Search Results

Search found 25503 results on 1021 pages for 'browser security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 271/1021 | < Previous Page | 267 268 269 270 271 272 273 274 275 276 277 278  | Next Page >

  • Is MD5 really that bad?

    - by Col. Shrapnel
    Everyone says that MD5 is "broken". Though I have never seen a code that can show it's weakness. So, I hope someone of local experts can prove it with simple test. I have an MD5 hash c1e877411f5cb44d10ece283a37e1668 And a simple code to produce it $salt="#bh35^&Res%"; $pass="***"; echo $hash=md5($salt.$pass); So, the question is: 1. Is MD% really that bad? 2. If so, what's the pass behind the asterisks?

    Read the article

  • C# Threading and Sql Connections

    - by Jonathan M
    I have a method that attempts to update a sql server database in an ASP.NET application. If the update fails, it catches the exception and then queues the update in MSMQ, and then spins up a new thread that will later de-queue the pending update and try again. When the thread starts, it fails to open a database connection because it is attempting to connect using Network Service as the login. The sql connection is using Windows Authentication, and will work outside of the thread. If I put a breakpoint in the code that executes inside the new thread and check the Thread.CurrentPrincipal, it shows the Identity as being the correct user. Why is the sql connection attempting to be opened by the Network Service account? I can elaborate further is necessary. Thanks.

    Read the article

  • [PHP] md5(uniqid) makes sense for random unique tokens?

    - by Exception e
    I want to create a token generator that generates tokens that cannot be guessed by the user and that are still unique (to be used for password resets and confirmation codes). I often see this code; does it make sense? md5(uniqid(rand(), true)); According to a comment uniqid($prefix, $moreEntopy = true) yields first 8 hex chars = Unixtime, last 5 hex chars = microseconds. I don't know how the $prefix-parameter is handled.. So if you don't set the $moreEntopy flag to true, it gives a predictable outcome. QUESTION: But if we use uniqid with $moreEntopy, what does hashing it with md5 buy us? Is it better than: md5(mt_rand())

    Read the article

  • System("pause"); - Why is it wrong?

    - by Faken
    Here's a question that I don't quite understand: The command, System("pause"); is taught to new programmers as a way to pause a program and wait for a keyboard input to continue. However, it seems to be frowned on by many veteran programmers as something that should not be done in varying degrees. Some people say it is fine to use. Some say it is only to be used when you are locked in your room and no one is watching. Some say that they will personally come to your house and kill you if you use it. I, myself am a new programmer with no formal programming training. I use it because I was taught to use it. What I don't understand is that if it is not something to be used, then why was I taught to use it? Or, on the flip side, is it really not that bad after all? What are your thoughts on this subject?

    Read the article

  • aspnet_regsql questions and users and role

    - by Alexander
    I spend quite some hours banging my head against the wall trying to set up the aspnet membership / roles tables in my SQL server database instead of having them exist inside the App_Code/ASPNETDB.MDF file because that file wasn't working correctly on my host. I eventually figured out the problem by following Scott's gu here and was able to resolve it by running the aspnet_regsql.exe utility and creating a connection string for LocalSqlServer. The ridiculous part about it is that after running the aspnet_regsql and upload my database to my webhost all of my users and role that I have already created is gone. The user, membership, role, etc is gone. I can't populate this using the Web Site Administration Tool as it's not visual studio now. So what is the easiest way to populate the user, role, etc to my SQL Server as I now have dbo.aspnet_Application, dbo.aspnet_Paths, dbo.aspnet_Roles, etc...etc...

    Read the article

  • Secure password transmission over unencrypted tcp/ip

    - by academicRobot
    I'm in the designing stages of a custom tcp/ip protocol for mobile client-server communication. When not required (data is not sensitive), I'd like to avoid using SSL for overhead reasons (both in handshake latency and conserving cycles). My question is, what is the best practices way of transmitting authentication information over an unencrypted connection? Currently, I'm liking SRP or J-PAKE (they generate secure session tokens, are hash/salt friendly, and allow kicking into TLS when necessary), which I believe are both implemented in OpenSSL. However, I am a bit wary since I don't see many people using these algorithms for this purpose. Would also appreciate pointers to any materials discussing this topic in general, since I had trouble finding any.

