Search Results

Search found 424 results on 17 pages for 'brendan salt'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 14/17 | < Previous Page | 10 11 12 13 14 15 16 17  | Next Page >

  • Programming habits, patterns, and standards that have developed out of appeal to tradition/by mistake? [closed]

    - by user828584
    Being self-taught, the vast majority of what I know about programming has come from reading other peoples' code on websites like this. I'm starting to wonder if I've developed bad or otherwise pointless habits from other people, or even just made invalid assumptions. For example, in javascript, void 0 is used in a lot of places, and until I saw this, I just assumed it was necessary and that 0 had some significance. Also, the http header, referer is misspelled but hasn't been changed because it would break a lot of applications. Also mentioned in Code Complete 2: The architecture should describe the motivations for all major decisions. Be wary of “we’ve always done it that way” justifications. One story goes that Beth wanted to cook a pot roast according to an award-winning pot roast recipe handed down in her husband’s family. Her husband, Abdul, said that his mother had taught him to sprinkle it with salt and pepper, cut both ends off, put it in the pan, cover it, and cook it. Beth asked, “Why do you cut both ends off?” Abdul said, “I don’t know. I’ve always done it that way. Let me ask my mother.” He called her, and she said, “I don’t know. I’ve always done it that way. Let me ask your grandmother.” She called his grandmother, who said, “I don’t know why you do it that way. I did it that way because it was too big to fit in my pan.” What are some other examples of this?

    Read the article

  • Authorization design-pattern / practice?

    - by Lawtonfogle
    On one end, you have users. On the other end, you have activities. I was wondering if there is a best practice to relate the two. The simplest way I can think of is to have every activity have a role, and assign every user every role they need. The problem is that this gets really messy in practice as soon as you go beyond a trivial system. A way I recently designed was to have users who have roles, and roles have privileges, and activities require some combinations of privileges. For the trivial case, this is more complex, but I think it will scale better. But after I implemented it, I felt like it was overkill for the system I had. Another option would be to have users, who have roles, and activities require you to have a certain role to perform with many activities sharing roles. A more complex variant of this would given activities many possible roles, which you only needed one of. And an even more complex variant would be to allow logical statements of role ownership to use an activity (i.e. Must have A and (B exclusive or C) and must not have D). I could continue to list more, but I think this already gives a picture. And many of these have trade offs. But in software design, there are oftentimes solutions, while perhaps not perfect in every possible case, are clearly top of the pack to an extent it isn't even considered opinion based (i.e. how to store passwords, plain text is worse, hashing better, hashing and salt even better, despite the increased complexity of each level) (i.e. 2, Smart UI designs for applications are bad, even if it is subjective as to what the best design is). So, is there a best practice for authorization design that is not purely opinion based/subjective?

    Read the article

  • what languages are good selling points on resume? [closed]

    - by Thomas Galvin
    I have a good amount of experience with C# and Java at the moment but after education and whatnot I wish to be able in more than just 2 high-level, comparatively limited languages, and from what I've seen languages like C(++) or PHP are in demand at the moment. I've thought about learning the following: C. Very standard, lightweight and available on everything. However very old and mostly procedural. C++. Standard like C but I've read in some places that it encourages bad programming design and use of dodgy libraries - but similar things have been said about C too so I'll take that with a grain of salt. D. Quite new but looks promising, but will it be relevant or applicable in the future though? PHP. With the internet becoming ever more important I think this might be the one to go with, but the code itself isn't very intuitive. CoffeeScript (or plain JavaScript). With Microsoft's new idea of HTML5+JS for everything under the sun this doesn't look like a bad choice. However things do change and I wish to be primarily a software dev, not web dev. So out of the above list, or any others that you could suggest, what would you say I should begin to focus on? What is your opinion on staying with C#?

    Read the article

  • Should I encrypt data in database?

