Search Results

Search found 5685 results on 228 pages for 'encrypted partition'.

Page 165/228 | < Previous Page | 161 162 163 164 165 166 167 168 169 170 171 172  | Next Page >

• IE won't start session from an iframe?..

  - by jayarjo

  The task was to bypass login form on remote server with a session_id acquired through a call to server's web API. So that user wouldn't have to login twice. Since there's no way to set cookies for different domain. What we came up to was - put a little file on remote server, to which we pass encrypted session_id from hidden iframe and which is supposed to start a proper session for a remote app, which is then loaded in another iframe. This approach works fine in FF/Chrome, but not IE... However if I copy url to self-made remote authorization script from iframe's src attribute to to IE's address bar and load it from there, session get's created as expected. But for some reason it just doesn't want to do the same from an iframe. Does anyone have any clue, why this is happening?

  Read the article

• Need only to change links from https to http to access files with no SSL?

  - by spirytus

  I have SSL enabled for subdomain.mydomain.com so I can access files via https://subdomain.mydomain.com. Now please tell me if I'm right.. if I have file somwhere in subdomain.mydomain.com called index.php I can securely access it via: https://subdomain.mydomain.com/someFolder/index.php but I can also access it via http://subdomain.mydomain.com/someFolder/index.php This time communication won't be encrypted though. So now it comes down to links only if I access files in subdomain.mydomain.com securely or not? I will have another related question (and many more probably), but will post it as separate topic to keep things clean :)

  Read the article

• How can one make a web-site accessible only when someone has a dongle?

  - by Brian M. Hunt

  Suppose you want to add an extra layer of credentials on top of a SSL-encrypted login/password, but you don't want to increase complexity to the user. Is there a way to add the requirement of the possession of a dongle to web-server authentication schemes with existing cross-platform browser capabilities? In other words, to get access to the web-site, you would need a username, password, and a USB dongle that has been plugged into the client computer. The dongle would presumably do some sort of challenge/response. It'd be ideal if this dongle solution worked with Firefox automatically or with the simple addition of a plugin. Thoughts and suggestions are appreciated.

  Read the article

• Iterative / Additive MD5

  - by Andrew Robinson

  I need to generate a checksum over a dictionary. Keys and Values. Is there any simple way to accomplish this in an iterative way. foreach(var item in dic.Keys) checksum += checksum(dic[item]) + checksum(item); In this case, keys and values could be converted to strings, concatinated and then a single checksum applied over these but is there a better way? Ideally MD5 but other options could work. Using this to validate data that is passed over a couple of storage methods. The checksum is then encrypted along with some other information (using AES) so I am not horribly worried about an ideal, unbreakable checksum.

  Read the article

• How does one encrypt site passwords for a Dreamweaver export file?

  - by ngreenwood6

  We have over 500 sites that we host. All of their ftp information is in a database. Whenever one of our programmers have to add a site they have to get all the info and set it up. However, I found that you can export them and it has all the info except for one problem. The password is encrypted. I am not trying to hack anything, I want to know how to encrypt our passwords so that we can import them using dreamweavers import feature. Can anyone tell me what encryption they use or a link on how to encrypt. I am not interested in decrypting at all because we already have all of them so it would not do me any good.

  Read the article

• How to save bytes to an image and access it from Bottle

  - by Graham Smith

  I'm working on an API wrapper for Snapchat using Python and Bottle, but in order to return the file (retrieved by the Python script) I have to save the bytes (returned by Snapchat) to a .jpg file. I'm not quite sure how I will do this and still be able to access the file so that it can be returned. Here's what I have so far, but it returns a 404. @route('/image') def image(): username = request.query.username token = request.query.auth_token img_id = request.query.id return get_blob(username, token, img_id) def get_blob(usr, token, img_id): # Form URL and download encrypted "blob" blob_url = "https://feelinsonice.appspot.com/ph/blob?id={}".format(img_id) blob_url += "&username=" + usr + "&timestamp=" + str(timestamp()) + "&req_token=" + req_token(token) enc_blob = requests.get(blob_url).content # Save decrypted image FileUpload.save('/images/' + img_id + '.jpg') img = open('images/' + img_id + '.jpg', 'wb') img.write(decrypt(enc_blob)) img.close() return static_file(img_id + '.jpg', root='/images/')

