I have to implement Encryption using 3DES in java . I am new to it. Please suggest
- by Erick
I have to implement 3DES encryption using 3DES in java.
As I am new to this.
Could you please suggest and provide good samples to proceed.
Search Results
Search found 97980 results on 3920 pages for 'code security'.
Page 303/3920 | < Previous Page | 299 300 301 302 303 304 305 306 307 308 309 310 | Next Page >
-
-
Row level user permissions, help with design
- by bambam
Hi, Say I am creating a forums application, I understand how to design a forum level permission system with Groups. i.e. you create a forum to group mapping, and assign users to a group to give them access to a particular forum. How can I refine the permissions to allow for row level permissions (or in forum terms, post level).Read the article
-
Ruby - encrypted_strings
- by Tom Andersen
A bit of a Ruby newbie here - should be an easy question: I want to use the encrypted_strings gem to create a password encrypted string: (from http://rdoc.info/projects/pluginaweek/encrypted_strings) Question is: Everything works fine, but how come I don't need the password to decrypt the string? Say I want to store the string somewhere for a while,like the session. Is the password also stored with it? (which would seem very strange?). And no, I'm not planning on using 'secret-key' or any similar hack as a password. I am planning on dynamically generating a class variable @@password using a uuid, which I don't store other than in memory, and can change from one running of the program to the next. Symmetric: >> password = 'shhhh' => "shhhh" >> crypted_password = password.encrypt(:symmetric, :password => 'secret_key') => "qSg8vOo6QfU=\n" >> crypted_password.class => String >> crypted_password == 'shhhh' => true >> password = crypted_password.decrypt => "shhhh"Read the article
-
AES Encryption library
- by Spines
Is there a library or something that will allow me to simply call a function that will AES encrypt a byte array? I don't want to deal with multiple update blocks/transformFinal/etc, because there is a possibility I will mess up...Read the article
-
Setting WPF image source in code
- by Torbjørn
I'm trying to set a WPF image's source in code. The image is embedded as a resource in the project. By looking at examples I've come up with the below code. For some reason it doesn't work - the image does not show up. By debugging I can see that the stream contains the image data. So what's wrong? Assembly asm = Assembly.GetExecutingAssembly(); Stream iconStream = asm.GetManifestResourceStream("SomeImage.png"); PngBitmapDecoder iconDecoder = new PngBitmapDecoder(iconStream, BitmapCreateOptions.PreservePixelFormat, BitmapCacheOption.Default); ImageSource iconSource = iconDecoder.Frames[0]; _icon.Source = iconSource; The icon is defined something like this: <Image x:Name="_icon" Width="16" Height="16" />Read the article
-
Are there any differences between MSSQL and MySQL when it comes to preventing SQL injection?
- by Derek Adair
I am used to developing in PHP/MySQL and have no experience developing with MSSQL. I've skimmed over the PHP MSSQL documentation and it looks similar to MySQLi in some of the methods I read about. For example, with MySQL I utilize the function mysql_real_excape_string(). Is there a similar function with PHP/MSSQL? What steps do I need to take in order to protect against SQL injection with MSSQL? What are the differences between MSSQL and MySQL pertaining to SQL injection prevention?Read the article
-
Flex Inheriting Logged in User
- by Nick
I am trying to secure my Flex application within my Java web application. Currently my Java web application, handles logging and managing user accounts and the like. I was wondering if there is a way to essentially share that user credentials with the Flash movie in a secure mechanism? For instance, if you log in, we want you to be able to save items in the Flex application for that user, only if that user is logged in of course. Any ideas? Any help is greatly appreciated.Read the article
-
vb6: set SysTabControl32 by code
- by Fuxi
hi, i'm coding a little app for controlling soulseek - what i want do is clicking the "Search Files" button by code. i've got the handle to the tabbed control (SysTabControl32) and managed to change the tab with following code: rc1 = SendMessage(hwnd, TCM_SETCURFOCUS, ByVal 0, ByVal 0&) the problem: the tab control is changing to the proper button, but nothing happens. i assume i also also have to send a mouseclick to it, as when clicking by mouse, the button goes down and up again. any ideas how to do this? thxRead the article
-
Temporarily impersonate and enable privileges?
