password complexity - Page 384

Redirect into two different page after login.jsp according user category

- by Ryon

I have created a login.jsp with some login username and password. Users are categorized into A and B. Then I have to redirect each user according to the user category. I also need to retrieve the username in the next page. My form in login.jsp page is something like this: <form method="POST" action='<%= response.encodeURL("j_security_check") %>' Do I have to use javax.servlet.Filter? what should be added in web.xml? Anyone had an idea how to do it?

Read the article

How can I know if a file has been changed in .NET C#?

- by Anthony D

I have an application that requires a secure way to store its configuration. There are users that can change the configuration. I need some sort of signature scheme where I can verify that the config file has not changed with out a valid user. I had thought about using RSA, where the private key is encrypted with the users password, and the public key is used to sign the config. However there is nothing to prevent someone from changing the user file and adding their own public key, thus circumventing my security. Any ideas?

Read the article

Is it immoral to put a captcha on a login form?

- by azkotoki

In a recent project I put a captcha test on a login form, in order to stop possible brute force attacks. The immediate reaction of other coworkers was a request to remove it, saying that it was inapropiate for that purpose, and that it was quite exotic to see a captcha in that place. I've seen captcha images on signup, contact, password recovery forms, etc. So I personally don't see inapropiate to put a captcha also on a place like that. Well, it obviously burns down usability a little bit, but it's a matter of time and getting used to it. With the lack of a captcha test, one would have to put some sort of blacklist / account locking mechanism, which also has some drawbacks. Is it a good choice for you? Am I getting somewhat captcha-aholic and need some sort of group therapy? Thanks in advance.

Read the article

Git Clone from SSH Repository

- by Mike Silvis

I used to be able to clone from my personal git repository but now i seem to be running into an error. user:dev.site.com mikesilvis$ git clone { my ssh directory } server@ipaddress's password: remote: Counting objects: 3622, done. remote: Compressing objects: 100% (2718/2718), done. error: git upload-pack: git-pack-objects died with error. fatal: git upload-pack: aborting due to possible repository corruption on the remote side. remote: aborting due to possible repository corruption on the remote side. fatal: early EOF fatal: index-pack failed It seems to be working however while I push files to the repository.

Read the article

.NET connecting to oracle problems with the connectionstring

- by Oxymoron

At the moment I'm trying to make a connection to a local server. Connecting via, say, TOAD works fine. When I try to connect using .NET I get ora-12154. Which puzzles me, since I'm using the connectionstring from my TNSNAMES.ora file: XE = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = myPC)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = XE) ) ) As follows: private string connectionString = "Data Source=(DESCRIPTION =" +" (ADDRESS_LIST=(ADDRESS = (PROTOCOL = TCP)(HOST = myPC)(PORT = 1521)))" +" (CONNECT_DATA = (SERVER = DEDICATED)(SERVICE_NAME = XE));" +"User Id=sys;Password=zsxyzabc;"; Any ideas?

Read the article

Java String to SHA1

- by AeroDroid

I'm trying to make a simple String to SHA1 converter in Java and this is what I've got... public static String toSHA1(byte[] convertme) { MessageDigest md = null; try { md = MessageDigest.getInstance("SHA-1"); } catch(NoSuchAlgorithmException e) { e.printStackTrace(); } return new String(md.digest(convertme)); } When I pass it toSHA1("password".getBytes()), I get "[?a?????%l?3~??." I know it's probably a simple encoding fix like UTF-8, but could someone tell me what I should do to get what I want which is "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8"? Or am I doing this completely wrong? Thanks a lot!

Read the article

Ruby on Rails: How can I authenticate different user types from one place?

- by sscirrus

Hi everyone! This is my first post on Stack Overflow. I am trying to build a system that authenticates three types of user with completely different site experiences: Customers, Employers, and Vendors. I'm thinking of using a polymorphic 'User' table (using AuthLogic) with username, password, and user_type (+ AuthLogic's other required fields). If this is a good way to go, how do I set this up so after authenticating an user_id with a user_type the standard way, I can direct the user to the page that's right for them? Thanks.