    - by Tio
    I have a client, for which I'm going to do an Web application about patient care, managing patients, consults, history, calendars, everything about that basically. The problem is that this is sensitive data, patient history and such. The client insists on encrypting the data at the database level, but I think this is going to deteriorate the performance of the web app. ( But maybe I shouldn't be worried about this ) I've read the laws about data protection on health issues ( Portugal ), but isn't very specific about this ( I just questioned them about this, I'm waiting for their response ). I've read the following link, but my question is different, should I encrypt the data in the database, or not. One problem that I foresee in encrypting data, is that I'm going to need a key, this could be the user password, but we all know how user passwords are ( 12345 etc etc ), and generating a key I would have to store it somewhere, this means that the programmer, dba, whatever could have access to it, any thoughts on this? Even adding an random salt to the user password isn't going to solve the problem since I can always access it, and therefore decrypt the data.

    Read the article

  • Fusion Middleware 11gR1 : 3??????

    - by Hiroyuki Yoshino
    2011?3? (2011/03/08 ??)?Fusion Middleware 11gR1 ?????????????? ?????????????3??????? 1. Oracle iPlanet Web Proxy Server Oracle iPlanet Web Proxy Server???????4.0.14????4.0.15????????? ???????Release Notes (??) ?????????? ?????????????????????? Platforms: AIX, HP-UX Itanium, HP-UX PA-RISC, Linux x86, Linux x86-64, Microsoft Windows (32-bit), Microsoft Windows x64, Solaris (SPARC), Other Platforms 2. Oracle Security Governer Integration Kit ???????????? Oracle Security Governor??Healthcare??????????????????????????????????????????????????????????? ?????????????????????? Platforms: AIX, HP-UX Itanium, HP-UX PA-RISC, Linux x86, Linux x86-64, Microsoft Windows (32-bit), Microsoft Windows x64, Solaris (SPARC) 3. Oracle Tuxedo Oracle Tuxedo????????????????? Oracle Tuxedo System and Application Monitor (TSAM)????(11.1.1.2.0??11.1.1.2.1)????? Oracle Tuxedo JCA Adapter????(11.1.1.2.0??11.1.1.2.1)????? Oracle Service Architecture Leveraging Tuxedo (SALT)????(11.1.1.1.0??11.1.1.2.0)????? ???????????Oracle Tuxedo Application Runtime for CICS and Batch???Oracle Tuxedo Application Rehosting Workbench? ???????????????? CICS????????????????Oracle Tuxedo???????·??????????????·?????????????????COBOL????????????????JCL??????·????????????????????????????????????CICS?????????????????????????????????? ??????????? (??)?????????? ???Oracle Tuxedo?????????????????????????? Platforms: AIX, HP-UX Itanium, Linux x86, Linux x86-64, Microsoft Windows (32-bit), Microsoft Windows x64, Solaris (SPARC), Other Platforms ???????????????