- by Luke
We maintain a DLL that does a lot of system-related things; traversing the file system, registry, etc. The callers of this DLL may or may not be using impersonation. In order to better support all possible scenarios I'm trying to modify it to be smarter. I'll use the example of deleting a file. Currently we just call DeleteFile(), and if that fails that's the end of that. I've come up with the following: BOOL TryReallyHardToDeleteFile(LPCTSTR lpFileName) { // 1. caller without privilege BOOL bSuccess = DeleteFile(lpFileName); DWORD dwError = GetLastError(); if(!bSuccess && dwError == ERROR_ACCESS_DENIED) { // failed with access denied; try with privilege DWORD dwOldRestorePrivilege = 0; BOOL bHasRestorePrivilege = SetPrivilege(SE_RESTORE_NAME, SE_PRIVILEGE_ENABLED, &dwOldRestorePrivilege); if(bHasRestorePrivilege) { // 2. caller with privilege bSuccess = DeleteFile(lpFileName); dwError = GetLastError(); SetPrivilege(SE_RESTORE_NAME, dwOldRestorePrivilege, NULL); } if(!bSuccess && dwError == ERROR_ACCESS_DENIED) { // failed with access denied; if caller is impersonating then try as process HANDLE hToken = NULL; if(OpenThreadToken(GetCurrentThread(), TOKEN_QUERY | TOKEN_IMPERSONATE, TRUE, &hToken)) { if(RevertToSelf()) { // 3. process without privilege bSuccess = DeleteFile(lpFileName); dwError = GetLastError(); if(!bSuccess && dwError == ERROR_ACCESS_DENIED) { // failed with access denied; try with privilege bHasRestorePrivilege = SetPrivilege(SE_RESTORE_NAME, SE_PRIVILEGE_ENABLED, &dwOldRestorePrivilege); if(bHasRestorePrivilege) { // 4. process with privilege bSuccess = DeleteFile(lpFileName); dwError = GetLastError(); SetPrivilege(SE_RESTORE_NAME, dwOldRestorePrivilege, NULL); } } SetThreadToken(NULL, hToken); } CloseHandle(hToken); hToken = NULL; } } } if(!bSuccess) { SetLastError(dwError); } return bSuccess; } So first it tries as the caller. If that fails with access denied, it temporarily enables privileges in the caller's token and tries again. If that fails with access denied and the caller is impersonating, it temporarily unimpersonates and tries again. If that fails with access denied, it temporarily enables privileges in the process token and tries again. I think this should handle pretty much any situation, but I was wondering if there was a better way to achieve this? There are a lot of operations that we would potentially want to use this method (i.e. pretty much any operation that accesses securable objects).Read the article
-
Rewriting Live TCP Streams
- by user213060
I want to rewrite TCP/IP streams. Ettercap's etterfilter command lets you perform simple live replacements of TCP/IP data based on fixed strings or regexes. Example: http://ettercap.sourceforge.net/forum/viewtopic.php?t=2833 I would like to rewrite streams based on my own filter program instead of just simple string replacements. Anyone have an idea of how to do this? Is there anything other than Ettercap that can do live replacement like this, maybe as a plugin to a VPN software or something? Thanks!Read the article
-
Choosing http status code for unknown command reply
- by w0rldart
So, I'm writing a small test that I have been required to complete and I just want to give it some final touches by adding some header status code responses and some other stuff. Right now, my dilemma is what HTTP status code to choose for my "Unknown command" response after the $_GET['cmd'] has been compared to the existing commands list. case 404: $text = 'Not Found'; break; case 405: $text = 'Method Not Allowed'; break; case 406: $text = 'Not Acceptable'; break; For which one of the above should I go? And if none, which other?Read the article
-
Setting a "dependency property" in code
- by Matt B
I'm on a roll today... I have the following code delaring a dependency property inside a class called ActionScreen: #region Dependency Properties & Methods public string DescriptionHeader { get { return (string)GetValue(DescriptionHeaderProperty); } set { SetValue(DescriptionHeaderProperty, value); } } // Using a DependencyProperty as the backing store for DescriptionHeader. This enables animation, styling, binding, etc... public static readonly DependencyProperty DescriptionHeaderProperty = DependencyProperty.Register("DescriptionHeader", typeof(string), typeof(ActionScreen), new UIPropertyMetadata("xxx")); #endregion I bind to this property in my Xaml as so: <GridViewColumn DisplayMemberBinding="{Binding Description}" Header="{Binding DescriptionHeader}" Width="350" /> Now I want to be able to set the parameter from my code behind when I recieve an event - but it's not working: public string DescColText { set { this.Dispatcher.Invoke(DispatcherPriority.Normal, new Action(delegate() { DescriptionHeader = value; })); } }Read the article
-
Shared User Session for Multiple ASP.NET Websites
- by Oliver
I have been tasked with developing a single Login and Dashboard page that user can login too, the user will then be shown all the systems (we developed) that they have access based to based on some roles stored in our databases. If they logged in we would like that "User Session" (not sure of correct terminology) to be carried to which ever system they are redirected too. To illustrate a very rough overview of what I want to achieve: Is there a way that a user can login in one site, and then carry over that login to the other sites? Help, Advice, Link will be much appreciated. Sorry I am not experienced at ASP.net but have a good understanding of Silverlight, C#, WPF. Thanks in advance.Read the article
-
Any way to get TStringList.CommaText to not escape commas with quotes?
