Search Results

Search found 4187 results on 168 pages for 'secure erase'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 147/168 | < Previous Page | 143 144 145 146 147 148 149 150 151 152 153 154  | Next Page >

  • Set up Gitosis, but can't clone

    - by Tim Rupe
    I've set up Gitosis on a remote Ubuntu box which I will refer to as linuxserver as my host in the following commands. I'm also connecting from a Windows box using Cygwin. I followed the instructions according to: http://scie.nti.st/2007/11/14/hosting-git-repositories-the-easy-and-secure-way I had no problems up until I needed to clone the gitosis-admin repository to my local machine git clone git@linuxserver:gitosis-admin.git When I do this, the command executes, but hangs there displaying nothing until I ctrl-c to get back to a command prompt. No messages are displayed at all. I'm pretty sure I have my ssh keys set up properly, because logging in using "ssh linuxserver" into my regular account works perfectly without asking for a password. Edit: Over the weekend I set up a near identical Ubuntu box at home, and had no problem setting up Gitosis. The only difference was that I was connecting from OSX instead of Cygwin. Edit: I've also discovered that when using the Bash Shell provided with "Git Extensions", I have no problems, so the issue definitely seems to be some kind of Cygwin conflict. Edit: Just an update, but about a month after posting this question, I switched to Mercurial, and found that I prefer it much more than git. Thanks for the suggestions, but I don't plan on going back to git to try any of them out.

    Read the article

  • Custom basic authentication fails in IIS7

    - by manu08
    I have an ASP.NET MVC application, with some RESTful services that I'm trying to secure using custom basic authentication (they are authenticated against my own database). I have implemented this by writing an HTTPModule. I have one method attached to the HttpApplication.AuthenticateRequest event, which calls this method in the case of authentication failure: private static void RejectWith401(HttpApplication app) { app.Response.StatusCode = 401; app.Response.StatusDescription = "Access Denied"; app.CompleteRequest(); } This method is attached to the HttpApplication.EndRequest event: public void OnEndRequest(object source, EventArgs eventArgs) { var app = (HttpApplication) source; if (app.Response.StatusCode == 401) { string val = String.Format("Basic Realm=\"{0}\"", "MyCustomBasicAuthentication"); app.Response.AppendHeader("WWW-Authenticate", val); } } This code adds the "WWW-Authenticate" header which tells the browser to throw up the login dialog. This works perfectly when I debug locally using Visual Studio's web server. But it fails when I run it in IIS7. For IIS7 I have the built-in authentication modules all turned off, except anonymous. It still returns an HTTP 401 response, but it appears to be removing the WWW-Authenticate header. Any ideas?

    Read the article

  • Correct usage of addEventListener() /attachEvent()?

    - by ginny
    Hi guys! I'm wondering how to use "addEventListener" resp. "attachEvent" correctly!? window.onload=function(myFunc1){ // do something } function myFunc2(){ // do something } if (window.addEventListener){ window.addEventListener('load', myFunc2, false); } else if (window.attachEvent){ window.attachEvent('onload', myFunc2); } ... or function myFunc1(){ // do something } if (window.addEventListener){ window.addEventListener('load', myFunc1, false); } else if (window.attachEvent){ window.attachEvent('onload', myFunc1); } function myFunc2(){ // do something } if (window.addEventListener){ window.addEventListener('load', myFunc2, false); } else if (window.attachEvent){ window.attachEvent('onload', myFunc2); } ... ? Is this cross-browser secure or should I better go with sth. like this: function myFunc1(){ // do something } function myFunc2(){ // do something } ... function addOnloadEvent(fnc){ if ( typeof window.addEventListener != "undefined" ) window.addEventListener( "load", fnc, false ); else if ( typeof window.attachEvent != "undefined" ) { window.attachEvent( "onload", fnc ); } else { if ( window.onload != null ) { var oldOnload = window.onload; window.onload = function ( e ) { oldOnload( e ); window[fnc](); }; } else window.onload = fnc; } } addOnloadEvent(myFunc1); addOnloadEvent(myFunc2); ... AND: Say "myfunc2" is for IE 7 only. How to modify the correct/preferred method accordingly? Thank you so much!