Read the article

Is there a programming language with be semantics close to English ?

- by ivo s

Most languages allow to 'tweek' to certain extend parts of the syntax (C++,C#) and/or semantics that you will be using in your code (Katahdin, lua). But I have not heard of a language that can just completely define how your code will look like. So isn't there some language which already exists that has such capabilities to override all syntax & define semantics ? Example of what I want to do is basically from the C# code below: foreach(Fruit fruit in Fruits) { if(fruit is Apple) { fruit.Price = fruit.Price/2; } } I want do be able to to write the above code in my perfect language like this: Check if any fruits are Macintosh apples and discount the price by 50%. The advantages that come to my mind looking from a coder's perspective in this "imaginary" language are: It's very clear what is going on (self descriptive) - it's plain English after all even kid would understand my program Hides all complexities which I have to write in C#. But why should I care to learn that if statements, arithmetic operators etc since there are already implemented The disadvantages that I see for a coder who will maintain this program are: Maybe you would express this program differently from me so you may not get all the information that I've expressed in my sentence Programs can be quite verbose and hard to debug but if possible to even proximate this type of syntax above maybe more people would start programming right? That would be amazing I think. I can go to work and just write an essay to draw a square on a winform like this: Create a form called MyGreetingForm. Draw a square with in the middle of MyGreetingFormwith a side of 100 points. In the middle of the square write "Hello! Click here to continue" in Arial font. In the above code the parser must basically guess that I want to use the unnamed square from the previous sentence, it'd be hard to write such a smart parser I guess, yet it's so simple what I want to do. If the user clicks on square in the middle of MyGreetingForm show MyMainForm. In the above code 'basically' the compiler must: 1)generate an event handler 2) check if there is any square in the middle of the form and if there is - 3) hide the form and show another form It looks very hard to do but it doesn't look impossible IMO to me at least approximate this (I can personally generate a parser to perform the 3 steps above np & it's basically the same that it has to do any way when you add even in c# a.MyEvent=+handler; so I don't see a problem here) so I'm thinking maybe somebody already did something like this ? Or is there some practical burden of complexity to create such a 'essay style' programming language which I can't see ? I mean what's the worse that can happen if the parser is not that good? - your program will crash so you have to re-word it:)

Read the article

User controls in masterpage and anonymous user

- by Senad Uka

I am developing a master page which includes the user control that generates a menu from the list with a specific logic. Before including the control into master page I successfully configured anonymous access to the site. After including the control and deploying - site prompts for user name and password. I allowed the anonymous access to the list. Oh yes ... It worked on SHarepoint 2010 beta, but the problem happens when deploying to the Sharepoint 2010 final release. Additional data: I am using Sharepoint Server 2010 with Standard features, standalone instalation on Windows Server 2008 R2 for deployment, and Visual Studio 2010 Ultimate for development of masterpage and user control.

Read the article

Understanding CGI and SQL security from the ground up

- by Steve

This question is for learning purposes. Suppose I am writing a simple SQL admin console using CGI and Python. At http://something.com/admin, this admin console should allow me to modify a SQL database (i.e., create and modify tables, and create and modify records) using an ordinary form. In the least secure case, anybody can access http://something.com/admin and modify the database. You can password protect http://something.com/admin. But once you start using the admin console, information is still transmitted in plain text. So then you use HTTPS to secure the transmitted data. Questions: To describe to a learner, how would you incrementally add security to the least secure environment in order to make it most secure? How would you modify/augment my three (possibly erroneous) steps above? What basic tools in Python make your steps possible? Optional: Now that I understand the process, how do sophisticated libraries and frameworks inherently achieve this level of security?