    Read the article

  • Oracle Employees Support New World Record for IYF Children's Hour

    - by Maria Sandu
    Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 960 students ‘crouched’, ‘touched’ and ‘set’ under the watchful eye of International Rugby Referee Alain Roland, and supported by Oracle employees, to successfully set a new world record for the World’s Largest Scrum to raise funds and awareness for the Irish Youth Foundation. Last year Oracle Employees supported the Irish Youth Foundation by donating funds from their payroll through the Giving Tree Appeal. We were the largest corporate donor to the IYF by raising €3075. To acknowledge our generosity the IYF asked Oracle Leadership in Society team members to participate in their most recent campaign which was to break the Guinness Book of Records by forming the World’s Largest Rugby Scrum. This was a wonderful opportunity for Oracle’s Leadership in Society to promote the charity, support education and to make a mark in the Corporate Social Responsibility field. The students who formed the scrum also gave up their lunch money and raised a total of €3000. This year we hope Oracle Employees will once again support the IYF with the challenge to match that amount. On the 24th of October the sun shone down on the streaming lines of students entering the field. 480 students were decked out in bright red Oracle T-Shirts against the other 480 in blue and white jerseys - all ready to form a striking scrum. Ryan Tubridy the host of the event made the opening announcement and with the blow of a whistle the Scum began. 960 students locked tight together with the Leinster players also at each side. Leinster Manager Matt O’Connor was there along with presenters Ryan Tubridy and George Hook to assist with getting the boys in line and keeping the shape of the scrum. In accordance with Guinness Book of Records rules, the ball was fed into the scrum properly by Ireland and Leinster scrum-half, Eoin Reddan, and was then passed out the line to his Leinster team mates including Ian Madigan, Brendan Macken and Jordi Murphy, also proudly sporting the Oracle T-Shirt. The new World Record was made, everyone gave a big cheer and thankfully nobody got injured! Thank you to everyone in Oracle who donated last year through the Giving Tree Appeal. Your generosity has gone a long way to support local groups both. Last year’s donation was so substantial that the IYF were able to spread it across two youth groups: The first being Ballybough Youth Project in Dublin. The funding gave them the chance to give 24 young people from their project the chance to get away from the inner city and the problems and issues they face in their daily life by taking a trip to the Cavan Centre to spend a weekend away in a safe and comfortable environment; a very rare holiday in these young people’s lives. The Rahoon Family Centre. Used the money to help secure the long term sustainability of their project. They act as an educational/social/fun project that has been working with disadvantaged children for the past 16 years. Their aim is to change young people’s future with fun /social education and supporting them so they can maximize their creativity and potential. We hope you can help support this worthy cause again this year, so keep an eye out for the Children’s Hour and Giving Tree Appeal! About the Irish Youth Foundation The IYF provides opportunities for marginalised children and young people facing difficult and extreme conditions to experience success in their lives. It passionately believes that achievement starts with opportunity. The IYF’s strategy is based on providing safe places where children can go after school; to grow, to learn and to play; and providing opportunities for teenagers from under-served communities to succeed and excel in their lives. The IYF supports innovative grassroots projects operated by dedicated professionals who understand young people and care about them. This allows the IYF to focus on supporting young people at risk of dropping out of school and, in particular, on the critical transition from primary to secondary school; and empowering teenagers from disadvantaged neighborhoods to become engaged in their local communities. Find out more here www.iyf.ie

    Read the article

  • Why were namespaces removed from ECMAScript consideration?

    - by Bob
    Namespaces were once a consideration for ECMAScript (the old ECMAScript 4) but were taken out. As Brendan Eich says in this message: One of the use-cases for namespaces in ES4 was early binding (use namespace intrinsic), both for performance and for programmer comprehension -- no chance of runtime name binding disagreeing with any earlier binding. But early binding in any dynamic code loading scenario like the web requires a prioritization or reservation mechanism to avoid early versus late binding conflicts. Plus, as some JS implementors have noted with concern, multiple open namespaces impose runtime cost unless an implementation works significantly harder. For these reasons, namespaces and early binding (like packages before them, this past April) must go. But I'm not sure I understand all of that. What exactly is a prioritization or reservation mechanism and why would either of those be needed? Also, must early binding and namespaces go hand-in-hand? For some reason I can't wrap my head around the issues involved. Can anyone attempt a more fleshed out explanation? Also, why would namespaces impose runtime costs? In my mind I can't help but see little difference in concept between a namespace and a function using closures. For instance, Yahoo and Google both have YAHOO and google objects that "act like" namespaces in that they contain all of their public and private variables, functions, and objects within a single access point. So why, then, would a namespace be so significantly different in implementation? Maybe I just have a misconception as to what a namespace is exactly.

    Read the article

  • WCF Service Client Lifetime

    - by Burt
    I have a WPF appliction that uses WCF services to make calls to the server. I use this property in my code to access the service private static IProjectWcfService ProjectService { get { _projectServiceFactory = new ProjectWcfServiceFactory(); return _projectServiceFactory.Create(); } } The Create on the factory looks like this public IProjectWcfService Create() { _serviceClient = new ProjectWcfServiceClient(); //ToDo: Need some way of saving username and password _serviceClient.ClientCredentials.UserName.UserName = "Brendan"; _serviceClient.ClientCredentials.UserName.Password = "password"; return _serviceClient; } To access the service methods I use somethingn like the following. ProjectService.Save(dto); Is this a good approach for what I am trying to do? I am getting an errorthat I can't track down that I think may be realted to having too many service client connections open (is this possible?) notice I never close the service client or reuse it. What would the best practice for WCF service client's be for WPF calling? Thanks in advance...