    Read the article

  • Submit WordPress form programmatically

    - by songdogtech
    How can I let a user access a WordPress protected page with a URL that will submit the password in the form below? I want to be able to let a user get to a password protected WordPress page without needing to type the password, so when they go to the page, the password is submitted by a POST URL on page load. This not intended to be secure in any respect; I'll need to hardcode the password in the URL and the PHP. It's just for simplicity for the user, and once they're in, the cookie will let them in for 10 more days. I will select the particular user with separate PHP function that determines their IP or WordPress login status. I used Wireshark to find the POST string: post_password=mypassword&Submit=Submit but using this URL mydomain.com/wp-pass.php?post_password=mypassword&Submit=Submit gives me a blank page. This is the form: <form action="http://mydomain.com/wp-pass.php" method="post"> Password: <input name="post_password" type="password" size="20" /> <input type="submit" name="Submit" value="Submit" /></form> This is wp-pass.php: <?php require( dirname(__FILE__) . '/wp-load.php'); if ( get_magic_quotes_gpc() ) $_POST['post_password'] = stripslashes($_POST['post_password']); setcookie('wp-postpass_' . COOKIEHASH, $_POST['post_password'], time() + 864000, COOKIEPATH); wp_safe_redirect(wp_get_referer()); ?> What am I doing wrong? Or is there a better way to let a user into a password protected page automatically?

    Read the article

  • send email C# using smtp server with username password authentification

    - by KK
    I have a piece of code that sends email.. heres the code This is not working for me. This a remote smtp service ... and i double checked that email web access works fine .. i can login using the gui, recieve and send emails. But when i try to do it through code .. it fails with the message ... {System.Net.Mail.SmtpException: The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.7.0 No AUTH command has been given. Can anybody advise ... and also they dont have EWS exposed ie.e exchange web service ./.. this is the way to go .. port is 25 and no SSL or TLS Button b = sender as Button; try { MailMessage msg = new MailMessage(senderEmail, recieverEmail, "afdasfas", "safasfa"); //MailMessage msg = new MailMessage(senderEmail, recieverEmail, subject, subject); System.Net.Mail.SmtpClient mailclient = new System.Net.Mail.SmtpClient(EmailSmtpServer, outgoingPort); System.Net.NetworkCredential auth = new System.Net.NetworkCredential(senderEmail, senderPassword); mailclient.Host = EmailSmtpServer; mailclient.UseDefaultCredentials = false; mailclient.Credentials = auth; mailclient.Send(msg); MessageBox.Show(b.Content + ":WORKED"); } catch (Exception e4) { MessageBox.Show(b.Content + ": " +e4.Message); MessageBox.Show(b.Content + ": " + e4.StackTrace); }

    Read the article

  • Tomcat 4.1.31 - HTTPS not working intermittently | "Page Cannot be Displayed" problems

    - by cedar715
    We are facing this error intermittently. If we restart the server it works for some time and again the problem start. We also have another load balanced server with similar configuration and that is working fine. The server is running on Linux box. If we do the "ps -ef" its listing the TOMCAT process. URL : https://xyz.abc.com:9234/axis/servlet/AxisServlet Following the configuration in server.xml file. <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" port="9234" minProcessors="5" maxProcessors="75" enableLookups="true" acceptCount="100" debug="0" scheme="https" secure="true" useURIValidationHack="false" disableUploadTimeout="true"> <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory" clientAuth="false" protocol="TLS" /> </Connector> Is it the problem with our load balancer which is forwarding most requests to this server? Is it any way related to the "maxProcessors" or "acceptCount" attributes defined in the above configuration? Is it the problem with the port number?? Does it have to do any thing with the certificate. The certificate is generated using Java Keytool. ( However, the other load balanced server is also using the same certificate and working fine) Please suggest in resolving this issue. thanks

    Read the article

  • php user authentication libraries / frameworks ... what are the options?