    Read the article

  • storing original password text

    - by Richard
    My application stores external website login/passwords for interaction with them. To interact with these website I need to use the original password text, so storing just the hash in my database is not going to work. How should I store these passwords?

    Read the article

  • Is it immoral to put a captcha on a login form?

    - by azkotoki
    In a recent project I put a captcha test on a login form, in order to stop possible brute force attacks. The immediate reaction of other coworkers was a request to remove it, saying that it was inapropiate for that purpose, and that it was quite exotic to see a captcha in that place. I've seen captcha images on signup, contact, password recovery forms, etc. So I personally don't see inapropiate to put a captcha also on a place like that. Well, it obviously burns down usability a little bit, but it's a matter of time and getting used to it. With the lack of a captcha test, one would have to put some sort of blacklist / account locking mechanism, which also has some drawbacks. Is it a good choice for you? Am I getting somewhat captcha-aholic and need some sort of group therapy? Thanks in advance.

    Read the article

  • How do I secure a folder used to let users upload files?

    - by Eduardo Molteni
    I have a folder in my web server used for the users to upload photos using an ASP page. Is it safe enough to give IUSR write permissions to the folder? Must I secure something else? I am afraid of hackers bypassing the ASP page and uploading content directly to the folder. I'm using ASP classic and IIS6 on Windows 2003 Server. The upload is through HTTP, not FTP. Edit: Changing the question for clarity and changing my answers as comments.

    Read the article

  • Do similar passwords have similar hashes?

    - by SLC
    Our computer system at work requires users to change their password every few weeks, and you cannot have the same password as you had previously. It remembers something like 20 of your last passwords. I discovered most people simply increment a digit at the end of their password, so "thisismypassword1" becomes "thisismypassword2" then 3, 4, 5 etc. Since all of these passwords are stored somewhere, I wondered if there was any weakness in the hashes themselves, for standard hashing algorithms used to store passwords like MD5. Could a hacker increase their chances of brute-forcing the password if they have a list of hashes of similar passwords?

    Read the article

  • Accessing Identity.AuthenticationType

    - by Tewr
    While implementing a custom authentication type in a wcf service, I'm trying to read the property IIdentity.AuthenticationType using the call Thread.CurrentPrincipal.Identity.AuthenticationType. Unless the account running the service is local administrator, UnauthorizedAccessException is thrown when accessing this property, much like described in this support thread. I can however reset the Thread.CurrentPrincipalobject without hassle, thus altering the Authentication Type - But read it, I cannot. Is running as an administrator the only way here or is there some trick to let the user running the service "just" access this property?

    Read the article

  • WINSDK: Determining whether an arbitrary pid identifies a running process on Windows

    - by Vlad Romascanu
    Attempting to implement a poor man's test of whether a process is still running or not (essentially an equivalent of the trivial kill(pid, 0).) Hoped to be able to simply call OpenProcess with some minimal desired access then test for either GetLastError() == ERROR_INVALID_PARAMETER or GetExitCodeProcess(...) != STILL_ACTIVE. Nice try... Running on Windows XP, as administrator: HANDLE hProc = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, pid); if (!hProc) { DWORD dwLastError = GetLastError(); } ...fails miserably with dwLastError == ERROR_ACCESS_DENIED when pid is owned by a different (not SYSTEM) user. Moreover, if pid was originally owned by a different user but has since terminated, OpenProcess also fails with ERROR_ACCESS_DENIED (not ERROR_INVALID_PARAMETER.) Do I have to use Process32First/Process32Next or EnumProcesses? I absolutely do not want to use SeDebugPrivilege. Thanks, V

    Read the article

  • REST authentication S3 like hmac sha1 signature vs symetric data encryption.