Read the article

Unrecognized authentication type when doing an Auth to Exchange from Rails

- by blakeage

I'm getting this error when trying to authenticate with Exchange Server from Ruby on Rails: 504 5.7.4 Unrecognized authentication type config.action_mailer.raise_delivery_errors = true config.action_mailer.perform_deliveries = true config.action_mailer.delivery_method = :smtp config.action_mailer.smtp_settings = { :address => "x.x.x.x", :port => 25, :user_name => "xxdomain\xxuser", :password => "xxxxxx", :authentication => :login, :enable_starttls_auto => true } I've tried all sorts of combinations of configuration settings, including changing the settings to use "plain" authentication, adding the domain, setting enable_starttls_auto to true, false, and removing it entirely, removing the port. Nothing has worked. Any ideas?

Read the article

[Seamless Handover of WiFi] Can we program to automatically join the WiFi with the most strongest si

- by Dobby

Hi all, I am making a iphone program, I wish that: it can sense and display the current signals of wifi, with strength, - as I checked, this cannot be done by official SDK, but there were some private library that can handle. 2. i wish it can always automatically join the best wifi with the most highest strength ( assume that all wifi APs have no password, and all are not remembered into the used-list inside iphone), which is something like "seamless handover"... I just guess that, there should be some APIs to let the system join one designated wifi signal from the list, and wish someone could help me. I would like to appreciate a lot : ) Thanks a lot!

Read the article

[PHP] md5(uniqid) makes sense for random unique tokens?

- by Exception e

I want to create a token generator that generates tokens that cannot be guessed by the user and that are still unique (to be used for password resets and confirmation codes). I often see this code; does it make sense? md5(uniqid(rand(), true)); According to a comment uniqid($prefix, $moreEntopy = true) yields first 8 hex chars = Unixtime, last 5 hex chars = microseconds. I don't know how the $prefix-parameter is handled.. So if you don't set the $moreEntopy flag to true, it gives a predictable outcome. QUESTION: But if we use uniqid with $moreEntopy, what does hashing it with md5 buy us? Is it better than: md5(mt_rand())

Read the article

PgJDBC: "no suitable driver found" when following tutorial, why?

- by Celeritas

I'm writing a Java program that queries a PostgreSQL database. I'm following this example and have trouble here: connection = DriverManager.getConnection( "jdbc:postgresql://127.0.0.1:5432/testdb", "mkyong", "123456"); According to the JavaDoc for DriverManager the first string is "a database url of the form jdbc:subprotocol:subname. When I connect to the server I type in psql -h dataserv.abc.company.com -d app -U emp24 and give the password qwe123 (for example sake). What should the first argument of getConnection be? I've tried connection = DriverManager.getConnection( "jdbc:postgresql://dataserv.abc.company.com", "emp24", "qwe123"); and get the run time error: no suitable driver found. I've download JDBC4 Postgresql Driver, Version 9.2-1000.

Read the article

HttpsURLConnection failing intermittently to the same URL

- by Arkaitz Jimenez

I think I'm experiencing the same as http://groups.google.com/group/android-developers/msg/9d37d64aad0ee357 This is Android 1.5 SDK. I happen to call several times below code(which is in a method) with the same url and it fails intermittently. When it fails, there is no exception, the stream is empty so the readConnection fails, and getResponseCode returns -1. Global caching is disabled, setDefaultUseCaches(false); I suppose there must be some kind of url connection object pool somewhere. Any idea on how can I workaround this? HttpURLConnection connection = null; try { URL url = new URL(this.url); connection = (HttpURLConnection) url.openConnection(); connection.setRequestProperty("Authorization", "basic " + Base64Coder.encodeString(user + ":" + password)); connection.setRequestProperty("User-Agent", userAgent); connection.connect(); readConnection(connection.getInputStream()); connection.disconnect(); } catch (IOException ex) { reportException(ex, connection.getResponseCode()) } catch (ParserException ex) { reportException(ex, connection.getResponseCode()) }

Read the article

Are SqlCipher open cursors a security concern?

