Search Results

Search found 21719 results on 869 pages for 'password security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 217/869 | < Previous Page | 213 214 215 216 217 218 219 220 221 222 223 224  | Next Page >

  • Shared User Session for Multiple ASP.NET Websites

    - by Oliver
    I have been tasked with developing a single Login and Dashboard page that user can login too, the user will then be shown all the systems (we developed) that they have access based to based on some roles stored in our databases. If they logged in we would like that "User Session" (not sure of correct terminology) to be carried to which ever system they are redirected too. To illustrate a very rough overview of what I want to achieve: Is there a way that a user can login in one site, and then carry over that login to the other sites? Help, Advice, Link will be much appreciated. Sorry I am not experienced at ASP.net but have a good understanding of Silverlight, C#, WPF. Thanks in advance.

    Read the article

  • Configure Windows firewall to prevent an application from listening on a specific port [closed]

    - by U-D13
    The issue: there are many applications struggling to listen on port 80 (Skype, Teamviewer et al.), and to many of them that even is not essential (in the sense that you can have a httpd running and blocking the http port, and the other application won't even squeak about being unable to open the port). What makes things worse, some of the apps are... Well, I suppose, that it's okay that the mentally impaired are being integrated in the society by giving them a job to do, but... Programming requires some intellectual effort, in my humble opinion... What I mean is that there is no way to configure the app not to use specific ports (that's what you get for using proprietary software) - you can either add it to windows firewall exceptions (and succumb to undesired port opening behavior) or not (and risk losing most - if not all - of the functionality). Technically, it is not impossible for the firewall to deny an application opening an incoming port even if the application is in the exception list. And if this functionality is built into the Windows firewall somewhere, there should be a way to activate it. So, what I want to know is: whether there exists such an option, and if it does how to activate it.

    Read the article

  • how to force client(winform) application to use NTLM when calling web services

    - by peanut
    Hi, I have a winform application calling web services hosted in IIS, by default, the client app will use Kerberose for authentication to IIS, and it failed for some reasons? But the same app works fine at another PC(with different user login), and I found it is using NTLM by checking the IIS server event log. is there anyway we can change the client app(winform) authentication type? Thanks in advance

    Read the article

  • Problem exporting RSA key -'key not valid for use in specified state'

    - by asp316
    I'm encrypting the web.config in our web sites using aspnet_regiis. However, I want the ability to export the encryption key so if we need to move from Machine A to Machine B, asp.net will be able to decrypt it. When I run aspnetregiis -px "NetFrameworkConfigurationKey" c:\keys.xml -pri, I get the following : 'Key not valid for use in specified state'. I've seen all kinds of responses online but they don't seem to apply. It's not an invalid key because when I use aspnet_regiis to encrypt sections of the web.config, they encrypt fine. Ideas?

    Read the article

  • Temporarily impersonate and enable privileges?

    - by Luke
    We maintain a DLL that does a lot of system-related things; traversing the file system, registry, etc. The callers of this DLL may or may not be using impersonation. In order to better support all possible scenarios I'm trying to modify it to be smarter. I'll use the example of deleting a file. Currently we just call DeleteFile(), and if that fails that's the end of that. I've come up with the following: BOOL TryReallyHardToDeleteFile(LPCTSTR lpFileName) { // 1. caller without privilege BOOL bSuccess = DeleteFile(lpFileName); DWORD dwError = GetLastError(); if(!bSuccess && dwError == ERROR_ACCESS_DENIED) { // failed with access denied; try with privilege DWORD dwOldRestorePrivilege = 0; BOOL bHasRestorePrivilege = SetPrivilege(SE_RESTORE_NAME, SE_PRIVILEGE_ENABLED, &dwOldRestorePrivilege); if(bHasRestorePrivilege) { // 2. caller with privilege bSuccess = DeleteFile(lpFileName); dwError = GetLastError(); SetPrivilege(SE_RESTORE_NAME, dwOldRestorePrivilege, NULL); } if(!bSuccess && dwError == ERROR_ACCESS_DENIED) { // failed with access denied; if caller is impersonating then try as process HANDLE hToken = NULL; if(OpenThreadToken(GetCurrentThread(), TOKEN_QUERY | TOKEN_IMPERSONATE, TRUE, &hToken)) { if(RevertToSelf()) { // 3. process without privilege bSuccess = DeleteFile(lpFileName); dwError = GetLastError(); if(!bSuccess && dwError == ERROR_ACCESS_DENIED) { // failed with access denied; try with privilege bHasRestorePrivilege = SetPrivilege(SE_RESTORE_NAME, SE_PRIVILEGE_ENABLED, &dwOldRestorePrivilege); if(bHasRestorePrivilege) { // 4. process with privilege bSuccess = DeleteFile(lpFileName); dwError = GetLastError(); SetPrivilege(SE_RESTORE_NAME, dwOldRestorePrivilege, NULL); } } SetThreadToken(NULL, hToken); } CloseHandle(hToken); hToken = NULL; } } } if(!bSuccess) { SetLastError(dwError); } return bSuccess; } So first it tries as the caller. If that fails with access denied, it temporarily enables privileges in the caller's token and tries again. If that fails with access denied and the caller is impersonating, it temporarily unimpersonates and tries again. If that fails with access denied, it temporarily enables privileges in the process token and tries again. I think this should handle pretty much any situation, but I was wondering if there was a better way to achieve this? There are a lot of operations that we would potentially want to use this method (i.e. pretty much any operation that accesses securable objects).