  Read the article

• SSL in overlay window for login

  - by Sourabh

  HI I have to implement login over SSL in my website. for example cloginForm - this is the form https://www.myweb.com/loginProcess - this is the action which process the form -authenticates user. I am able to do this with usual web form but the problem is the overlay dialog box for login for example if I am on my website home page http://www.myweb.com - notice http and I click a login link there , it shows a small html div with login form (like a litebox).now ,as I am on a non SSL page (http) the data which I post does not get encrypted,and posted to the process action. How do I get around with this so that my overly login also becomes secure. thanks for your help in advance. :)

  Read the article

• hibernate formula with column

  - by coolguy

  I have a table with a column that will be encrypted by a trigger after the record is inserted. When I read the column, I need to apply a decrypt function in the hibernate domain class. While saving the object, the value of the column will be saved as such. While reading the column, apply a database function on the read data. @Formula and @Column annotation cannot be applied to an attribute in the entity class. How do I achieve this functionality without using one attribute for saving and another one with @Formula for reading it?

  Read the article

• Encrypt URL in asp.net

  - by Zerotoinfinite

  Hi All, My site is in asp.net 3.5 and C#. I am sending link to my user through mail, now I want to send each user a specific URL. so instead of sending the clear text I want to send link with encrypted string URL, which I will decrypt on my home page. Like instead of www.mysite.aspx\mypage?userId=12 i'll send www.mysite.aspx\mypage?UserId=)@kasd12 and the same i'll decrypt on my page so that I'll get the userId = 12. Please let me know if my approach is correct and not and how can I encrypt & decrypt the string in simplest and easier manner. Thanks in advance.

  Read the article

• How does the "Remember my password" checkbox work?

  - by Veera

  There are numerous login forms with the little check box "Remember my password" so that the next time you visit the website, the browser automatically fills up the password field for you. But I have noticed a behavior in modern browsers, such as Chrome/Firefox, which shows up a notification bar to save the user name/passoword even though that particular web page does not have any "remember password" check box. so my questions are: If I have to put the "remember password" check box in a login form, what do I have to do when the user checks it? I mean, do I have to store the password in browser cookies (or Local Storage)? If so, should the password be encrypted or plain text? The "Save password" notification bar is a browser's functionality or is there any way to invoke it from the web page?

  Read the article

• Intercept windows open file

  - by HyLian

  Hello, I'm trying to make a small program that could intercept the open process of a file. The purpose is when an user double-click on a file in a given folder, windows would inform to the software, then it process that petition and return windows the data of the file. Maybe there would be another solution like monitoring Open messages and force Windows to wait while the program prepare the contents of the file. One application of this concept, could be to manage desencryption of a file in a transparent way to the user. In this context, the encrypted file would be on the disk and when the user open it ( with double-click on it or with some application such as notepad ), the background process would intercept that open event, desencrypt the file and give the contents of that file to the asking application. It's a little bit strange concept, it could be like "Man In The Middle" network concept, but with files instead of network packets. Thanks for reading.

  Read the article

• Choosing proper database for a few users application

  - by tomo

  Requirements: tiny WinForms client app (C# 4.0, WinForms or WPF) a few users working simultinausly no database service at all - the whole engine as *.DLLs inside client apps database available as shared folder on one computer at least simple concurrrency checks compatible with nHibernate or EntityFramework / NET 4.0 backup as simple as copying files from shared folder - assuming no running clients at the moment no stored procedures/triggers required data size - a few tables and a few thousands rows after 2 years Nice to have: user access rights encrypted data I'm trying to choose between: MS Access SqlLite SqlServer Compact Edition. Can you recommend which one should be the best for these requirements?

  Read the article

• Manually logging in a user without password

  - by Agos

  Hi everybody; I hope you can help me figure the best way to implement a manual (server-side initiated) login without using the password. Let me explain the workflow: User registers Thank you! An email with an activation link has been sent blablabla (Account now exists but is marked not enabled) User opens email, clicks link (Account is enabled) Thank you! You can now use the site What I'm trying to do is log in the user after he has clicked the email link so he can start using the website right away. I can't use his password since it's encrypted in the DB, is the only option writing a custom authentication backend?