    Read the article

  • Thoughts on security model to store credit card details

    - by Faisal Abid
    Here is the model we are using to store the CC details how secure does this look? All our information is encrypted using public key encryption and the keypair is user dependent (its generated on the server and the private key is symmetric encrypted using the users password which is also Hashed on the database) So basically on first run the user sends in his password via a SSL connection and the password is used with the addition of salt to generate an MD5 hash, also the password is used to encrypt the private key and the private key is stored on the server. When the user wants to make a payment, he sends his password. The password decrypts the private key, and the private key decrypts the CC details and the CC details are charged.

    Read the article

  • What is an s2k algorithm?

    - by WilliamKF
    What is the definition of an s2k algorithm? For example, "PBKDF2(SHA-1)" is an s2k algorithm. Here is some Botan code that refers to s2k: AutoSeeded_RNG rng; std::auto_ptr<S2K> s2k(get_s2k("PBKDF2(SHA-1)")); s2k->set_iterations(8192); s2k->new_random_salt(rng, 8); SymmetricKey bc_key = s2k->derive_key(key_len, "BLK" + passphrase); InitializationVector iv = s2k->derive_key(iv_len, "IVL" + passphrase); SymmetricKey mac_key = s2k->derive_key(16, "MAC" + passphrase); Also, what is a 'salt' in s2k?

    Read the article

  • How can I hide a database column in the entity model?

    - by Nick Butler
    Hi. I'm using the Entity Framework 4 and have a question: I have a password column in my database that I want to manage using custom SQL. So I don't want the model to know anything about it. I've tried deleting the property in the Mapping Details window, but then I got a compilation error: Error 3023: Problem in mapping fragments starting at line 1660:Column User.Password in table User must be mapped: It has no default value and is not nullable. So, I made the column nullable in the database and updated the model. Now I get this error: Error 3004: Problem in mapping fragments starting at line 1660:No mapping specified for properties User.Password, User.Salt in Set Users. An Entity with Key (PK) will not round-trip when: Entity is type [UserDirectoryModel.User] Any ideas please? Thanks, Nick

    Read the article

  • ArgumentOutOfRangeException at MySql execution. (MySqlConnector .NET)

    - by Lazlo
    I am getting this exception from a MySqlCommand.ExecuteNonQuery(): Index and length must refer to a location within the string. Parameter name: length The command text is as follows: INSERT INTO accounts (username, password, salt, pin, banned, staff, logged_in, points_a, points_b, points_c, birthday) VALUES ('adminb', 'aea785fbcac7f870769d30226ad55b1aab850fb0979ee00481a87bc846744a646a649d30bca5474b59e4292095c74fa47ae6b9b3a856beef332ff873474cc0d3', 'cb162ef55ff7c58c7cb9f2a580928679', '', '0, '0', '0', '0', '0', '0', '2010-04-18') Sorry for the long string, it is a SHA512 hash. I tried manually adding this data in the table from MySQL GUI tools, and it worked perfectly. I see no "out of range" problem in these strings. Does anybody see something wrong?

    Read the article

  • Quick MySQLi security question

    - by Benjamin Falk
    I have a quick MySQLi security related question... For example, take a look at this code (gets in put from the user, checks it against the database to see if the username/password combination exist): $input['user'] = htmlentities($_POST['username'], ENT_QUOTES); $input['pass'] = htmlentities($_POST['password'], ENT_QUOTES); // query db if ($stmt = $mysqli->prepare("SELECT * FROM members WHERE username=? AND password = ?")) { $stmt->bind_param("ss", $input['user'], md5($input['pass'] . $config['salt'])); $stmt->execute(); $stmt->store_result(); // check if there is a match in the database for the user/password combination if ($stmt->num_rows > 0) {} } In this case, I am using htmlentities() on the form data, and using a MySQLi prepared statement. Do I still need to be using mysql_real_escape_string()?