    - by es11
    I am using PHP and the codeigniter framework for a project I am working on, and require a user login/authentication system. For now I'd rather not use SSL (might be overkill and the fact that I am using shared hosting discourages this). I have considered using openID but decided that since my target audience is generally not technical, it might scare users away (not to mention that it requires mirroring of login information etc.). I know that I could write a hash based authentication (such as sha1) since there is no sensitive data being passed (I'd compare the level of sensitivity to that of stackoverflow). That being said, before making a custom solution, it would be nice to know if there are any good libraries or packages out there that you have used to provide semi-secure authentication? I am new to codeigniter, but something that integrates well with it would be preferable. Any ideas? (i'm open to criticism on my approach and open to suggestions as to why I might be crazy not to just use ssl). Thanks in advance. Update: I've looked into some of the suggestions. I am curious to try out zend-auth since it seems well supported and well built. Does anyone have experience with using zend-auth in codeigniter (is it too bulky?) and do you have a good reference on integrating it with CI? I do not need any complex authentication schemes..just a simple login/logout/password-management authorization system. Also, dx_auth seems interesting as well, however I am worried that it is too buggy. Has anybody else had success with this? I realized that I would also like to manage guest users (i.e. users that do not login/register) in a similar way to stackoverflow..so any suggestions that have this functionality would be great

    Read the article

  • Powershell invoke-command with PSCredential in line

    - by jaffa
    I need to be able to run a command on another server. This script acts as a bootstrap to another script which is run on the actual server. This works great on servers on the same domain, but if I need to run this script on a remote server, I need to specify credentials. The command is kicked off from a Msbuild targets file like so: <Target Name="PreDeployment" Condition="true" BeforeTargets="MSDeployPublish"> <Exec Command="powershell.exe -ExecutionPolicy Bypass invoke-command bootstrapScript.ps1 -computername $(MyServer) -argumentlist param1, param2" /> </Target> However, I need to be able to supply the credentials by creating a new PSCredentials object with a secure password for my deployment script to run on a remote server: <Target Name="PreDeployment" Condition="true" BeforeTargets="MSDeployPublish"> <Exec Command="powershell.exe -ExecutionPolicy Bypass invoke-command bootstrapScript.ps1 -computername $(MyServer) -credential New-Object System.Management.Automation.PSCredential ('admin', (convertto-securestring $(Password) -asplaintext -force)) -argumentlist param1, param2" /> </Target> When I run the build, a dialog pops up with the username set to System.Management.Automation.PSCredential. I need to be able to create the credentials in-line on the executable target. How do I accomplish this?

    Read the article

  • Strategy for WCF server with .Net clients and Android clients?

    - by D.H.
    I am using WCF to write a server that should be able to communicate with .Net clients, Android clients and possibly other types of clients. The main type of client is a desktop application that will be written in .Net. This client will usually be on the same intranet as the server. It will make an initial call to the server to get the current state of the system and will then receive updates from the server whenever a value changes. These updates are frequent, perhaps once a second. The Android clients will connect over the Internet. This client is also interested in updates, but it is not as critical as for the desktop client so a (less frequent) polling scenario might be acceptable. All clients will have to login to use the services, and when connecting over the Internet the connection should be secure. I am familiar with WCF but I am not sure what bindings are most appropriate for the scenario and what security solution to use. Also, I have not used Android, but I would like to make it as simple as possible for the person implementing the Android client to consume my services. So, what is my strategy?

    Read the article

  • Session hijacking prevention...how far will my script get me? additional prevention procedures?

    - by Yusaf Khaliq
    When the user logs in the current session vairables are set $_SESSION['user']['timeout'] = time(); $_SESSION['user']['ip'] = $_SERVER['REMOTE_ADDR']; $_SESSION['user']['agent'] = $_SERVER['HTTP_USER_AGENT']; In my common.php page (required on ALL php pages) i have used the below script, which resets a 15 minute timer each time the user is active furhtermore checks the IP address and checks the user_agent, if they do not match that as of when they first logged in/when the session was first set, the session is unset furthermore with inactivity of up to 15 minutes the session is also unset. ... is what i have done a good method for preventing session hijacking furthermore is it secure and or is it enough? If not what more can be done? if(!empty($_SESSION['user'])){ if ($_SESSION['user']['timeout'] + 15 * 60 < time()) { unset($_SESSION['user']); } else { $_SESSION['user']['timeout'] = time(); if($_SESSION['user']['ip'] != $_SERVER['REMOTE_ADDR']){ unset($_SESSION['user']); } if($_SESSION['user']['agent'] != $_SERVER['HTTP_USER_AGENT']){ unset($_SESSION['user']); } } }

    Read the article

  • Django - how to write users and profiles handling in best way?

