Search Results

Search found 97980 results on 3920 pages for 'code security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 309/3920 | < Previous Page | 305 306 307 308 309 310 311 312 313 314 315 316  | Next Page >

  • Can you figure out the password hashing scheme?

    - by Adal
    I have two passwords and two resulting hashes. I can't figure out how the hash is derived from the password. I don't know if salting is used. I don't know if the password is hashed as a integer value or as a string (possibly Unicode). Password: 6770 Hash: c12114b91a3841c143bbeb121693e80b Password: 9591 Hash: 25238d578b6a61c2c54bfe55742984c1 The hash length seems to suggest MD5. Anybody has any ideas what I could try? Note: This is not for hacking purposes. I'm trying to access a service through an API instead of it's desktop client, and I can't figure out how to compute the password hash. Currently instead of using my real password I'm sending directly the hash.

    Read the article

  • Conversion of VB Code to Delphi

    - by Bharat
    Hi, While searching in the net i got few lines of code in VB for extracting an image from EMF File. I tried to convert that into Delphi but doesnt work. Help me in converting this code to delphi. Public Function CallBack_ENumMetafile(ByVal hdc As Long, _ ByVal lpHtable As Long, _ ByVal lpMFR As Long, _ ByVal nObj As Long, _ ByVal lpClientData As Long) As Long Dim PEnhEMR As EMR Dim PEnhStrecthDiBits As EMRSTRETCHDIBITS Dim tmpDc As Long Dim hBitmap As Long Dim lRet As Long Dim BITMAPINFO As BITMAPINFO Dim pBitsMem As Long Dim pBitmapInfo As Long Static RecordCount As Long lRet = PlayEnhMetaFileRecord(hdc, ByVal lpHtable, ByVal lpMFR, ByVal nObj) RecordCount = RecordCount + 1 CopyMemory PEnhEMR, ByVal lpMFR, Len(PEnhEMR) Select Case PEnhEMR.iType Case 1 'header RecordCount = 1 Case EMR_STRETCHDIBITS CopyMemory PEnhStrecthDiBits, ByVal lpMFR, Len(PEnhStrecthDiBits) pBitmapInfo = lpMFR + PEnhStrecthDiBits.offBmiSrc CopyMemory BITMAPINFO, ByVal pBitmapInfo, Len(BITMAPINFO) pBitsMem = lpMFR + PEnhStrecthDiBits.offBitsSrc tmpDc = CreateDC("DISPLAY", vbNullString, vbNullString, ByVal 0&) hBitmap = CreateDIBitmap(tmpDc, _ BITMAPINFO.bmiHeader, _ CBM_INIT, _ ByVal pBitsMem, _ BITMAPINFO, _ DIB_RGB_COLORS) lRet = DeleteDC(tmpDc) End Select CallBack_ENumMetafile = True End Function

    Read the article

  • Why doesn't this code work correctly?