- by user1178479

I'm using SqlCipher with content providers. Right now, when I want to lock the app I just clear out the cached password. However, the app can continue to work with any open cursors. This means that re-opening the app grants access to the sensitive data. I fix this issue on the surface by redirecting to a login screen if the app doesn't have passwords. However, I'm concerned if there are any security issues with these open cursors or if I should just continue to block UI access and not worry? SqlCipher's docs say that it reads/writes encrypted pages on the fly, as opposed to decrypting the entire DB, this makes me think that open cursors are still secure. The main concern here is that someone loses their phone and then a knowledgeable individual can use these open cursors to extract sensitive data.

Read the article

set a ftp repository with git

- by enboig

I want to change my repository from bazaar to git. I installed Git (winXP) and tortoise with no problem, I set path variables, etc... I have initialized my repository with: git init copied it using cd .. git clone --bare project.git uploaded it to FTP, and when trying to access: git clone *ftp_address* Initialized empty Git repository in D:/project/.git/ Password: error: Access denied: 530 while accessing *ftp_address*/info/refs fatal: HTTP request failed I checked and .../project.git/info/refs does not exists. What am I missing? thanks PD: *ftp_address* = 'ftp://user%[email protected]/git/project.git'

Read the article

I can't see a cropper in IE7/8. No problem in FF and the demo (with IE7/8).

- by user248959

Hi, i have this cropper in my app. login: fer password: m Note: after loginning you will be redirected to another page. Then click again the link i mention. I can see it working in FF, but not in IE7/8 (Windows XP SP2, just installed). It's supposed it works ok, because I don't have any problems to operate the demo in both browsers, and in IE 8 Developer Tools the all the .js's necessary appeared as loaded. I have contacted with the developer of the cropper but he didn't reply. Any idea? Javi

Read the article

having trouble with a mysql query

- by chuck akers

this keeps saying Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in directory here the error is near the login_query variable, can someone help me fix it. <?php if (isset($_POST['login_username'], $_POST['login_password'])) { $login_username = trim(mysql_real_escape_string(htmlentities($_POST['login_username']))); $login_password = md5(trim(mysql_real_escape_string(htmlentities($_POST['login_password'])))); if (!empty($login_username) && !empty($login_password)) { $login_query = mysql_query("SELECT user_id FROM username WHERE username='".$login_username."' AND password='".$login_password."'"); if (mysql_num_rows($login_query)==1) { $user_id = mysql_result($login_query, 0, 'user_id'); $_SESSION['user_id'] = $user_id; header('Location: index.php'); die(); } }} ?

Read the article

CakePHP: What to use for MySQL users & permissions?

- by Steve

I'm getting ready to deploy a CakePHP site for the first time. I'm using the site with a MySQL database, and I'm still a little unclear about the proper use of users & permissions for MySQL -- I'm talking about the "login" and "password" fields that appear in app/config/database.php. During development, I've been using 'root' and 'root' -- but I'm pretty sure that can't be a good idea. So my question is: what are the best practices for assigning a MySQL user to a CakePHP app, and what MySQL privileges should be assigned to it?

Read the article

Approaches for Content-based Item Recommendations

- by PartlyCloudy

Hello, I'm currently developing an application where I want to group similar items. Items (like videos) can be created by users and also their attributes can be altered or extended later (like new tags). Instead of relying on users' preferences as most collaborative filtering mechanisms do, I want to compare item similarity based on the items' attributes (like similar length, similar colors, similar set of tags, etc.). The computation is necessary for two main purposes: Suggesting x similar items for a given item and for clustering into groups of similar items. My application so far is follows an asynchronous design and I want to decouple this clustering component as far as possible. The creation of new items or the addition of new attributes for an existing item will be advertised by publishing events the component can then consume. Computations can be provided best-effort and "snapshotted", which means that I'm okay with the best result possible at a given point in time, although result quality will eventually increase. So I am now searching for appropriate algorithms to compute both similar items and clusters. At important constraint is scalability. Initially the application has to handle a few thousand items, but later million items might be possible as well. Of course, computations will then be executed on additional nodes, but the algorithm itself should scale. It would also be nice if the algorithm supports some kind of incremental mode on partial changes of the data. My initial thought of comparing each item with each other and storing the numerical similarity sounds a little bit crude. Also, it requires n*(n-1)/2 entries for storing all similarities and any change or new item will eventually cause n similarity computations. Thanks in advance! UPDATE tl;dr To clarify what I want, here is my targeted scenario: User generate entries (think of documents) User edit entry meta data (think of tags) And here is what my system should provide: List of similar entries to a given item as recommendation Clusters of similar entries Both calculations should be based on: The meta data/attributes of entries (i.e. usage of similar tags) Thus, the distance of two entries using appropriate metrics NOT based on user votings, preferences or actions (unlike collaborative filtering). Although users may create entries and change attributes, the computation should only take into account the items and their attributes, and not the users associated with (just like a system where only items and no users exist). Ideally, the algorithm should support: permanent changes of attributes of an entry incrementally compute similar entries/clusters on changes scale something better than a simple distance table, if possible (because of the O(n²) space complexity)

