Search Results

Search found 97980 results on 3920 pages for 'code security'.

Page 319/3920 | < Previous Page | 315 316 317 318 319 320 321 322 323 324 325 326  | Next Page >

  • Secure password transmission over unencrypted tcp/ip

    - by academicRobot
    I'm in the designing stages of a custom tcp/ip protocol for mobile client-server communication. When not required (data is not sensitive), I'd like to avoid using SSL for overhead reasons (both in handshake latency and conserving cycles). My question is, what is the best practices way of transmitting authentication information over an unencrypted connection? Currently, I'm liking SRP or J-PAKE (they generate secure session tokens, are hash/salt friendly, and allow kicking into TLS when necessary), which I believe are both implemented in OpenSSL. However, I am a bit wary since I don't see many people using these algorithms for this purpose. Would also appreciate pointers to any materials discussing this topic in general, since I had trouble finding any.

    Read the article

  • Accessing Identity.AuthenticationType

    - by Tewr
    While implementing a custom authentication type in a wcf service, I'm trying to read the property IIdentity.AuthenticationType using the call Thread.CurrentPrincipal.Identity.AuthenticationType. Unless the account running the service is local administrator, UnauthorizedAccessException is thrown when accessing this property, much like described in this support thread. I can however reset the Thread.CurrentPrincipalobject without hassle, thus altering the Authentication Type - But read it, I cannot. Is running as an administrator the only way here or is there some trick to let the user running the service "just" access this property?

    Read the article

  • Can I tell if the iPhone has a passcode?

    - by tewha
    I'm developing an application that asks for a PIN when you start it. That's not great, but I can live with it. The problem is I'm being asked to ask for the PIN each time the phone wakes from sleep, too. Combined with the OS asking for its passcode, it's too much. Is there any legitimate way to detect if the phone has a passcode required for waking, so I can skip requiring a PIN in this case? I don't want to know the PIN and I don't actually care if it was locked (for instance, if the phone was asleep very briefly), I just want to know that the data is in some way "protected."

    Read the article

  • Best Tools for Software Maintenance Engineering

    - by Pev
    Yes, the dreaded 'M' word. You've got a workstation, source control and half a million lines of source code that you didn't write. The documentation was out of date the moment that it was approved and published. The original developers are LTAO, at the next project/startup/loony bin and not answering email. What are you going to do? {favourite editor} and Grep will get you started on your spelunking through the gnarling guts of the code base but what other tools should be in the maintenance engineers toolbox? To start the ball-rolling; I don't think I could live without source-insight for C/C++ spelunking. (DISCLAIMER: I don't work for 'em).

    Read the article

  • WINSDK: Determining whether an arbitrary pid identifies a running process on Windows

    - by Vlad Romascanu
    Attempting to implement a poor man's test of whether a process is still running or not (essentially an equivalent of the trivial kill(pid, 0).) Hoped to be able to simply call OpenProcess with some minimal desired access then test for either GetLastError() == ERROR_INVALID_PARAMETER or GetExitCodeProcess(...) != STILL_ACTIVE. Nice try... Running on Windows XP, as administrator: HANDLE hProc = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, pid); if (!hProc) { DWORD dwLastError = GetLastError(); } ...fails miserably with dwLastError == ERROR_ACCESS_DENIED when pid is owned by a different (not SYSTEM) user. Moreover, if pid was originally owned by a different user but has since terminated, OpenProcess also fails with ERROR_ACCESS_DENIED (not ERROR_INVALID_PARAMETER.) Do I have to use Process32First/Process32Next or EnumProcesses? I absolutely do not want to use SeDebugPrivilege. Thanks, V

    Read the article

  • Detecting use after free() on windows.

    - by The Rook
    I'm trying to detect "Use after free()" bugs, otherwise known as "Dangling pointers". I know Valgrind can be used to detect "Use after free" bugs on the *nix platform, but what about windows? What if I don't have the source? Is there a better program than Valgrind for detecting all dangling pointers in a program? A free and open source would be preferred , but I'll use a commercial solution if it will get the job done.