    - by SpankMe
    Hey, I am writing simple site that requires users and profiles to be handled. The first initial thought is to use django's build in user handling, but then the user model is too narrow and does not contain fields that I need. The documentation mentions user profiles, but user profiles section has been removed from djangobook covering django 1.0 (ideally, the solution should work with django 1.2), and the Internet is full of different solutions, not making the choice easier (like user model inheritance, user profiles and django signals, and so on). I would like to know, how to write this in good, modern, fast and secure way. Should I try to extend django builtin user model, or maybe should I create my own user model wide enough to keep all the information I need? Below you may find some specifications and expectations from the working solution: users should be able to register and authenticate every user should have profile (or model with all required fields) users dont need django builtin admin panel, but they need to edit their profiles/models via simple web form Please, let me know how do you solve those issues in your applications, and what is the best current way to handle users with django. Any links to articles/blogs or code examples are highly appreciated!

    Read the article

  • Unwanted debug session

    - by b3y4z1d
    Try this code I created,when I use it in Borland C++ and try the remove-function a debug session opens up and it points to a file called "xstring",and it is saying "EAccessViolation". it points to this line in the file: return (compare(0, _Mysize, _Right._Myptr(), _Right.size())); //--------------------------------------------------------------------------- #include<iostream> #include<string> #include<fstream> #include<list> #pragma hdrstop using namespace std; struct Mail{ string name; string ammount; }; //---------------------------Call_Functions----------------------------- void new_mail(list<Mail>& l); void show_mail(list<Mail> l); void remove(list<Mail>& l); //---------------------------------Menu-------------------------------------- #pragma argsused int main(int argc, char* argv[]) { list<Mail> mail; bool contin = true; char answ; do{ cout<<'\n'<<'\t'<<'\t'<<"Menu"<<endl <<'\t'<<'\t'<<"----"<<endl <<"1. New mail"<<endl <<"2. Show mail"<<endl <<"3. Remove mail"<<endl <<"4. Exit"<<endl<<endl; cin>>answ; cin.ignore(1000, '\n'); switch (answ) { case '1': new_mail(mail); break; case '2': show_mail(mail); break; case '3': remove(mail); break; case '4': exit(1); default: cout<<"Choice not recognized"; } } while(contin); return 0; } //------------------------------Functions------------------------------------- //------------------------------New_mail-------------------------------------- void new_mail(list<Mail>& l){ Mail p; cout<<endl<<"Type in the name of the new mail "; getline(cin, p.name); cout<<"Now type in the cost: "; getline(cin, p.ammount); l.push_back(p); } //------------------------------Show_Mail------------------------------------- void show_mail(list<Mail> l){ list<Mail>::iterator it; cout<<"\nAll mail:\n\n"; for (it = l.begin(); it != l.end(); it++) { cout<<(*it).name<<'\t'<<'\t'<<(*it).ammount<<endl; } } //------------------------------Remove---------------------------------------- void remove(list<Mail>& l){ list<Mail>::iterator it; string name; cout<<endl<<"What is the name of the mail you want to remove?: "; getline(cin, name); for (it = l.begin(); it != l.end(); it++) { if ((*it).name == name) { l.erase(it); } } } //------------------------------End----------------------------------------- Why does it show this error,and how can I solve it?