    - by MisterSir
    I'm working on a website that displays galleries, using jCarousel. But no matter what I try, I can't get it to work, and I need to finish this by today. I have a very urgent schedule. My code basically takes image URLs from a database and sends them to AJAX, which passes it to jCarousel which makes the gallery. But there are a few problems: It doesn't display correctly! I can only get the last item pulled from the database, and it displays on the bottom-most row. After the item pulled from the database is displayed, the first time I click on "prev" there's no scroll effect, and the item just disappears! Only if I click on "next" 2-3 times there's a scroll effect and the item remains visible. My items are always displayed at the end of the carousel! This is urgent.. Please help me fix this. about.html: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-us"> <head> <script type="text/javascript" src="jquery-1.4.4.min.js"></script> <script type="text/javascript" src="/lib/jquery.jcarousel.min.js"></script> <link rel="stylesheet" type="text/css" href="/skins/tango/skin.css" /> <!--<style type="text/css"> #wrapper { width: 700px; margin-left: auto; margin-right: auto; } #carousel { margin-top: 120px; padding-left: 120px; } #side { padding-left: 550px; position: absolute; padding-top: 120px; } #hidden { color: #FFFFFF; } </style>--> <script type="text/javascript"> jQuery.easing['BounceEaseOut'] = function(p, t, b, c, d) { if ((t/=d) < (1/2.75)) { return c*(7.5625*t*t) + b; } else if (t < (2/2.75)) { return c*(7.5625*(t-=(1.5/2.75))*t + .75) + b; } else if (t < (2.5/2.75)) { return c*(7.5625*(t-=(2.25/2.75))*t + .9375) + b; } else { return c*(7.5625*(t-=(2.625/2.75))*t + .984375) + b; } }; function mycarousel_initCallback(carousel) { jQuery('#mycarousel-next').bind('click', function() { carousel.next(); return false; }); jQuery('#mycarousel-prev').bind('click', function() { carousel.prev(); return false; }); }; jQuery(document).ready(function() { jQuery('#mycarousel').jcarousel({ easing: 'BounceEaseOut', wrap: "first", initCallback: mycarousel_initCallback, animation: 1000, scroll: 3, visible: 3, buttonNextHTML: null, buttonPrevHTML: null }); jQuery('#mycarousel2').jcarousel({ easing: 'BounceEaseOut', animation: 1000, wrap: "first", initCallback: mycarousel_initCallback, scroll: 3, visible: 3, buttonNextHTML: null, buttonPrevHTML: null }); jQuery('#mycarousel3').jcarousel({ easing: 'BounceEaseOut', animation: 1000, scroll: 3, wrap: "first", initCallback: mycarousel_initCallback, visible: 3, buttonNextHTML: null, buttonPrevHTML: null }); }); var prevButton = null; function getObject(b, el) { var currbutton = b; var http; var url = "about.php"; var parameters = "d=carousel&cat=" + currbutton; try { http = new XMLHttpRequest(); } catch(e) { try { http = new ActiveXObject("Msxml2.XMLHTTP"); } catch(e) { http = new ActiveXObject("Microsoft.XMLHTTP"); } } function getServer() { if (http.readyState == 4) { var i = 0; var liArr = http.responseText; var built = liArr.split(", "); var li = document.createElement("li"); var ul1 = document.getElementById("mycarousel"); var ul2 = document.getElementById("mycarousel2"); var ul3 = document.getElementById("mycarousel3"); if (el != prevButton) { prevButton = el; while (ul1.hasChildNodes() ) {ul1.removeChild(ul1.lastChild);} while (ul2.hasChildNodes() ) {ul2.removeChild(ul2.lastChild);} while (ul3.hasChildNodes() ) {ul3.removeChild(ul3.lastChild);} } else return 0; while (i < (built.length) / 3) { li.innerHTML = built[i]; ul1.appendChild(li); i++; } while (i < ((built.length) / 3)*2) { li.innerHTML = built[i]; ul2.appendChild(li); i++; } while (i < (built.length)) { li.innerHTML = built[i]; ul3.appendChild(li); i++; } } } http.open("POST", url, true); http.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); http.setRequestHeader("Content-length", parameters.length); http.setRequestHeader("Connection", "close"); http.onreadystatechange = getServer; http.send(parameters); } </script> </head> <body> <span id="hidden"> </span> <div id="wrapper"> <div id="side"> <form name="cats"> <input type="button" value="Hats" onclick="getObject('hats', this);"/><br /> <input type="button" value="Pants" onclick="getObject('pants', this);"/><br /> <input type="button" value="Shirts" onclick="getObject('shirts', this);"/><br /> </form> </div> <div id="carousel"> <ul id="mycarousel" class="jcarousel-skin-tango"> </ul> <ul id="mycarousel2" class="jcarousel-skin-tango"> </ul> <ul id="mycarousel3" class="jcarousel-skin-tango"> </ul> <input type="button" id="mycarousel-prev" value="prev" /> <input type="button" id="mycarousel-next" value="next" /> </div> </div> </body> </html> I commented the CSS because I thought it was giving me trouble, but honestly I have no idea what the hell's going on with jCarousel. about.php: <?php echo "<img width='75' height='75' src='http://static.flickr.com/66/199481236_dc98b5abb3_s.jpg' />, hi, hi, hi, hi, hi, hi, hi, hi"; ?> Also, even if there are no other items than what is displayed, I'm still able to scroll back, but not forward, assumingly because my item is always placed at the end of the carousel. I know it looks like a lot of code but it's really not! My formatting takes a lot of lines, the commented CSS takes a lot, and a lot of the code is HTML and jCarousel configuration, and there's also the BounceEasing effect which takes a few lines. There's not much actual code! So as I said, this is urgent and I need this fixed. But I can't get it to work. Please help me! Thanks for your time! EDIT: I changed the code a bit, but it still does not work. I really need help on this one!! EDIT: I added document.createElement("li"); to each while loop. Now all my items are displayed, but they are displayed vertically and not horizontally on each row. Other than that all other problems are the same. EDIT: Oh and also, in the row my image displays, only the image is there. Maybe jCarousel doesn't accept img and text, I don't know.

