode = Nothing Next Catch ex As Exception End Try End Sub Private Sub ComboBox1_SelectedIndexChanged(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles cmbDrives.SelectedIndexChanged End Sub Private Sub lblLocalPath_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles lblLocalPath.Click End Sub Private Sub grpLocalFileSystem_Enter(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles grpLocalFileSystem.Enter End Sub Private Sub btn1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btn1.Click ' lbl1.Text = End Sub Private Sub ListView1_SelectedIndexChanged(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles ListView1.SelectedIndexChanged End Sub End Class

    Read the article

  • A Security (encryption) Dilemma

    - by TravisPUK
    I have an internal WPF client application that accesses a database. The application is a central resource for a Support team and as such includes Remote Access/Login information for clients. At the moment this database is not available via a web interface etc, but one day is likely to. The remote access information includes the username and passwords for the client's networks so that our client's software applications can be remotely supported by us. I need to store the usernames and passwords in the database and provide the support consultants access to them so that they can login to the client's system and then provide support. Hope this is making sense. So the dilemma is that I don't want to store the usernames and passwords in cleartext on the database to ensure that if the DB was ever compromised, I am not then providing access to our client's networks to whomever gets the database. I have looked at two-way encryption of the passwords, but as they say, two-way is not much different to cleartext as if you can decrypt it, so can an attacker... eventually. The problem here is that I have setup a method to use a salt and a passcode that are stored in the application, I have used a salt that is stored in the db, but all have their weaknesses, ie if the app was reflected it exposes the salts etc. How can I secure the usernames and passwords in my database, and yet still provide the ability for my support consultants to view the information in the application so they can use it to login? This is obviously different to storing user's passwords as these are one way because I don't need to know what they are. But I do need to know what the client's remote access passwords are as we need to enter them in at the time of remoting to them. Anybody have some theories on what would be the best approach here? update The function I am trying to build is for our CRM application that will store the remote access details for the client. The CRM system provides call/issue tracking functionality and during the course of investigating the issue, the support consultant will need to remote in. They will then view the client's remote access details and make the connection

    Read the article

  • BadPaddingException in Android encrypt

    - by DarthRoman
    Hi everyone, I am making an Android application, and I want to encrypt a String before sending it to a DataBase, and encrytpion is correct. The problem is when I am going to decrypt the String, because I get a BadPaddingException and I have no idea where the problem is. Here is the code: public final static String HEX = "36A52C8FB7DF9A3F"; public static String encrypt(String seed, String cleartext) throws Exception { byte[] rawKey = getRawKey(seed.getBytes()); byte[] result = encrypt(rawKey, cleartext.getBytes()); return toHex(result); } public static String decrypt(String seed, String encrypted) throws Exception { byte[] rawKey = getRawKey(seed.getBytes()); byte[] enc = toByte(encrypted); byte[] result = decrypt(rawKey, enc); return new String(result); } public static String toHex(String txt) { return toHex(txt.getBytes()); } public static String fromHex(String hex) { return new String(toByte(hex)); } public static byte[] toByte(String hexString) { int len = hexString.length()/2; byte[] result = new byte[len]; for (int i = 0; i < len; i++) result[i] = Integer.valueOf(hexString.substring(2*i, 2*i+2), 16).byteValue(); return result; } public static String toHex(byte[] buf) { if (buf == null) return ""; StringBuffer result = new StringBuffer(2*buf.length); for (int i = 0; i < buf.length; i++) { appendHex(result, buf[i]); } return result.toString(); } private static byte[] getRawKey(byte[] seed) throws Exception { KeyGenerator kgen = KeyGenerator.getInstance("AES"); SecureRandom sr = SecureRandom.getInstance("SHA1PRNG"); sr.setSeed(seed); kgen.init(128, sr); // 192 and 256 bits may not be available SecretKey skey = kgen.generateKey(); byte[] raw = skey.getEncoded(); return raw; } private static byte[] encrypt(byte[] raw, byte[] clear) throws Exception { SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES"); Cipher cipher = Cipher.getInstance("AES"); cipher.init(Cipher.ENCRYPT_MODE, skeySpec); byte[] encrypted = cipher.doFinal(clear); return encrypted; } private static byte[] decrypt(byte[] raw, byte[] encrypted) throws Exception { SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES"); Cipher cipher = Cipher.getInstance("AES"); cipher.init(Cipher.DECRYPT_MODE, skeySpec); byte[] decrypted = cipher.doFinal(encrypted); return decrypted; } private static void appendHex(StringBuffer sb, byte b) { sb.append(HEX.charAt((b>>4)&0x0f)).append(HEX.charAt(b&0x0f)); } I encrypt and decrypt with this code: String encrypted = encrypt(HEX, "some text"); String decrypted = decrypt(HEX, encrypted); Can anyone help me please? Thank you very much!!

    Read the article

  • Write hash password to LDAP when creating a new user

    - by alibaba
    I am working on a project with a central user database system. One of the requirements of the system is that there should be only one set of users for all the application. FreeRADIUS and Samba are two my applications that both use LDAP as their backend. Since users must be the same for the entire system that contains many other applications, I have to read the list of users from the central database and recreate them in the LDAP directories for Samba and FreeRADIUS. The problem is that users are sent to me from another entity and I can save them in the database with their hash passwords. I don't have access to their cleartext passwords. I am wondering if I could enter directly a hash password for a new user in LDAP with my preferred hash mechanism. If not, can any one tell me what strategy I have to use? I am running my server on UBUNTU 12.04 and all other applications are the latest versions. My database system is PostgreSQL 9.2. Thank you

    Read the article

  • Verify linux user passwords

    - by zero_r
    Hi there I got a linux server that has several dozen users. I also have the cleartext password for every user (i know - bad security). I would like to know if the passwords are correct. Since the users are all ftp users and have the nologin shell, I cannot just write a script to check if login works. How can I do a local check on passwords? Script output could look like this: $ check_userpw < user_pw_list.txt user1 ok user2 ok user3 mismatch! user4 ok Thanks

    Read the article

  • Design practice for securing data inside Azure SQL

    - by Sid
    Update: I'm looking for a specific design practice as we try to build-our-own database encryption. Azure SQL doesn't support many of the encryption features found in SQL Server (Table and Column encryption). We need to store some sensitive information that needs to be encrypted and we've rolled our own using AesCryptoServiceProvider to encrypt/decrypt data to/from the database. This solves the immediate issue (no cleartext in db) but poses other problems like Key rotation (we have to roll our own code for this, walking through the db converting old cipher text into new cipher text) metadata mapping of which tables and which columns are encrypted. This is simple when it's just couple of columns (send an email to all devs/document) but that quickly gets out of hand ... So, what is the best practice for doing application level encryption into a database that doesn't support encryption? In particular, what is a good design to solve the above two bullet points? If you had specific schema additions would love it if you could give details ("Have a NVARCHAR(max) column to store the cipher metadata as JSON" or a SQL script/commands). If someone would like to recommend a library, I'd be happy to stay away from "DIY" too. Before going too deep - I assume there isn't any way I can add encryption support to Azure by creating a stored procedure, right?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

1 2  | Next Page >