    Read the article

  • Authentication using cookie key with asynchronous callback

    - by greg
    I need to write authentication function with asynchronous callback from remote Auth API. Simple authentication with login is working well, but authorization with cookie key, does not work. It should checks if in cookies present key "lp_login", fetch API url like async and execute on_response function. The code almost works, but I see two problems. First, in on_response function I need to setup secure cookie for authorized user on every page. In code user_id returns correct ID, but line: self.set_secure_cookie("user", user_id) does't work. Why it can be? And second problem. During async fetch API url, user's page has loaded before on_response setup cookie with key "user" and the page will has an unauthorized section with link to login or sign on. It will be confusing for users. To solve it, I can stop loading page for user who trying to load first page of site. Is it possible to do and how? Maybe the problem has more correct way to solve it? class BaseHandler(tornado.web.RequestHandler): @tornado.web.asynchronous def get_current_user(self): user_id = self.get_secure_cookie("user") user_cookie = self.get_cookie("lp_login") if user_id: self.set_secure_cookie("user", user_id) return Author.objects.get(id=int(user_id)) elif user_cookie: url = urlparse("http://%s" % self.request.host) domain = url.netloc.split(":")[0] try: username, hashed_password = urllib.unquote(user_cookie).rsplit(',',1) except ValueError: # check against malicious clients return None else: url = "http://%s%s%s/%s/" % (domain, "/api/user/username/", username, hashed_password) http = tornado.httpclient.AsyncHTTPClient() http.fetch(url, callback=self.async_callback(self.on_response)) else: return None def on_response(self, response): answer = tornado.escape.json_decode(response.body) username = answer['username'] if answer["has_valid_credentials"]: author = Author.objects.get(email=answer["email"]) user_id = str(author.id) print user_id # It returns needed id self.set_secure_cookie("user", user_id) # but session can's setup

    Read the article

  • .NET proxy detection

    - by Ziplin
    I am having an issue with .NET detecting the proxy settings configured through internet explorer. I'm writing a client application that supports proxies, and to test I set up an array of 9 squid servers to support various authentication methods for HTTP and HTTPs. I have a script that updates IE to whichever configuration I choose (which proxy, detection via "Auto", PAC, or hardcode). I have tried the 3 methods below to detect the IE configuration through .NET. On occassion I notice that .NET picks up the wrong set of proxy servers. IE has the correct settings, and if I browse the web with IE, I can see I am hitting the correct servers via wireshark. WebRequest.GetSystemWebProxy().GetProxy(destination); GlobalProxySelection.Select.GetProxy(destination); WebRequest.DefaultWebProxy Here are the following tips I have: My script sets a PAC file on a webserver, and updates the configuration in IE, then clears IE's cache .NET seems to get "stuck" on a certain proxy configuration, and I have to set another configuration for .NET to realize there was a change. Occasionally it seems to pick some random set of servers (I'm sure they're not random, just a set of servers I used once and are in some cached PAC file or something). As in, I will check the proxy for the destination "https://www.secure.com" and I may have IE configured for and thus expect to get "http://squidserver:18" and instead it will return "http://squidserver:28" (port 18 runs NTLM, 28 runs without authentication). All the squid servers work. This does not appear to be an issue on XP, only Vista, 2003, and windows 7. Hardcoding the proxy servers in IE ALWAYS works Time always solves the issue - if I leave the computer for about 20 or 30 minutes and come back, .NET picks up the correct proxy settings, as if a cached PAC script expired.

    Read the article

  • using mod-rewrite to redirect requests for jquery.js to GoogleAPI cache

    - by Aditya Advani
    Hi All, Our Linux server with Apache 2.x, Plesk 8.x hosts a number of e-commerce websites. To take advantage of browser caching we would like to use Google's provided copy of jquery.js. Hence in the vhost.conf file of each we can use the following RewriteRule RewriteCond %{REQUEST_FILENAME} jquery.min.js [nc] RewriteRule . http://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js [L] And in vhost_ssl.conf RewriteCond %{REQUEST_FILENAME} jquery.min.js [nc] RewriteRule . https://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js [L] OK now these rules work fine in the individual vhost.conf files of each domain. However we host over 200 domains, I would like for them to work but cannot seem to get them to work globally in the httpd.conf file. Challenges are the following: Get the rewriterule to work in httpd.conf Detect if HTTPS is on, and if it is and the is is a secure page, rewrite to ... Each individual domain will still have it's own custom mod-rewrite rules. Which rules take precedence - global or per-domain? Do they combine? Is it ok if I have the "RewriteEngine On" directive in the global httpd.conf and then again in the vhost.conf? Please let me know what your guys' suggestions are. Desperate for a solution to this problem.