    - by coulix
    Hello stackers, I was arguing about an S3 like aproach using authorization hash with a secret key as the seed and some data on the request as the message signed with hmac sha1 (Amazon S3 way) vs an other developer supporting symetric encryption of the data with a secret key known by the emiter and the server. What are the advantage of using signed data with hmac sha1 vs symetric key other than the fact that with the former, we do not need to encrypt the username or password. What would be the hardest to break ? symetric encryption or sha1 hashing at la S3 ? If all big players are using oauth and similar without symetric key it is sure that there are obvious advantages, what are those ?

    Read the article

  • A scripting engine for Ruby?

    - by Earlz
    Hello, I am creating a Ruby On Rails website, and for one part it needs to be dynamic so that (sorta) trusted users can make parts of the website work differently. For this, I need a scripting language. In a sort of similar project in ASP.Net, I wrote my own scripting language/DSL. I can not use that source code(written at work) though, and I don't want to make another scripting language if I don't have to. So, what choices do I have? The scripting must be locked down and not be able to crash my server or anything. I'd really like if I could use Ruby as the scripting language, but it's not strictly necessary. Also, this scripting part will be called on almost every request for the website, sometimes more than once. So, speed is a factor. I looked at the RubyLuaBridge but it is Alpha status and seems dead. What choices for a scripting language do I have in a Ruby project? Also, I will have full control over where this project is deployed(root access), so there are no real limits..

    Read the article

  • unfounded Secure Unsecure Messages

    - by Marty Trenouth
    I'm having significant difficulty locating the root cause for a secure/insecure message comming from IE. I've looked through the entire output and there are NO references to http: I've searched for unsource Iframes, which cause this message, and there are none and other than jquery 1.4 there isn't even the text "iframe" in the source. I'm almost at an end trying the cause for this. Does anyone have any ideas

    Read the article

  • What's the state of support for SHA-2 in various platforms?

    - by Cheeso
    I read that SHA-1 is being retired from the FIPS 180-2 standard. Apparently there are weaknesses in SHA-1 that led to this decision. Can anyone elaborate on the basis for that decision? Are there implications for the use of SHA-1 in commercial applications? My real questions are: What is the state of SHA-2 support in various class libraries and platforms? Should I attempt to move to SHA-2? Interested in mainstream platforms: .NET, Java, C/C++, Python, Javascript, etc.

    Read the article

  • USB token with certificate

    - by Frengo
    Hi all! Someone could explain me how the USB token works? I have to implement that secure layer in a java application, but i don't know very well how it works! I know only the mecanism of a normal token key generator! Thanks a lot!

    Read the article

  • Bruteforcing Blackberry PersistentStore?

    - by Haoest
    Hello, I am experimenting with Blackberry's Persistent Store, but I have gotten nowhere so far, which is good, I guess. So I have written a a short program that attempts iterator through 0 to a specific upper bound to search for persisted objects. Blackberry seems to intentionally slow the loop. Check this out: String result = "result: \n"; int ub = 3000; Date start = Calendar.getInstance().getTime(); for(int i=0; i<ub; i++){ PersistentObject o = PersistentStore.getPersistentObject(i); if (o.getContents() != null){ result += (String) o.getContents() + "\n"; } } result += "end result\n"; result += "from 0 to " + ub + " took " + (Calendar.getInstance().getTime().getTime() - start.getTime()) / 1000 + " seconds"; From 0 to 3000 took 20 seconds. Is this enough to conclude that brute-forcing is not a practical method to breach the Blackberry? In general, how secure is BB Persistent Store?

    Read the article

  • What is this hacker trying to do?

    - by JW
    If you do a search for: http://www.google.co.uk/search?q=0x57414954464F522044454C4159202730303A30303A313527&hl=en&start=30&sa=N you will see a lot of examples of an attempted hack along the lines of: 1) declare @q varchar(8000) select @q = 0x57414954464F522044454C4159202730303A30303A313527 exec(@q) -- What is exactly is it trying to do? Which db is it trying to work on? Do you know of any advisories about this?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 267 268 269 270 271 272 273 274 275 276 277 278  | Next Page >