  Read the article

• Using a password to generate two distinct hashes without reducing password security

  - by Nevins

  Hi there, I'm in the process of designing a web application that will require the storage of GPG keys in an encrypted format in a database. I'm planning on storing the user's password in a bCrypt hash in the database. What I would like to be able to do is to use that bCrypt to authenticate the user then use the combination of the stored bCrypt hash and another hash of the password to encrypt and decrypt the GPG keys. My question is whether I can do this without reducing the security of the password? I was thinking I may be able to use something like an HMAC-SHA256 of a static string using the password and a salt as the secret key. Is there a better way to do this that I haven't thought of? Thanks

  Read the article

• What is your company's stance on Developers using Laptops?

  - by codepunk

  I am a developer and my company is moving towards a "no laptop" policy in fear of them being lost or stolen and source code being compromised. Now I don't work for NASA, the military or anything labeled Top Secret but our code is very important to our business nonetheless (as all source code would be). I'll be honest, I disagree with this policy against laptops and wanted to see what others think. I'd like to know: What is your team/company's stance on laptops Your company's size and/or field (small, medium or large, Fortune 500, etc). Whether you've had to take any extra precautions (signing any additional legal, ensure your hard drive is encrypted, etc). Thanks!

  Read the article

• Is my TFS2010 backup/restore hosed?

  - by bwerks

  Hi all, I recently set up a sandbox TFS to test TFS-specific features without interfering with the production TFS. I was happy I did this sooner than I thought--I hadn't been backing up the encryption key from SSRS and upon restoring the reporting databases, they remained inactive, requiring initialization that could only come from applying the encryption key. Said encryption key was lost when I nuked the partition after backing up the TFS databases. The only option I seemed to have is to delete the encrypted data. I'm fine with this, since there wasn't much in there to begin with, however once they're deleted I'm not quite sure how to configure TFS to recognize a new installation of these services while using the restored versions of everything else. Unfortunately, the TFS help file doesn't seem to account for this state though. Is there a way to essentially rebuild the reporting and analysis databases? Or are they gone forever?

  Read the article

• Can you create a HIPAA compliant Amazon S3 Web Application?

  - by xkingpin

  I am facing some questions when trying to design an S3 application using ASP.NET MVC and trying to stay HIPAA compliant. My initial plan was to require an SSL connection to my web server, encrypt the images on my server, then send them to s3 using my private keys. Here's my obvious concerns: You cannot store unencrypted images in any temporary file cache when client views images within the browser. Even if I setup an ashx to generically handle the image in memory, couldn't this get stored in cache? Saying the images will be encrpyted because you will be connecting to my server via https still does not guarantee all browsers will not cache data. It's not possible to even consider the "Query String" with expiration option since data will be encrypted before being stored on disk at s3, and will again be decrypted at my server in memory. I think my only option would be to write/purchase some sort of ActiveX component that will not expose the image as a simple html image source or write my app as a client side WinForm application.

  Read the article

• Service-Based Authentication Using Tokens

  - by jerhinesmith

  I'm having a tough time trying to find clear and concise examples of how one would implement a service-based authentication scheme using tokens. As far as I can tell, the basic steps are as follows: Client requests username/password from user Client passes username/password to identity provider Provider checks username/password and sends back a token if the user is valid Client does something with the token? The third and fourth step are where I'm getting stuck. I assume the "token" in this case just has to be either an encrypted string that the client can decrypt or some random string that gets stored somewhere (i.e. a database) that the client can then verify against, but I'm not really sure what the client is then supposed to do with the token or why you even need a token at all -- couldn't a simple user ID also suffice?

  Read the article

• What is the current standard for authenticating Http requests (REST, Xml over Http)?

  - by CodeToGlory

  The standard should solve the following Authentication challenges like- Replay attacks Man in the Middle Plaintext attacks Dictionary attacks Brute force attacks Spoofing by counterfeit servers I have already looked at Amazon Web Services and that is one possibility. More importantly there seems to be two most common approaches: Use apiKey which is encoded in a similar fashion like AWS but is a post parameter to a request Use Http AuthenticationHeader and use a similar signature like AWS. Signature is typically obtained by signing a date stamp with an encrypted shared secret. This signature is therefore passed either as an apiKey or in the Http AuthenticationHeader. I would like to know weigh both the options from the community, who may have used one or more and would also like to explore other options that I am not considering. I would also use HTTPS to secure my services.