    Read the article

  • Initializing "new users" in Rails

    - by mathee
    I'm creating a Ruby on Rails application, and I'm trying to create/login/logout users. This is the schema for Users: create_table "users", :force => true do |t| t.string "first_name" t.string "last_name" t.text "reputation" t.integer "questions_asked" t.integer "answers_given" t.string "request" t.datetime "created_at" t.datetime "updated_at" t.string "email_hash" t.string "username" t.string "hashed_password" t.string "salt" end The user's personal information (username, first/last names, email) is populated through a POST. Other things such as questions_asked, reputation, etc. are set by the application, so should be initialized when we create new users. Right now, I'm just setting each of those manually in the create method for UsersController: def create @user = User.new(params[:user]) @user.reputation = 0 @user.questions_asked = 0 @user.answers_given = 0 @user.request = nil ... end Is there a more elegant/efficient way of doing this?

    Read the article

  • CakePHP: Why does adding 'Security' component break my app?

    - by Steve
    I have a strange problem -- of my own making -- that's cropped up, and is driving me crazy. At some point, I inadvertently destroyed a file in the app/tmp directory...I'm not sure which file. But now my app breaks when I include the "Security" component, and works just fine when it's not included. I'm thinking it might be related to the Security.salt value somehow, or possibly to the saved session info, but I don't really have a deep enough knowledge of CakePHP to figure it out. Can anyone offer any insight here?

    Read the article

  • Passing an array into hidden_field ROR

    - by JZ
    I'm trying to pass an array into a hidden_field. The following User has 3 roles [2,4,5] >> u = User.find_by_login("lesa") => #<User id: 5, login: "lesa", email: "[email protected]", crypted_password: "0f2776e68f1054a2678ad69a3b28e35ad9f42078", salt: "f02ef9e00d16f1b9f82dfcc488fdf96bf5aab4a8", created_at: "2009-12-29 15:15:51", updated_at: "2010-01-06 06:27:16", remember_token: nil, remember_token_expires_at: nil> >> u.roles.map(&:id) => [2, 4, 5] Users/edit.html.erb <% form_for @user do |f| -%> <%= f.hidden_field :role_ids, :value => @user.roles.map(&:id) %> When I submit my edit form, I receive an error: ActiveRecord::RecordNotFound in UsersController#update "Couldn't find Role with ID=245" How can I pass an array into the hidden_field?

    Read the article

  • Why is Read-Modify-Write necessary for registers on embedded systems?

    - by Adam Shiemke
    I was reading http://embeddedgurus.com/embedded-bridge/2010/03/different-bit-types-in-different-registers/, which said: With read/write bits, firmware sets and clears bits when needed. It typically first reads the register, modifies the desired bit, then writes the modified value back out and I have run into that consrtuct while maintaining some production code coded by old salt embedded guys here. I don't understand why this is necessary. When I want to set/clear a bit, I always just or/nand with a bitmask. To my mind, this solves any threadsafe problems, since I assume setting (either by assignment or oring with a mask) a register only takes one cycle. On the other hand, if you first read the register, then modify, then write, an interrupt happening between the read and write may result in writing an old value to the register. So why read-modify-write? Is it still necessary?

    Read the article

  • Salting example in Zend Framework

    - by Geoffrey
    Hello all, I am pretty new to the Zend framework and looking to build an application with pretty tight password security. I have been trying to follow the user guides in relation to password salting but haven't had any luck so far. I have setup my database and table adapter (As described in the documentation on the Zend Framework site but it didn't seem to finish the example (or I am not following well enough!) I have started with: $authAdapter = new Zend_Auth_Adapter_DbTable($dbAdapter, 'users', 'username', 'password', "MD5(CONCAT('".Zend_Registry::get('staticSalt')."', ?, password_salt))" ); But from here, what is done with the password salt? I just need an example and I'll be away! Does anyone have an example or point me in the right direction?? Many thanks!

    Read the article

  • Is an ORM redundant with a NoSQL API?

    - by Earlz
    Hello, with MongoDB (and I assume other NoSQL database APIs worth their salt) the ways of querying the database are much more simplistic than SQL. There is no tedious SQL queries to generate and such. For instance take this from mongodb-csharp: using MongoDB.Driver; Mongo db = new Mongo(); db.Connect(); //Connect to localhost on the default port. Document query = new Document(); query["field1"] = 10; Document result = db["tests"]["reads"].FindOne(query); db.Disconnect(); How could an ORM even simplify that? Is an ORM or other "database abstraction device" required on top of a decent NoSQL API?