Read the article

get data from to tables !

- by mehdi

Read the article

How can I upload data using ftp, http, or a socket from a spreadsheet with VBA for Microsoft Office?

- by luiscolorado

I have an Excel spreadsheet, and I want to put a button on it, so users will be able to upload their data to an http/ftp server, or send the data to the server using a socket directly. I have noticed that some people creates an ftp script to do. First of all, I'm not sure that everybody has ftp on their Windows machine, and secondly, I would prefer to use a method that allows me to better monitor the progress of the upload. For example, I want to know if the user id/password failed, if the transmission completed successfully, of if there were any other kind of errors with the receiving server. Thank you.

Read the article

REST authentication S3 like hmac sha1 signature vs symetric data encryption.

- by coulix

Hello stackers, I was arguing about an S3 like aproach using authorization hash with a secret key as the seed and some data on the request as the message signed with hmac sha1 (Amazon S3 way) vs an other developer supporting symetric encryption of the data with a secret key known by the emiter and the server. What are the advantage of using signed data with hmac sha1 vs symetric key other than the fact that with the former, we do not need to encrypt the username or password. What would be the hardest to break ? symetric encryption or sha1 hashing at la S3 ? If all big players are using oauth and similar without symetric key it is sure that there are obvious advantages, what are those ?

Read the article

configure apache with sql

- by Chava

Hello, I am newly using Apache Tomcat6.0 I am unable to access sql database through my jsp and getting java.lang.ClassNotFoundException: com.microsoft.jdbc.sqlserver.SQLServerDriver Tried steps at http://tomcat.apache.org/tomcat-5.5-doc/jndi-datasource-examples-howto.html downloaded drivers mysql-connector-java-5.1.9 and mysql-5.0.85-win32 na dkept in tomcat\lib modified web.xml with context details but this didinot help me. Please suggest and provide steps if possible. JSP code Driver d = (Driver)Class.forName("com.microsoft.jdbc.sqlserver.SQLServerDriver").newInstance(); Class.forName("com.microsoft.jdbc.sqlserver.SQLServerDriver"); Connection con=DriverManager.getConnection("jdbc:microsoft:sqlserver://localhost:8080"); I am using sql server WampServer without a password and created databse and table successfully.

Search Results

Search found 12055 results on 483 pages for 'password complexity'.

Page 384/483 | < Previous Page | 380 381 382 383 384 385 386 387 388 389 390 391 | Next Page >

- by Ryon

- by Anthony D

- by azkotoki

- by Mike Silvis

- by Oxymoron

- by AeroDroid

- by sscirrus

- by ivo s

- by Senad Uka

- by Steve

- by blakeage

- by Dobby

- by Exception e

- by Celeritas

- by Arkaitz Jimenez

- by user1178479

- by enboig

- by user248959

- by chuck akers

- by Steve

- by PartlyCloudy

- by mehdi

- by luiscolorado

- by coulix

- by Chava

< Previous Page | 380 381 382 383 384 385 386 387 388 389 390 391 | Next Page >