    Read the article

  • Gnome screensaver

    - by BParker
    Hi, After many years of Windows development in C/C++ i've decided to make a move to linux, and see if i can put together a simple screen saver. The code is an SDL based OpenGL particle engine affair, nothing too complex. I've got the code running ok as a stand-alone app, but i have been having some trouble finding out how to build a screen saver app. I'm running ubuntu 10.04 if that makes much difference, but i was wondering if anyone can point me in the direction of a decent tutorial on building basic gnome screen savers. Thanks

    Read the article

  • How do I secure a folder used to let users upload files?

    - by Eduardo Molteni
    I have a folder in my web server used for the users to upload photos using an ASP page. Is it safe enough to give IUSR write permissions to the folder? Must I secure something else? I am afraid of hackers bypassing the ASP page and uploading content directly to the folder. I'm using ASP classic and IIS6 on Windows 2003 Server. The upload is through HTTP, not FTP. Edit: Changing the question for clarity and changing my answers as comments.

    Read the article

  • storing original password text

    - by Richard
    My application stores external website login/passwords for interaction with them. To interact with these website I need to use the original password text, so storing just the hash in my database is not going to work. How should I store these passwords?

    Read the article

  • What are the effects of using VS2005 to migrate from .NET 1.1

    - by andy
    Hey guys, I'm working on some legacy code for a client, involving Microsoft Content Management System (MCMS). Currently, everything is local, the code, MCMS, SQLServer, and IIS (5.x). I copied the project folder, and then opened the new copied solution in VS2005, and let it do it's conversion thing. But now nothing works. I've nnotice there have been some changes to IIS profile. What are the extent of these changes...?? Also, my VS2003 fails to recognize the Web Project?? Anyone have any idea what's going on? cheers!

    Read the article

  • Is it immoral to put a captcha on a login form?

    - by azkotoki
    In a recent project I put a captcha test on a login form, in order to stop possible brute force attacks. The immediate reaction of other coworkers was a request to remove it, saying that it was inapropiate for that purpose, and that it was quite exotic to see a captcha in that place. I've seen captcha images on signup, contact, password recovery forms, etc. So I personally don't see inapropiate to put a captcha also on a place like that. Well, it obviously burns down usability a little bit, but it's a matter of time and getting used to it. With the lack of a captcha test, one would have to put some sort of blacklist / account locking mechanism, which also has some drawbacks. Is it a good choice for you? Am I getting somewhat captcha-aholic and need some sort of group therapy? Thanks in advance.

    Read the article

  • jQuery code to track clicks on outgoing links (google analystics)

    - by Tristan
    Hello, I found this on the web: $('a[href^=http]:not("[href*=://' + document.domain + ']")').click(function() { pageTracker._trackPageview('/outgoing/' + $(this).attr('href')); }); But it's not working. In my Google Analytics account there are no /outgoing/ links showing (it's been 24+ hours since I implemented it). What's wrong with this code? I'm using jQuery of course ;) (PS : i already have : <script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); </script> <script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA MY CODE"); pageTracker._trackPageview(); } catch(err) {}</script>)

    Read the article

  • Appending html code to a section inside a dialog window isn't working in IE6

    - by user338413
    I'm using jQuery's validation on a form. When the form is validated, I'm using a submitHandler to fill a dialog with data from the form then I open the dialog to display it. Works great except for in IE6. Nothing displays. I've tried initializing the dialog before and after running the validation code but neither makes a difference. Here's the validation code: $("#acct").validate({ ... submitHandler: function() { fillVerificationDialog(); $("#verification_dialog").dialog('open'); return false; } }); Here's the fillVerificationDialog: function fillVerificationDialog() { $("#dialog-data").empty(); $("<span class='label'>").text("First Name: ").appendTo("#dialog-data"); $("<span class='value'>").text($("#firstname").val()).appendTo("#dialog-data"); $("<br/>").appendTo("#dialog-data"); ... }

    Read the article

  • REST authentication S3 like hmac sha1 signature vs symetric data encryption.