    Read the article

  • Prevent PHP sesison hijack, are these good ideas?

    - by matthew Rhodes
    I'm doing a simple shopping cart for a small site. I plan to store cart items as well as logged in user_id in session variables. to make things a little more secure, I thought I'd do this: sha1() the user_id before storing it in the session. Also sha1() and store the http_user_agent var with some salt, and check this along with the user_id. I know there is more one can do, but I thought this at least helps quite a bit right? and is easy for me to implement.

    Read the article

  • Using a password to generate two distinct hashes without reducing password security

    - by Nevins
    Hi there, I'm in the process of designing a web application that will require the storage of GPG keys in an encrypted format in a database. I'm planning on storing the user's password in a bCrypt hash in the database. What I would like to be able to do is to use that bCrypt to authenticate the user then use the combination of the stored bCrypt hash and another hash of the password to encrypt and decrypt the GPG keys. My question is whether I can do this without reducing the security of the password? I was thinking I may be able to use something like an HMAC-SHA256 of a static string using the password and a salt as the secret key. Is there a better way to do this that I haven't thought of? Thanks

    Read the article

  • Secure password transmission over unencrypted tcp/ip

    - by academicRobot
    I'm in the designing stages of a custom tcp/ip protocol for mobile client-server communication. When not required (data is not sensitive), I'd like to avoid using SSL for overhead reasons (both in handshake latency and conserving cycles). My question is, what is the best practices way of transmitting authentication information over an unencrypted connection? Currently, I'm liking SRP or J-PAKE (they generate secure session tokens, are hash/salt friendly, and allow kicking into TLS when necessary), which I believe are both implemented in OpenSSL. However, I am a bit wary since I don't see many people using these algorithms for this purpose. Would also appreciate pointers to any materials discussing this topic in general, since I had trouble finding any.

    Read the article

  • rails db migration, undefined method `to_sym', cant figure out syntax

    - by oelbrenner
    the original migration looks like this: class CreateUsers true do |t| t.string :login, :limit = 40 t.string :name, :limit = 100, :default = '', :null = true t.string :email, :limit = 100 t.string :crypted_password, :limit = 40 t.string :salt, :limit = 40 t.string :remember_token, :limit = 40 t.datetime :remember_token_expires_at t.string :activation_code, :limit = 40 t.datetime :activated_at, :datetime t.string :state, :null = :no, :default = 'passive' t.datetime :deleted_at t.integer :occupation_id, :null = :yes t.datetime :paid_up_to_date, :date t.timestamps end and I am trying to change the default of "state" to be "active" instead of passive so my attempt at a migration looks like this: ( still learning.. be gentle ) class ChangeUserStateDefault < ActiveRecord::Migration def self.up change_column :users, :state, :null = :no, :default = 'active' end def self.down end end

    Read the article

  • Why does cisco IOS require domain-name to be set before SSH keys can be generated?

    - by Daniel Papasian
    Is there a technical reason why IOS requires the device's domain-name to be set (via ip domain-name) before an SSH key can be generated? Is the domain-name used in any way in the generation of the key? Is there any way to force the generation of a key before the domain name is set? UPDATE: Myself (before I posted this question) and others in your answer seem to think it may be used as either a salt or a source of entropy for the key. Wouldn't the domain-name be very predictable? This doesn't seem like a suitable source of entropy.

    Read the article

  • Android and PHP - Do I need to use sessions?

    - by jtnire
    I have created an Android App that communicates with a PHP web server. They both send JSON to each other. My App is almost finished, however there is one thing left to do: authentication. Since the user's username and password will be stored in Android SharedPreferences, is there any need to use PHP sessions, given that the user won't need to enter the username/password at every request? Since I can just send the username and password in the HTTP POST header for every request, and that I will be using SSL, is this sufficient? I guess I could add an extra field in the header called 'random' that just adds a random value, just to use as a salt so that the encrypted SSL payload will be different everytime. The reason why I don't want to use sessions is that my Android App would either have to handle cookies, or managed the storage of the session ID. If there are some serious cons to using my method above, then I'm more than happy to use sessions, however all advice is appreciated. Thanks

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 10 11 12 13 14 15 16 17  | Next Page >