    Read the article

  • Implement user authentication against remote DB with a Web Service

    - by Juan González
    I'm just starting reasearch about the best way to implement user authentication within my soon-to-be app. This is what I have so far: A desktop (Windows) application on a remote server. That application is accessed locally with a browser (it has a web console and MS SQL Server to store everything). The application is used with local credendials stored in the DB. This is what I'd like to accompllish: Provide access to some information on that SQL Server DB from my app. That access of course must be granted once a user has id himself with valid credentials. This is what I know so far: How to create my PHP web service and query info from a DB using JSON. How to work with AFNetworking libraries to retrieve information. How to display that info on the app. What I don't know is which could be the best method to implement user authentication from iOS. Should I send username and password? Should I send some hash? Is there a way to secure the handshake? I'd for sure appreciate any advise, tip, or recommendation you have from previous experience. I don't want to just implement it but instead I want to do it as good as possible.

    Read the article

  • How can I protect my .NET assemblies from decompilation?

    - by Holli
    One if the first things I learned when I started with C# was the most important one. You can decompile any .NET assembly with Reflector or other tools. Many developers are not aware of this fact and most of them are shocked when I show them their source code. Protection against decompilation is still a difficult task. I am still looking for a fast, easy and secure way to do it. I don't want to obfuscate my code so my method names will be a,b,c or so. Reflector or other tools should be unable to recognize my application as .NET assembly at all. I know about some tools already but they are very expensive. Is there any other way to protect my applications? EDIT: The reason for my question is not to prevent piracy. I only want to stop competitors from reading my code. I know they will and they already did. They even told me so. Maybe I am a bit paranoid but business rivals reading my code doesn't make me feel good.

    Read the article

  • Paypal Encrypted Website payments

    - by John Isaacks
    I am trying to integrate a PayPal Website Payments Standard Cart Upload payment type into my shopping cart. I integrated Google Checkout a while back and I did not find it overly confusing as I do paypal. I am getting info on how to encrypt it from here: https://cms.paypal.com/us/cgi-bin/?&cmd=_render-content&content_ID=developer/e_howto_html_encryptedwebpayments#id08A3I0P017Q Paypal says I need to generate a private key and a public certificate using OpenSSL. I went to OpenSSL and downloaded the latest release, which is just a folder containing various files but I see no application I can use, not sure what to do here. Even if I were to get OpenSSL to generate me a private key and public cert, the next step is to download either an MS or Java command line tool to create the encrypted cart ahead of time with the cart-total, tax, etc. which sounds crazy to me, like I am supposed to manually do this prior to every order?? Obviously I do not know the items in the cart the customer is going to buy before hand so I need this to be done on the fly on my website using PHP. But I am completely lost. There has to be a way to setup dynamic secure cart uploads to paypal. Can someone please point me in the right direction?

    Read the article

  • Please recommend a CMS framework in Java good for making a monitoring system

    - by TiansHUo
    I already have Java code to display and process data from a database. I would now like to implement the code as modules, and incorporate as a whole into a CMS system. The CMS MUST support Spring, Hibernate, etc. The CMS MUST not be GPL, and preferably open source (lGPL, BSD,etc). The CMS MUST have good documentation and support The CMS MUST be secure (safe from XSS and injection) and support different levels of authorizations, (built-in or module) The CMS MUST have good navigation and tab, (built-in or module) +1, for having a good ajax paginated table module to display data +1, for using ajax to change pages with support for bookmarks and history.back() +1, for using jquery or prototype +1, for being easy to deploy, and easy to add modules +1, for supporting dynamically add/remove and drag-dropping of modules Please recommend a CMS best for the job. Thank you! EDIT: I don't need blogs or wikis or etc. I just want a framework where I can display paginated lists and time series graphs and log files. I will also host some pages for configuration. All of these code are already implemented.