    Read the article

  • What's the best way to detect web applications attacks ?

    - by paulgreg
    What is the best way to survey and detect bad users behavior or attacks like deny of services or exploits on my web app ? I know server's statistics (like Awstats) are very useful for that kind of purpose, specially to see 3XX, 4XX and 5XX errors (here's an Awstats example page) which are often bots or bad intentioned users that try well-known bad or malformed URLs. Is there others (and betters) ways to analyze and detect that kind of attack tentative ? Note : I'm speaking about URL based attacks, not attacks on server's component (like database or TCP/IP).

    Read the article

  • Rewriting Live TCP Streams

    - by user213060
    I want to rewrite TCP/IP streams. Ettercap's etterfilter command lets you perform simple live replacements of TCP/IP data based on fixed strings or regexes. Example: http://ettercap.sourceforge.net/forum/viewtopic.php?t=2833 I would like to rewrite streams based on my own filter program instead of just simple string replacements. Anyone have an idea of how to do this? Is there anything other than Ettercap that can do live replacement like this, maybe as a plugin to a VPN software or something? Thanks!

    Read the article

  • Does using ReadDirectoryChangesW require administrator rights?

    - by Alex Jenter
    The MSDN says that using ReadDirectoryChangesW implies the calling process having the Backup and Restore priviliges. Does this mean that only process launched under administrator account will work correctly? I've tried the following code, it fails to enable the required privileges when running as a restricted user. void enablePrivileges() { enablePrivilege(SE_BACKUP_NAME); enablePrivilege(SE_RESTORE_NAME); } void enablePrivilege(LPCTSTR name) { HANDLE hToken; DWORD status; if (::OpenProcessToken(::GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken)) { TOKEN_PRIVILEGES tp = { 1 }; if( ::LookupPrivilegeValue(NULL, name, &tp.Privileges[0].Luid) ) { tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; BOOL result = ::AdjustTokenPrivileges(hToken, FALSE, &tp, 0, NULL, NULL); verify (result != FALSE); status = ::GetLastError(); } ::CloseHandle(hToken); } } Am I doing something wrong? Is there any workaround for using ReadDirectoryChangesW from a non-administrator user account? It seems that the .NET's FileSystemWatcher can do this. Thanks!

    Read the article

  • AES Encryption library

    - by Spines
    Is there a library or something that will allow me to simply call a function that will AES encrypt a byte array? I don't want to deal with multiple update blocks/transformFinal/etc, because there is a possibility I will mess up...

    Read the article

  • Row level user permissions, help with design

    - by bambam
    Hi, Say I am creating a forums application, I understand how to design a forum level permission system with Groups. i.e. you create a forum to group mapping, and assign users to a group to give them access to a particular forum. How can I refine the permissions to allow for row level permissions (or in forum terms, post level).

    Read the article

  • Flex Inheriting Logged in User

    - by Nick
    I am trying to secure my Flex application within my Java web application. Currently my Java web application, handles logging and managing user accounts and the like. I was wondering if there is a way to essentially share that user credentials with the Flash movie in a secure mechanism? For instance, if you log in, we want you to be able to save items in the Flex application for that user, only if that user is logged in of course. Any ideas? Any help is greatly appreciated.