- by Mason Wheeler
I'm doing some work with code generation, and one of the things I need to do is create a function call where one of the parameters is a function call, like so: result := Func1(x, y, Func2(a, b, c)); TStringList.CommaText is very useful for generating the parameter lists, but when I traverse the tree to build the outer function call, what I end up with looks like this: result := Func1(x, y, "Func2(a, b, c)"); It's quoting the third argument because it contains commas, and that produced invalid code. But I can't do something simplistic like StringReplace all double quotes with empty strings, because it's quite possible that a function argument could be a string with double quotes inside. Is there any way to make it just not escape the lines that contain commas?Read the article
-
An equivalent of -javaagent in C#? Or: ways to use a java framework in C#.
- by Alix
Hi everyone. This is probably something I should be able to figure out by myself, but I'm not having much luck so I figured I'd ask. The issue: I'm translating a system from java to C# and they use a java framework that I'd really like to use, since it takes care of the most complex parts of the system, which I would otherwise have to implement myself. I have the source code of this framework. I know there are several possibilities for using java libraries in C# (although I'm not familiar with any of them, so I'd appreciate suggestions). So far I've thought of using IKVM.NET to generate a .dll, but I'm not sure what to do next, because in java in order to run the framework with your code you're supposed to use the option -javaagent by adding -javaagent:bin/deuceAgent.jar (where deuceAgent is the framework) to your java command line. I don't know what the equivalent in C# would be once I have my .dll, or whether there's an equivalent at all. Any help? Thanks so much.Read the article
-
Apache attack on compromised server, iframe injected by string replace
- by Quang-Tuan Luong
My server has been compromised recently. This morning, I have discovered that the intruder is injecting an iframe into each of my HTML pages. After testing, I have found out that the way he does that is by getting Apache (?) to replace every instance of <body> by <iframe link to malware></iframe></body> For example if I browse a file residing on the server consisting of: </body> </body> Then my browser sees a file consisting of: <iframe link to malware></iframe></body> <iframe link to malware></iframe></body> I have immediately stopped Apache to protect my visitors, but so far I have not been able to find what the intruder has changed on the server to perform the attack. I presume he has modified an Apache config file, but I have no idea which one. In particular, I have looked for recently modified files by time-stamp, but did not find anything noteworthy. Thanks for any help. Tuan. PS: I am in the process of rebuilding a new server from scratch, but in the while, I would like to keep the old one running, since this is a business site.Read the article
-
Are these two functions overkill for sanitization?
- by jpjp
function sanitizeString($var) { $var = stripslashes($var); $var = htmlentities($var); $var = strip_tags($var); return $var; } function sanitizeMySQL($var) { $var = mysql_real_escape_string($var); $var = sanitizeString($var); return $var; } I got these two functions from a book and the author says that by using these two, I can be extra safe against XSS(the first function) and sql injections(2nd func). Are all those necessary? Also for sanitizing, I use prepared statements to prevent sql injections. I would use it like this: $variable = sanitizeString($_POST['user_input']); $variable = sanitizeMySQL($_POST['user_input']);Read the article
-
How can I protect my users from session hijacking?