    - by coulix
    Hello stackers, I was arguing about an S3 like aproach using authorization hash with a secret key as the seed and some data on the request as the message signed with hmac sha1 (Amazon S3 way) vs an other developer supporting symetric encryption of the data with a secret key known by the emiter and the server. What are the advantage of using signed data with hmac sha1 vs symetric key other than the fact that with the former, we do not need to encrypt the username or password. What would be the hardest to break ? symetric encryption or sha1 hashing at la S3 ? If all big players are using oauth and similar without symetric key it is sure that there are obvious advantages, what are those ?

    Read the article

  • aspnet_regsql questions and users and role

    - by Alexander
    I spend quite some hours banging my head against the wall trying to set up the aspnet membership / roles tables in my SQL server database instead of having them exist inside the App_Code/ASPNETDB.MDF file because that file wasn't working correctly on my host. I eventually figured out the problem by following Scott's gu here and was able to resolve it by running the aspnet_regsql.exe utility and creating a connection string for LocalSqlServer. The ridiculous part about it is that after running the aspnet_regsql and upload my database to my webhost all of my users and role that I have already created is gone. The user, membership, role, etc is gone. I can't populate this using the Web Site Administration Tool as it's not visual studio now. So what is the easiest way to populate the user, role, etc to my SQL Server as I now have dbo.aspnet_Application, dbo.aspnet_Paths, dbo.aspnet_Roles, etc...etc...

    Read the article

  • Do similar passwords have similar hashes?

    - by SLC
    Our computer system at work requires users to change their password every few weeks, and you cannot have the same password as you had previously. It remembers something like 20 of your last passwords. I discovered most people simply increment a digit at the end of their password, so "thisismypassword1" becomes "thisismypassword2" then 3, 4, 5 etc. Since all of these passwords are stored somewhere, I wondered if there was any weakness in the hashes themselves, for standard hashing algorithms used to store passwords like MD5. Could a hacker increase their chances of brute-forcing the password if they have a list of hashes of similar passwords?

    Read the article

  • Code won't exit foreach block

    - by Matt
    I've got the following C# code segment that takes a list, finds objects that are ready to update, then shoves them into a temp list, deletes from the main list, and then goes on its merry way. My issue is that the foreach block, which cycles through my main list, won't exit. TempLog.Clear(); //Ensure TempLog is empty foreach (CLogger ready in PlayerLog) { if (ready.UpdateReady == true) // Record is ready to be updated in database { TempLog.Add(ready); // Add record to templog PlayerLog.Remove(ready); // Remove from playerlog } } <---- Never reaches this point if (TempLog.Count > 0) // Just check that templog isn't empty { new Thread(Update).Start(); // Run update code } I've put heaps of debugging in, and I can watch PlayerLog start at 1, TempLog at 0, then it enters the foreach loop, picks up that the record UpdateReady flag is on, TempLog goes to 1, PlayerLog goes to 0, then it just stops.. No errors, just stops.. Thanks for the help :)

    Read the article

  • unfounded Secure Unsecure Messages

    - by Marty Trenouth
    I'm having significant difficulty locating the root cause for a secure/insecure message comming from IE. I've looked through the entire output and there are NO references to http: I've searched for unsource Iframes, which cause this message, and there are none and other than jquery 1.4 there isn't even the text "iframe" in the source. I'm almost at an end trying the cause for this. Does anyone have any ideas

    Read the article

  • How do I generate (ActionSctipt) classes for a new project?

    - by Iain
    Whenever I start a new game, I make a whole bunch of classes that extend my base classes, so: com.blah.Game extends com.iainlobb.Game and has some setup code com.blah.Player extends com.iainlobb.Player, and has some setup code etc Now all I need is a way to generate these classes at the start of the project so I don't have to create each one manually. It will save me at least an hour of faffing around per game. So how do I do it? I normally use FlashDevelop but I also have FlexBuilder 3, or I'm happy to download whatever other software I need (PC). Thanks.

    Read the article

< Previous Page | 315 316 317 318 319 320 321 322 323 324 325 326  | Next Page >