    Read the article

  • setting url in yaml file for google app engin (page not found) problem

    - by mswallace
    I am new to python and I am super excited to learn. I am building my first app on app engin and I am not totally understanding why my yaml file is not resolving to the url that I set up. here is the code handlers: - url: .* script: main.py - url: /letmein/.* script: letmein.py so if I go to http://localhost:8080/letmein/ I get a link is brooken or page not found error. here is the python code that I have in letmein.py from google.appengine.ext import webapp from google.appengine.ext.webapp import util class LetMeInHandler(webapp.RequestHandler): def get(self): self.response.out.write('letmein!') def main(): application = webapp.WSGIApplication([('/letmein/', LetMeInHandler)], debug=True) util.run_wsgi_app(application) if __name__ == '__main__': main() thanks in advance for the help!

    Read the article

  • Visual Studio confused by server code inside javascript

    - by Felix
    I ran into an annoying problem: the following code gives a warning in Visual Studio. <script type="text/javascript"> var x = <%: ViewData["param"] %>; </script> The warning is "Expected expression". Visual Studion gets confused, and all the javascript code after that is giving tons of warnings. Granted, it's all warnings, and it works perfectly fine in runtime - but it is very easy to miss real warnings among dozen of false positives. It was working the same way in VS2008, and it wasn't fixed in VS2010. Does anybody know if there is a workaround, or a patch?