    Read the article

  • Apache attack on compromised server, iframe injected by string replace

    - by Quang-Tuan Luong
    My server has been compromised recently. This morning, I have discovered that the intruder is injecting an iframe into each of my HTML pages. After testing, I have found out that the way he does that is by getting Apache (?) to replace every instance of <body> by <iframe link to malware></iframe></body> For example if I browse a file residing on the server consisting of: </body> </body> Then my browser sees a file consisting of: <iframe link to malware></iframe></body> <iframe link to malware></iframe></body> I have immediately stopped Apache to protect my visitors, but so far I have not been able to find what the intruder has changed on the server to perform the attack. I presume he has modified an Apache config file, but I have no idea which one. In particular, I have looked for recently modified files by time-stamp, but did not find anything noteworthy. Thanks for any help. Tuan. PS: I am in the process of rebuilding a new server from scratch, but in the while, I would like to keep the old one running, since this is a business site.

    Read the article

  • GWT RPC - Does it do enough to protect against CSRF ?

    - by sri
    GWT's RPC mechanism does the following things on every HTTP Request - Sets two custom request headers - X-GWT-Permutation and X-GWT-Module-Base Sets the content-type as text/x-gwt-rpc; charset=utf-8 The HTTP request is always a POST, and on server side GET methods throw an exception (method not supported). Also, if these headers are not set or have the wrong value, the server fails processing with an exception "possibly CSRF?" or something to that effect. Question is : Is this sufficient to prevent CSRF? Is there a way to set custom headers and change content type in a pure cross-site request forgery method?

    Read the article

  • Restrict the page to be browsed in the other browser with the same urls

    - by subash
    how to restrict the page to be browsed in the other browser with the same urls with out logging asp.net & c#.net. i followed the following steps for example: i am logging in to a page developed in asp.net & c#.net. i am viewing a page.Let it be admin page. i am copying the url of the admin page. i am opening another browser window and pasting the url. i was able to see the same admin page in the other browser. the question is how to restrict the opening of admin page in other browser,if they try to open admin page in another browser while user is currently viewing the admin page then it should be redirected to the login page? how could this be accomplished? is there any thing could be done with "login" control tool of the .net frame work?

    Read the article

  • Are these two functions overkill for sanitization?

    - by jpjp
    function sanitizeString($var) { $var = stripslashes($var); $var = htmlentities($var); $var = strip_tags($var); return $var; } function sanitizeMySQL($var) { $var = mysql_real_escape_string($var); $var = sanitizeString($var); return $var; } I got these two functions from a book and the author says that by using these two, I can be extra safe against XSS(the first function) and sql injections(2nd func). Are all those necessary? Also for sanitizing, I use prepared statements to prevent sql injections. I would use it like this: $variable = sanitizeString($_POST['user_input']); $variable = sanitizeMySQL($_POST['user_input']);

    Read the article

  • Capture DDE Data that is being streamed in to a software

    - by user534391
    Hello, I have a trading software that gets data from the internet. I want to capture that tick data. There is one software that has been made by a local develop which is able to do that and it looks like it uses DDE (NDde.dll, NetSQL.dll). I want to write a custom application that does the same. Any pointers how I can check how the data is being streamed and how to capture that data. I don't think it is encrypted, since the other developer would not have been able to decrypt either. I just need to scan how the software is getting the data. Thank you.

    Read the article

  • [Symfony] Login to application with GET/POST token

    - by Henri
    I work on a Symfony web application which has a standard login form. To allow users to login more easily we want to give them a link which logs them in directly. I've already build a way to get a token to use, but I have no clue as to how the Symfony login process works, specifically how I can adapt it to take a GET/POST token instead of redirecting to the login page. Any help appreciated! Oh and this is Symfony 1.2 BTW (and no, upgrading is not an option right now)

    Read the article

  • PHP: Is mysql_real_escape_string sufficient for cleaning user input?

    - by Thomas
    Is mysql_real_escape_string sufficient for cleaning user input in most situations? ::EDIT:: I'm thinking mostly in terms of preventing SQL injection but I ultimately want to know if I can trust user data after I apply mysql_real_escape_string or if I should take extra measures to clean the data before I pass it around the application and databases. I see where cleaning for HTML chars is important but I wouldn't consider it necessary for trusting user input. T

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 213 214 215 216 217 218 219 220 221 222 223 224  | Next Page >