Search Results

Search found 18808 results on 753 pages for 'security updates'.

Page 552/753 | < Previous Page | 548 549 550 551 552 553 554 555 556 557 558 559 | Next Page >

hash password in SQL Server (asp.net)

- by ile

Is this how hashed password stored in SQL Server should look like? This is function I use to hash password (I found it in some tutorial) public string EncryptPassword(string password) { //we use codepage 1252 because that is what sql server uses byte[] pwdBytes = Encoding.GetEncoding(1252).GetBytes(password); byte[] hashBytes = System.Security.Cryptography.MD5.Create().ComputeHash(pwdBytes); return Encoding.GetEncoding(1252).GetString(hashBytes); } EDIT I tried to use sha-1 and now strings seem to look like as they are suppose to: public string EncryptPassword(string password) { return FormsAuthentication.HashPasswordForStoringInConfigFile(password, "sha1"); } // example output: 39A43BDB7827112409EFED3473F804E9E01DB4A8 Result from the image above looks like broken string, but this sha-1 looks normal.... Will this be secure enough?

Read the article
File Encrypt/Decrypt under load?

- by chopps

I found an interesting article about encrypting and decrypting files but since it uses a file.dat to store the key this will run into problems when theres alot of users on the site dealing with alot of files. http://www.codeproject.com/KB/security/VernamEncryption.aspx?display=Print Should a new file be created every time a file needs decrypting or would there be a better way to do this? UPDATE: Here is what im using to avoid the locking problems. using (Mutex FileLock = new Mutex(true, System.Guid.NewGuid().ToString())) { try { FileLock.WaitOne(); using (FileStream fs = new FileStream(keyFile, FileMode.Open)) { keyBytes = new byte[fs.Length]; fs.Read(keyBytes, 0, keyBytes.Length); } } catch (Exception ex) { EventLog.LogEvent(ex); } finally { FileLock.ReleaseMutex(); } } I tested it on 1000 TIFFs doing both encryption and decryption without any errors.

Read the article
C# SQL Parameter Errors in Loops

- by jakesankey

Please help me out with this. I have this small application to load txt files into a sql db and it works fine with sqlite. When I ported to SQL I started getting 'parameter already declared' errors.. If anyone can help me reorganize this code, it would be great! I need to get the parameter definitions outside of the loops or something.. using System; using System.Data; using System.Data.SQLite; using System.IO; using System.Text.RegularExpressions; using System.Threading; using System.Collections.Generic; using System.Linq; using System.Data.SqlClient; namespace JohnDeereCMMDataParser { internal class Program { public static List<string> GetImportedFileList() { List<string> ImportedFiles = new List<string>(); using (SqlConnection connect = new SqlConnection(@"Server=FRXSQLDEV;Database=RX_CMMData;Integrated Security=YES")) { connect.Open(); using (SqlCommand fmd = connect.CreateCommand()) { fmd.CommandText = @"SELECT FileName FROM Import;"; fmd.CommandType = CommandType.Text; SqlDataReader r = fmd.ExecuteReader(); while (r.Read()) { ImportedFiles.Add(Convert.ToString(r["FileName"])); } } } return ImportedFiles; } private static void Main(string[] args) { using (SqlConnection con = new SqlConnection(@"Server=FRXSQLDEV;Database=RX_CMMData;Integrated Security=YES")) { con.Open(); using (SqlCommand insertCommand = con.CreateCommand()) { Console.WriteLine("Connecting to SQL server..."); SqlCommand cmdd = con.CreateCommand(); string[] files = Directory.GetFiles(@"C:\Documents and Settings\js91162\Desktop\", "R.txt*", SearchOption.AllDirectories); insertCommand.Parameters.Add(new SqlParameter("@FeatType", DbType.String)); insertCommand.Parameters.Add(new SqlParameter("@FeatName", DbType.String)); insertCommand.Parameters.Add(new SqlParameter("@Value", DbType.String)); insertCommand.Parameters.Add(new SqlParameter("@Actual", DbType.Decimal)); insertCommand.Parameters.Add(new SqlParameter("@Nominal", DbType.Decimal)); insertCommand.Parameters.Add(new SqlParameter("@Dev", DbType.Decimal)); insertCommand.Parameters.Add(new SqlParameter("@TolMin", DbType.Decimal)); insertCommand.Parameters.Add(new SqlParameter("@TolPlus", DbType.Decimal)); insertCommand.Parameters.Add(new SqlParameter("@OutOfTol", DbType.Decimal)); List<string> ImportedFiles = GetImportedFileList(); foreach (string file in files.Except(ImportedFiles)) { var FileNameExt1 = Path.GetFileName(file); cmdd.Parameters.Add(new SqlParameter("@FileExt", FileNameExt1)); cmdd.CommandText = @" IF (EXISTS (SELECT * FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA = 'RX_CMMData' AND TABLE_NAME = 'Import')) BEGIN SELECT COUNT(*) FROM Import WHERE FileName = @FileExt; END"; int count = Convert.ToInt32(cmdd.ExecuteScalar()); con.Close(); con.Open(); if (count == 0) { Console.WriteLine("Parsing CMM data for SQL database... Please wait."); insertCommand.CommandText = @" INSERT INTO Import (FeatType, FeatName, Value, Actual, Nominal, Dev, TolMin, TolPlus, OutOfTol, PartNumber, CMMNumber, Date, FileName) VALUES (@FeatType, @FeatName, @Value, @Actual, @Nominal, @Dev, @TolMin, @TolPlus, @OutOfTol, @PartNumber, @CMMNumber, @Date, @FileName);"; string FileNameExt = Path.GetFullPath(file); string RNumber = Path.GetFileNameWithoutExtension(file); string RNumberE = RNumber.Split('_')[0]; string RNumberD = RNumber.Split('_')[1]; string RNumberDate = RNumber.Split('_')[2]; DateTime dateTime = DateTime.ParseExact(RNumberDate, "yyyyMMdd", Thread.CurrentThread.CurrentCulture); string cmmDate = dateTime.ToString("dd-MMM-yyyy"); string[] lines = File.ReadAllLines(file); bool parse = false; foreach (string tmpLine in lines) { string line = tmpLine.Trim(); if (!parse && line.StartsWith("Feat. Type,")) { parse = true; continue; } if (!parse || string.IsNullOrEmpty(line)) { continue; } Console.WriteLine(tmpLine); foreach (SqlParameter parameter in insertCommand.Parameters) { parameter.Value = null; } string[] values = line.Split(new[] { ',' }); for (int i = 0; i < values.Length - 1; i++) { SqlParameter param = insertCommand.Parameters[i]; if (param.DbType == DbType.Decimal) { decimal value; param.Value = decimal.TryParse(values[i], out value) ? value : 0; } else { param.Value = values[i]; } } } insertCommand.Parameters.Add(new SqlParameter("@PartNumber", RNumberE)); insertCommand.Parameters.Add(new SqlParameter("@CMMNumber", RNumberD)); insertCommand.Parameters.Add(new SqlParameter("@Date", cmmDate)); insertCommand.Parameters.Add(new SqlParameter("@FileName", FileNameExt)); // insertCommand.ExecuteNonQuery(); } } Console.WriteLine("CMM data successfully imported to SQL database..."); } con.Close(); } } } } FYI - the PartNumber, CMMNumber, Date, etc at the bottom are pulled from the file name and I need it in the table next to each respective record.