    Read the article

  • Please Critique this PHP Login Script

    - by NightMICU
    Greetings, A site I developed was recently compromised, most likely by a brute force or Rainbow Table attack. The original log-in script did not have a SALT, passwords were stored in MD5. Below is an updated script, complete with SALT and IP address banning. In addition, it will send a Mayday email & SMS and disable the account should the same IP address or account attempt 4 failed log-ins. Please look it over and let me know what could be improved, what is missing, and what is just plain strange. Many thanks! <?php //Start session session_start(); //Include DB config include $_SERVER['DOCUMENT_ROOT'] . '/includes/pdo_conn.inc.php'; //Error message array $errmsg_arr = array(); $errflag = false; //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return $str; } //Define a SALT, the one here is for demo define('SALT', '63Yf5QNA'); //Sanitize the POST values $login = clean($_POST['login']); $password = clean($_POST['password']); //Encrypt password $encryptedPassword = md5(SALT . $password); //Input Validations //Obtain IP address and check for past failed attempts $ip_address = $_SERVER['REMOTE_ADDR']; $checkIPBan = $db->prepare("SELECT COUNT(*) FROM ip_ban WHERE ipAddr = ? OR login = ?"); $checkIPBan->execute(array($ip_address, $login)); $numAttempts = $checkIPBan->fetchColumn(); //If there are 4 failed attempts, send back to login and temporarily ban IP address if ($numAttempts == 1) { $getTotalAttempts = $db->prepare("SELECT attempts FROM ip_ban WHERE ipAddr = ? OR login = ?"); $getTotalAttempts->execute(array($ip_address, $login)); $totalAttempts = $getTotalAttempts->fetch(); $totalAttempts = $totalAttempts['attempts']; if ($totalAttempts >= 4) { //Send Mayday SMS $to = "[email protected]"; $subject = "Banned Account - $login"; $mailheaders = 'From: [email protected]' . "\r\n"; $mailheaders .= 'Reply-To: [email protected]' . "\r\n"; $mailheaders .= 'MIME-Version: 1.0' . "\r\n"; $mailheaders .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; $msg = "<p>IP Address - " . $ip_address . ", Username - " . $login . "</p>"; mail($to, $subject, $msg, $mailheaders); $setAccountBan = $db->query("UPDATE ip_ban SET isBanned = 1 WHERE ipAddr = '$ip_address'"); $setAccountBan->execute(); $errmsg_arr[] = 'Too Many Login Attempts'; $errflag = true; } } if($login == '') { $errmsg_arr[] = 'Login ID missing'; $errflag = true; } if($password == '') { $errmsg_arr[] = 'Password missing'; $errflag = true; } //If there are input validations, redirect back to the login form if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header('Location: http://somewhere.com/login.php'); exit(); } //Query database $loginSQL = $db->prepare("SELECT password FROM user_control WHERE username = ?"); $loginSQL->execute(array($login)); $loginResult = $loginSQL->fetch(); //Compare passwords if($loginResult['password'] == $encryptedPassword) { //Login Successful session_regenerate_id(); //Collect details about user and assign session details $getMemDetails = $db->prepare("SELECT * FROM user_control WHERE username = ?"); $getMemDetails->execute(array($login)); $member = $getMemDetails->fetch(); $_SESSION['SESS_MEMBER_ID'] = $member['user_id']; $_SESSION['SESS_USERNAME'] = $member['username']; $_SESSION['SESS_FIRST_NAME'] = $member['name_f']; $_SESSION['SESS_LAST_NAME'] = $member['name_l']; $_SESSION['SESS_STATUS'] = $member['status']; $_SESSION['SESS_LEVEL'] = $member['level']; //Get Last Login $_SESSION['SESS_LAST_LOGIN'] = $member['lastLogin']; //Set Last Login info $updateLog = $db->prepare("UPDATE user_control SET lastLogin = DATE_ADD(NOW(), INTERVAL 1 HOUR), ip_addr = ? WHERE user_id = ?"); $updateLog->execute(array($ip_address, $member['user_id'])); session_write_close(); //If there are past failed log-in attempts, delete old entries if ($numAttempts > 0) { //Past failed log-ins from this IP address. Delete old entries $deleteIPBan = $db->prepare("DELETE FROM ip_ban WHERE ipAddr = ?"); $deleteIPBan->execute(array($ip_address)); } if ($member['level'] != "3" || $member['status'] == "Suspended") { header("location: http://somewhere.com"); } else { header('Location: http://somewhere.com'); } exit(); } else { //Login failed. Add IP address and other details to ban table if ($numAttempts < 1) { //Add a new entry to IP Ban table $addBanEntry = $db->prepare("INSERT INTO ip_ban (ipAddr, login, attempts) VALUES (?,?,?)"); $addBanEntry->execute(array($ip_address, $login, 1)); } else { //increment Attempts count $updateBanEntry = $db->prepare("UPDATE ip_ban SET ipAddr = ?, login = ?, attempts = attempts+1 WHERE ipAddr = ? OR login = ?"); $updateBanEntry->execute(array($ip_address, $login, $ip_address, $login)); } header('Location: http://somewhere.com/login.php'); exit(); } ?>

    Read the article

  • Implementing password hashing/salting algorithm from crackstation.net

    - by Mason240
    I am trying to implement a password hashing/salting algorithm from crackstation.net, but I am unsure how implement it. Storing the password upon user registration seems to be as simple as passing the password into create_hash(). $password = create_hash($_POST['Password']; I'm not following how to validate upon user login. validate_password($password, $good_hash) returns either true or false, and takes $password as parameter, so it seems like a no brainer except for the second parameter $good_hash. Where does this param come from? It is my understanding that password is turned into a hash value every time its used, and that the hash value is what is stored and compared. So why would I have both the $password and $good_hash values? Quick overview of the functions: function create_hash($password){ calls pbkdf2() } function validate_password($password, $good_hash){ calls pbkdf2() calls slow_equals() } function slow_equals($a, $b){ } function pbkdf2($algorithm, $password, $salt, $count, $key_length, $raw_output = false){ } Of course a different, better method for this would also be just as helpful. Thank you