- by Doug
How do I protect my users from session hijacking?Read the article
-
Restrict the page to be browsed in the other browser with the same urls
- by subash
how to restrict the page to be browsed in the other browser with the same urls with out logging asp.net & c#.net. i followed the following steps for example: i am logging in to a page developed in asp.net & c#.net. i am viewing a page.Let it be admin page. i am copying the url of the admin page. i am opening another browser window and pasting the url. i was able to see the same admin page in the other browser. the question is how to restrict the opening of admin page in other browser,if they try to open admin page in another browser while user is currently viewing the admin page then it should be redirected to the login page? how could this be accomplished? is there any thing could be done with "login" control tool of the .net frame work?Read the article
-
Capture DDE Data that is being streamed in to a software
- by user534391
Hello, I have a trading software that gets data from the internet. I want to capture that tick data. There is one software that has been made by a local develop which is able to do that and it looks like it uses DDE (NDde.dll, NetSQL.dll). I want to write a custom application that does the same. Any pointers how I can check how the data is being streamed and how to capture that data. I don't think it is encrypted, since the other developer would not have been able to decrypt either. I just need to scan how the software is getting the data. Thank you.Read the article
-
Why is Chrome reporting a secure / non secure warning when no other browsers aren't?
- by Frank Edwards
When I go to our web site through HTTPS mode, Chome is reporting an error saying that the page contains secure and not secure items. However, I used Firebug, Fiddler, and HttpDebuggerPro, all which are telling me that everything is going through HTTPS. Is this a bug in Chrome? Sorry but I'm unable to give out the actual URL.Read the article
-
PHP: Is mysql_real_escape_string sufficient for cleaning user input?
- by Thomas
Is mysql_real_escape_string sufficient for cleaning user input in most situations? ::EDIT:: I'm thinking mostly in terms of preventing SQL injection but I ultimately want to know if I can trust user data after I apply mysql_real_escape_string or if I should take extra measures to clean the data before I pass it around the application and databases. I see where cleaning for HTML chars is important but I wouldn't consider it necessary for trusting user input. TRead the article
-
Modifying a model and texture mid-game code
- by MicroPirate
Just have a question for anyone out there who knows some sort of game engine pretty well. What I am trying to implement is some sort of script or code that will allow me to make a custom game character and textures mid-game. A few examples would be along the lines of changing facial expressions and body part positions in the game SecondLife. I don't really need a particular language, feel free to use your favorite, I'm just really looking for an example on how to go about this. Also I was wondering if there is anyway to combine textures for optimization; for example if i wanted to add a tattoo to a character midgame, is there any code that could combine his body texture and the tattoo texture into one texture to use (this way I can simply just render one texture per body.) Any tips would be appreciated, sorry if the question is a wee bit to vauge.Read the article
-
Accessing WPF Template for Custom Control from Code behind
- by Ashwani Mehlem
Hi, i am trying to access a named grid inside a default template for a custom control from code behind. But it seems that the template for the control is null, even after calling ApplyTemplate(). Is that impossible inside the controls constuctor? Here's the code: Generic.xaml: ... <ControlTemplate TargetType="{x:Type local:TimeTableControl}"> <Grid Name="ContentGrid"> </Grid> </ControlTemplate> ... TimeTableControl.cs: public TimeTableControl() { ApplyTemplate(); contentGrid = (Grid)(Template.FindName("ContentGrid", this)); //Line above causes null-pointer-exception ... }Read the article
-
GWT RPC - Does it do enough to protect against CSRF ?
- by sri
GWT's RPC mechanism does the following things on every HTTP Request - Sets two custom request headers - X-GWT-Permutation and X-GWT-Module-Base Sets the content-type as text/x-gwt-rpc; charset=utf-8 The HTTP request is always a POST, and on server side GET methods throw an exception (method not supported). Also, if these headers are not set or have the wrong value, the server fails processing with an exception "possibly CSRF?" or something to that effect. Question is : Is this sufficient to prevent CSRF? Is there a way to set custom headers and change content type in a pure cross-site request forgery method?Read the article