Read the article
How to manage Libraries/jar files in eclipse?

- by pvsnp

I might be missing something but how do you manage Java projects in eclipse that need a lot of Jar files. I know maven manages libraries well if there are new updates but maybe I'm missing something, is there a way that eclipse can update new jar files (it would be especially useful for projects using apache-commons, say). I don't want to sound like asking for a feature request, but I'm looking at if there are ways to keep libraries jar files that a Java project uses to keep them updated automatically the way maven does. With more languages coming with this type of features, finding the right Jar files probably should be easier than this.

Read the article
Accessing Securised Web Service

- by Xstahef

Hi, I need to connect to a provider's web service with a Windows Form application. He gives me a certificate to access it but I have a security problem. I have done these following steps : Add certificate to personal store (on IE & Firefox) Generate a proxy with the remote wsdl (no problem) Use this code to call a method : `using (service1.MessagesService m = new service1.MessagesService()) { X509Certificate crt = new X509Certificate(@"C:\OpenSSL\bin\thecert.p12",string.Empty); m.ClientCertificates.Add(crt); var result = m.AuthoriseTransaction(aut); this.textBox1.AppendText(result.id.ToString()); }` I have the following error : The underlying connection was closed: Could not establish trust relationship for the channel SSL / TLS. Thanks for your help

Read the article
How do I set permissions on a Server 2003 folder

- by Richard210363

Hi There, In my part time position as entire IT department at my Office ( I'm a MCSD developer normally ) I have been asked to change a shared folder. Only I don't really understand all the Shared / Security options. I have a folder that must be accessed by 2 people in the company (and no one else). They both must have read/write/edit and change access. They must be able to read/write/edit each others files; existing or newly created. Should be easy but I'm a bit overwhelemd by all the choices. What should I set? Thanks for your help richard

Read the article
Trouble Avoiding Microsoft Outlook's Email Warning

- by talbright

I have a set of records in Microsoft Access that I am trying to send in an Email. The email feature works great. Except a warning message pops up every time a message is ready to send, and the user has to click "Allow" or "Deny" for every email sent. I looked up a workaround, and have been following the tutorial for it: http://www.everythingaccess.com/tutorials.asp?ID=Outlook-Send-E-mail-Without-Security-Warning. My problem is that when I put my message in the function it always returns false, and the message fails. Any help would be appreciated. Dim sendMail As Boolean Dim strMessage As String strMessage = Some Message sendMail = FnSafeSendEmail(![Email Id], "Subject", strMessage) The entire "FnSafeSendEmail" function can be found in the link provided. These are the parameters though. Public Function FnSendMailSafe(strTo As String, _ strCC As String, _ strBCC As String, _ strSubject As String, _ strMessageBody As String, _ Optional strAttachments As String) As Boolean The error is thrown on this line of the function. Dim blnSuccessful As Boolean blnSuccessful = objOutlook.FnSendMailSafe(strTo, strCC, strBCC, _ strSubject, strMessageBody, _ strAttachmentPaths)

Read the article
ASP.NET MVC How to call a secured page from a windows app?