    Read the article

  • Forbid developer to commit code because of making weekly build

    - by Xinwang
    Our development team (about 40 developers) has a formal build every two weeks. We have a process that in the "build day", every developers are forbiden to commit code into SVN. I don't think this is a good idea because: Build will take days (even weeks in bad time) to make and BVT. People couldn't comit code as they will, they will not work. People will comit all codes in a hurge pack, so the common is hard to write. I want know if your team has same policy, and if not how do you take this situation. Thanks

    Read the article

  • standard encryption decryption across different platforms

    - by Raj
    hey guys i need to implement a standard encryption decryption logic across an entire project platform which has different clients implemented using different platforms as follows: 1) iphone app (objectiv c) 2) website (classic asp) 3) webservice (asp.net) the iphone app as well as the website need to send info to webservice using encrypted query strings the web service then decrypts this and processes the info further wanted to know the simplest way to achieve this. is there some free and ready to use binary available with an easy to use api to achieve this? encryption needs to be as secure as possible thnx in advance

    Read the article

  • Optimal password salt length

    - by Juliusz Gonera
    I tried to find the answer to this question on Stack Overflow without any success. Let's say I store passwords using SHA-1 hash (so it's 160 bits) and let's assume that SHA-1 is enough for my application. How long should be the salt used to generated password's hash? The only answer I found was that there's no point in making it longer than the hash itself (160 bits in this case) which sounds logical, but should I make it that long? E.g. Ubuntu uses 8-byte salt with SHA-512 (I guess), so would 8 bytes be enough for SHA-1 too or maybe it would be too much?

    Read the article

  • How to securely pass credit card information between pages in PHP

    - by Alex
    How do you securely pass credit card information between pages in PHP? I am building an ecommerce application and I would like to have the users to go through the checkout like this: Enter Information - Review - Finalize Order Problem is that I am not sure on how to safely pass credit information from when the user inputs them to when I process it (at the Finalize Order step). I heard using sessions is insecure, even with encryption. Any help would be appreciated!

    Read the article

  • 2008 Datacenter Word Automation issue

    - by Brad
    We have an application that uses word automation. It works fine under Windows XP, but does not work on our Windows Server 2008 64-bit virtual machine running on VMware ESX unless it is running as the domain administrator. Under any other account (including a local admin), Word starts, uses a lot of CPU for 40 seconds when opening a document, and then just hangs. Our application does not access anything not on the local machine, and this machine is not being used for anything else (not a domain controller, etc). I know others have posted similar issues, with the solution of creating a Desktop folder somewhere under the windows directory. We did this, and it did not solve the problem (Word did not get as far as it did before we did this though). Please don't turn this into a thread about why I am trying to do this, whether I should do this, or whether I need to. For argument sake, I don't need to do this, but understanding what privilege a local admin does not have that is needed to do this is a legitimate concern.

    Read the article

  • Safe executing shell scripts; escaping vars before execution.

    - by Kirzilla
    Hello, Let's imagine that we have a simple php script that should get ssh_host, ssh_username, ssh_port from $_GET array and try to connect using this parameters to SSH. $port = escapeshellcmd($_GET['ssh_port']); $host = escapeshellcmd($_GET['ssh_host']); $username = escapeshellcmd($_GET['ssh_username']); $answer = shell_exec("ssh -p " . $port . " " . $user . "@" . $host); Is escapeshellcmd() enough or I need something more tricky? Or maybe I should use escapeshellarg() in this example? Thank you.