    Read the article

  • substitution cypher with different alphabet length

    - by seanizer
    I would like to implement a simple substitution cypher to mask private ids in URLs I know how my IDs will look like (combination of upperchase ascii, digits and underscore), and they will be rather long, as they are composed keys. I would like to use a longer alphabet to shorten the resulting codes (I'd like to use upper and lower case ascii letters, digits and nothing else). So my incoming alphabet would be [A-Z0-9_] (37 chars) and my outgoing alphabet would be [A-Za-z0-9] (62 chars) so a compression of almost 50% would be available. let's say my URLs look like this: /my/page/GFZHFFFZFZTFZTF_24_F34 and I want them to look like this instead: /my/page/Ft32zfegZFV5 Obviously both arrays would be shuffled to bring some random order in. This does not have to be secure. if someone figures it out: fine, but I don't want the scheme to be obvious. My desired solution would be to convert the string to an integer representation of radix 37, convert the radix to 62 and use the second alphabet to write out that number. is there any sample code available that does something similar? Integer.parseInt ( http://java.sun.com/javase/6/docs/api/java/lang/Integer.html#parseInt%28java.lang.String,%20int%29 ) has some similar logic, but it is hard-coded to use standard digit behavior Any hints? I am using java to implement this but code or pseudo-code in any other language is of course also helpful

    Read the article

  • How to publish internal data to the internet - as simple as possible

    - by mlarsen
    We have a .net 2-tier application where a desktop program is talking to a database. We support MS SQL Server 2000, 2005, 2008 and Oracle 9, 10 and 11. The application is sold, not as shrink-wrap, but pretty close. It is quite important for us that the installation and configuration is as easy as possible as installation instructions are usually supplied in written form to the customers internal IT-department. Our application is usually not seen as mission critical for the IT-department, so we need to keep their work down to a minimum. Now we are starting to get wishes for a web application build on top of the same data. The web application will be hosted by us and delivered as a SaaS application. Now the challenge is how to move data back and forth between the web application and the customers internal database. as I see it we have some requirements: We must be ready to handle the situation where the customers database is not accessible from the DMZ. I guess the easiest solution is that all communication is initiated from inside the customers lan. As little firewall configuration as possible. The best is if we can run without any special configuration as long as outgoing traffic from the customers lan are not blocked. If we need something changed in the firewall, we must be able to document that the change is secure. It doesn't have to be real time. Moving data in batches every ten minutes or so is OK. Data moves both ways, but not the same tables, so we don't have to support merges. It would be nice if we don't have to roll our own framework completely. Looking forward to hear your suggestions.

    Read the article

  • Password hashing, salt and storage of hashed values

    - by Jonathan Leffler
    Suppose you were at liberty to decide how hashed passwords were to be stored in a DBMS. Are there obvious weaknesses in a scheme like this one? To create the hash value stored in the DBMS, take: A value that is unique to the DBMS server instance as part of the salt, And the username as a second part of the salt, And create the concatenation of the salt with the actual password, And hash the whole string using the SHA-256 algorithm, And store the result in the DBMS. This would mean that anyone wanting to come up with a collision should have to do the work separately for each user name and each DBMS server instance separately. I'd plan to keep the actual hash mechanism somewhat flexible to allow for the use of the new NIST standard hash algorithm (SHA-3) that is still being worked on. The 'value that is unique to the DBMS server instance' need not be secret - though it wouldn't be divulged casually. The intention is to ensure that if someone uses the same password in different DBMS server instances, the recorded hashes would be different. Likewise, the user name would not be secret - just the password proper. Would there be any advantage to having the password first and the user name and 'unique value' second, or any other permutation of the three sources of data? Or what about interleaving the strings? Do I need to add (and record) a random salt value (per password) as well as the information above? (Advantage: the user can re-use a password and still, probably, get a different hash recorded in the database. Disadvantage: the salt has to be recorded. I suspect the advantage considerably outweighs the disadvantage.) There are quite a lot of related SO questions - this list is unlikely to be comprehensive: Encrypting/Hashing plain text passwords in database Secure hash and salt for PHP passwords The necessity of hiding the salt for a hash Clients-side MD5 hash with time salt Simple password encryption Salt generation and Open Source software I think that the answers to these questions support my algorithm (though if you simply use a random salt, then the 'unique value per server' and username components are less important).