  Read the article

• How to create digital signature that can not be used to reproduce the message twice

  - by freediver

  I am creating a client-server application and I'd like to send data from server to client securely. Using public/private key algorithms makes sense and in PHP we can use openssl_sign and openssl_verify functions to check that the data came by someone who has the private key. Now imagine that one of the actions sent by server to client is destructive in nature. If somebody uses an HTTP sniffer to catch this command (which will be signed properly) how can I further protect the communication to ensure that only commands coming from our server get processed by the client? I was thinking about using current UTC time as part of the encrypted data but client time might be off. Is there a simple solution to the problem?

  Read the article

• How do I program a hyperlink to include a username and password to the target site?

  - by Fred Griffith

  We have a website with a section restricted to members only. They log in and can view the website. Some of the information is stored on another server. We want that information to ONLY be accessible to those who have logged into the main website. What would be the best way to link the two sites, without making members log in again? Seems like there must be some way to send an encrypted username and password along with the URL in the hyperlink. Any ideas? Thank you in advance. Fred G.

  Read the article

• Denying main links with .htaccess or anything else

  - by user1640660

  I'm using an encrypted php program with smarty template. I wanted to open links such as index.php?page=login to open with login.php, so I used Rewrite mode in .htaccesss, for example RewriteRule ^/*login.php$ /index.php?page=login [L] in a few pages there should be a query for errors such as RewriteRule ^/*support.php?(.+)$ /index.php?page=support&%{QUERY_STRING} [L] It works but I need to deny the main URLs so when users enters index.php?a=login manually nothing (or the main page) would show up and he should open the link only with /login.php. Is there a way to do this? A little help please...

  Read the article

• Hashbytes comparison in stored proceduring not matching record

  - by Michael Itzoe

  The password field in my user table (SQL Server 2008) is encrypted using HASHBYTES on insertion. I have a stored procedure with parameters for the username and plain-text password which does a SELECT using that username and the password sent through HASHBYTES, then returns the user record if it finds a match. The SP is always returning an empty recordset, but if I copy and paste just the SELECT from the SP to a new query window, it returns the matched record. There're no other statements in the SP. I'm missing something here; what is it?

  Read the article

• Can a proxy server cache SSL GETs? If not, would response body encryption suffice?

  - by Damian Hickey

  Can a (||any) proxy server cache content that is requested by a client over https? As the proxy server can't see the querystring, or the http headers, I reckon they can't. I'm considering a desktop application, run by a number of people behind their companies proxy. This application may access services across the internet and I'd like to take advantage of the in-built internet caching infrastructure for 'reads'. If the caching proxy servers can't cache SSL delivered content, would simply encrypting the content of a response be a viable option? I am considering all GET requests that we wish to be cachable be requested over http with the body encrypted using asymmetric encryption, where each client has the decryption key. Anytime we wish to perform a GET that is not cachable, or a POST operation, it will be performed over SSL.

  Read the article

• decode mysql query before returning it to view

  - by stormdrain

  I'm running a query to mysql that returns encrypted data. I'd like, if possible, to decode the results before sending it to the view. It seems like better form to handle the decoding in the controller (or even the model) rather than inside the view. I can't seem to wrap my head around how to do it, though. I was thinking I could iterate through the object, decodode it, and push it to another array that would be sent to the view. Problem with this is I won't know (and need to keep) the indexes of the query. So the query might return something like: [id] => 742 [client_id] => 000105 [last] => dNXcw6mQPaGQ4rXfgIGJMq1pZ1dYAim0 [first] => dDF7VoO37qdtYoYKfp1ena5mjBXXU0K3dDlcq1ssSvCgpOx75y0A== [middle] =>iXy6OWa48kCamViDZFv++K6okIkalC0am3OMPcBwK8sA== [phone] => eRY3zBhAw2H8tKE Any ideas?

  Read the article

< Previous Page | 161 162 163 164 165 166 167 168 169 170 171 172  | Next Page >