    Read the article

  • Feasability of reverse engineering some embedded code

    - by user258526
    All, My company is in the situation where we are using an embedded control system from another company in another country. We do not have the source code or the schematics to this system, and the manufacturer doesn't want to release them, seemingly at any price or under any terms. We are thus stuck with a 6 month turn around to get even a small modification done, and they can basically charge any amount they want. Legal aspects aside, would it be at all feasible to reverse engineer the embedded code back into C? Do any companies exist that could do this for us? Thank you, Fred

    Read the article

  • Integrating 3rd-party forum software to member-based website

    - by john
    When using some existing forum software in a larger web-site, how easy is it to: 1)Make your site's login functionality log the user into the forum 2)Make your site's registration functionality create forum login data I suppose in a way it might be easier to ONLY use the forum's database for maintaining users, but that means trusting it with sensitive data. I'm planning an integration between an existing bespoke desktop app and a new bespoke web-site which should include forums. I don't know which forums will be used but I know the new web functionality won't be PHP-based. I figure that's not a big deal but I'm wondering if forums typically allow configuration of where they look for login data, to avoid duplicating this data into my DB and the forum DB.

    Read the article

  • Help in debugging the string concatenation code

    - by mithun1538
    I have a code to concatenate strings. However, for some reason, the final string is not a combination of the required strings. Consider the following code : //cusEmail is of type String[] String toList = ""; for(i=0; i < cusEmail.length - 1; i++) { toList.concat(cusEmail[i]); toList.concat("; "); System.out.println(cusEmail[i]); } toList.concat(cusEmail[i]); System.out.println(toList); The first sout statement displays the strings in cusEmail[i] correctly. However, once concatenated, the second sout displays a blank / empty. Any reason for this? Am i concatenating it correctly?

    Read the article

  • How should I protect against hard link attacks?

    - by Thomas
    I want to append data to a file in /tmp. If the file doesn't exist I want to create it I don't care if someone else owns the file. The data is not secret. I do not want someone to be able to race-condition this into writing somewhere else, or to another file. What is the best way to do this? Here's my thought: fd = open("/tmp/some-benchmark-data.txt", O_APPEND | O_CREAT | O_NOFOLLOW | O_WRONLY, 0644); fstat(fd, &st); if (st.st_nlink != 1) { HARD LINK ATTACK! } What's the right way? Besides not using a world-writable directory.

    Read the article

  • My site was recently attacked. What do I do?

    - by ChrisH
    This is a first for me. One of the sites I run was recently attacked. Not at all an intelligent attack - pure brute force - hit every page and every non-page with every extension possible. Posted with garbage data to every form and tried to post to some random urls too. All tod, 16000 requests in one hour. What should I do to prevent/alert this kind of behavior? Is there a way to limit the request/hr for a given ip/client? Is there a place I should be reporting the user to? They appear to be from China and did leave what seems like a valid e-mail.

    Read the article

  • proper Django ORM syntax to make this code work in MySQL

    - by gtujan
    I have the following django code working on an sqlite database but for some unknown reason I get a syntax error if I change the backend to MySQL...does django's ORM treat filtering differently in MySQL? def wsjson(request,imei): wstations = WS.objects.annotate(latest_wslog_date=Max('wslog__date'),latest_wslog_time=Max('wslog__time')) logs = WSLog.objects.filter(date__in=[b.latest_wslog_date for b in wstations],time__in=[b.latest_wslog_time for b in wstations],imei__exact=imei) data = serializers.serialize('json',logs) return HttpResponse(data,'application/javascript') The code basically gets the latest logs from WSlog corresponding to each record in WS and serializes it to json. Models are defined as: class WS(models.Model): name = models.CharField(max_length=20) imei = models.CharField(max_length=15) description = models.TextField() def __unicode__(self): return self.name class WSLog(models.Model): imei = models.CharField(max_length=15) date = models.DateField() time = models.TimeField() data1 = models.DecimalField(max_digits=8,decimal_places=3) data2 = models.DecimalField(max_digits=8,decimal_places=3) WS = models.ForeignKey(WS) def __unicode__(self): return self.imei

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 305 306 307 308 309 310 311 312 313 314 315 316  | Next Page >