    Read the article

  • Payment gateways and XSS

    - by Rowan Parker
    Hi all, I'm working on a website which takes payment from a customer. I'm using Kohana 2.3.4 and have created a library to handle the payment gateway I use (www.eway.com.au). Basically I'm just using their sample code, copied into it's own class. Anyway, the code works fine and I can make payments, etc. The issue I have is when the payment gateway is returning the user to my site. The payment gateway uses HTTPS so that is secure, and it is sending the user back to a HTTPS page on my site. However I have the NoScript plugin installed in Firefox, and when I get sent back to the page on my website (which also handles storing the transaction data) I get an error message saying that NoScript has blocked a potential XSS attack. Now I understand why it's unsecure (POST data being sent across two different domains) but what should I be doing instead? Obviously during my testing here I temporarily disable NoScript and it all works fine, but I can't rely on that for the end users. What's the best practice here?

    Read the article

  • Getting 404 Not Found connecting to webDAV

    - by Cragly
    I am trying to connect to a secure webDAV folder and download a file. I am having problems just trying to get a response from the server and as it keeps giving me a 404 Not Found error as soon as I call Request.GetResponse(). I can connect to the webDAV folder using Windows Explorer by mapping a drive but cannot seem to do this in code. I have looked at other post on this site and others online but most seem to concentrate on connecting to Outlook. Has anybody else had this issue? The code I am using is as follows: string URI = "https://transfer.mycompany.com/myDirectory/myFile.csv"; string username = "username"; string password = "password"; Request = (HttpWebRequest) WebRequest.Create(URI); Request.Credentials = new NetworkCredential(username, password); Request.Method = WebRequestMethods.Http.Get; Request.Headers.Add("Translate", "f"); Response = (HttpWebResponse) Request.GetResponse(); contentLength = Convert.ToInt64(Response.GetResponseHeader("Content-Length"));

    Read the article

  • insert Query is not executing, help me in tracking the problem

    - by Parth
    I tried the below query but it didnt executed giving error as : 1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1 INSERT INTO `jos_menu` SET params = 'orderby= show_noauth= show_title= link_titles= show_intro= show_section= link_section= show_category= link_category= show_author= show_create_date= show_modify_date= show_item_navigation= show_readmore= show_vote= show_icons= show_pdf_icon= show_print_icon= show_email_icon= show_hits= feed_summary= page_title= show_page_title=1 pageclass_sfx= menu_image=-1 secure=0 ', checked_out_time = '0000-00-00 00:00:00', ordering = '13', componentid = '20', published = '1', id = '152', menutype = 'accmenu', name = 'IPL', alias = 'ipl', link = 'index.php?option=com_content&view=archive', type = 'component') then i used mysql_real_escape_string() on the query containing variable which gives me the query as : INSERT INTO `jos_menu` SET params = \'orderby=\nshow_noauth=\nshow_title=\nlink_titles=\nshow_intro=\nshow_section=\nlink_section=\nshow_category=\nlink_category=\nshow_author=\nshow_create_date=\nshow_modify_date=\nshow_item_navigation=\nshow_readmore=\nshow_vote=\nshow_icons=\nshow_pdf_icon=\nshow_print_icon=\nshow_email_icon=\nshow_hits=\nfeed_summary=\npage_title=\nshow_page_title=1\npageclass_sfx=\nmenu_image=-1\nsecure=0\n\n\', checked_out_time = \'0000-00-00 00:00:00\', ordering = \'13\', componentid = \'20\', published = \'1\', id = \'152\', menutype = \'accmenu\', name = \'IPL\', alias = \'ipl\', link = \'index.php?option=com_content&view=archive\', type = \'component\') And on executing the above query I get an error as : 1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'orderby=\nshow_noauth=\nshow_title=\nlink_titles=\nshow_intro=\nshow_section=\' at line 1 Can Someone guide me to track the problem in it? Thanks In Advance....

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 143 144 145 146 147 148 149 150 151 152 153 154  | Next Page >