- by Malcolm

Hi, I have a MVC app that has forms authentication enabled. The app allows printing of invoices. I have an external app that converts html to pdf. How can I call the secured page from this pdf converter app so that some security remains? The PDF converter app just requires a URL. One thought was to create a HttpHandler for an extenion of say .print and pass a public key in the URL qureystring that can be validated by the MVC app. Any ideas on this? Malcolm

Read the article
Are there any e-commerce websites that use NoSQL databases

- by Saif Bechan

I have read a lot lately about 'NoSQL' databases such as CouchDB, MongoDB etc. Most of the websites I have seen using this are mainly text based websites such as The New York Times and Source forge. I was wondering if you could apply this to websites where payment is a huge issue. I am thinking of the following issues: How well can you secure the data Do these system provide an easy backup/restore machanism How are transactions handled commit/rollback I have read the following articles that cover some aspects: Can I do transactions and locks in CouchDB? Pros/Cons of document based database vs relational database In these posts the aspect of transactions if covered. However the questions of security and backups is not covered. Can someone shed some light on this subject? And if possible, does anyone know of some e-commerce websites that have successfully implemented the document based database.

Read the article
getRequestProperty("Authorization") always returns null

- by Thilo

I am trying to read the authorization header for an HTTP request (because I need to add something to it), but I always get null for the header value. Other headers work fine. public void testAuth() throws MalformedURLException, IOException{ URLConnection request = new URL("http://google.com").openConnection(); request.setRequestProperty("Authorization", "MyHeader"); request.setRequestProperty("Stackoverflow", "anotherHeader"); // works fine assertEquals("anotherHeader", request.getRequestProperty("Stackoverflow")); // Auth header returns null assertEquals("MyHeader", request.getRequestProperty("Authorization")); } Am I doing something wrong? Is this a "security" feature? Is there a way to make this work with URLConnection, or do I need to use another HTTP client library?

Read the article
Rails plugin for generating dynamic / ajax crud interfaces compatible with Rails 3 beta?

- by mikehansen

Anyone know of some good gems or plugins to create dynamic / ajax crud interfaces for Rails 3 projects? I know active scaffold was popular before and it's been awhile since I have used it / any other gems similar to this (I usually just write it myself). I like the direction that the formtastic gem (http://github.com/justinfrench/formtastic) is headed and wonder what else people are combining with it. Also I like the generators approach that Ryan Bates uses and he appears to be making updates for Rails 3. Anything else I am missing here? (I am also open to gems not compatible with Rails 3 too I guess, I can always make a contribution and try to help them get to the next phase. ;)) PS - Really stackoverflow, only one hyperlink?? lame.

Read the article
My AES encryption/decryption functions don't work with random ivecs

- by Brendan Long

I was bored and wrote a wrapper around openSSL to do AES encryption with less work. If I do it like this: http://pastebin.com/V1eqz4jp (ivec = 0) Everything works fine, but the default ivec is all 0's, which has some security problems. Since I'm passing the data back as a string anyway, I figured, why not generate a random ivec and stick it to the front, the take it back off when I decrypt the string? For some reason it doesn't work though. With random ivec: http://pastebin.com/MkDBFcn6 Well actually, it almost works. It seems to decrypt the middle of the string, but not the beginning or end: String is: 0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF Encrypting.. ???l%%1u???B! ?????`pN)?????[l????{?Q???2?/?H??y"?=Z?Cu????l%%1u???B! Decrypting.. String is: ?%???G*?5J?0??0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF!-e????V?5 I honestly have no idea what's going wrong. Maybe some stupid mistake, or maybe I'm missing something about AES?

Read the article
Is it possible to use Integrated Windows Auth when Server isn't on the domain?

- by jskentzos

Our production web servers ARE NOT part of the domain, but we'd like people to be able to log in automatically since they are logged into the domain on their PC. Is there anyway to get the browser (IE7+) to send the appropriate information to the server (IIS6) so I can retrieve the ServerVariables["AUTH_USER"] or ServerVariables["LOGON_USER"]? I presume the answer is no since if I set the security for windows auth to "on" and anonymous access to "off", then the server wouldn't know what do do with any user information for a domain which it has no knowledge of. I just want to know for sure before I give the SSO team a "not possible" answer.

Read the article
How can I receive messages using C# over http without MSMQ

- by pduncan

I need a reliable messaging framework that runs over http/https (due to client security requirements) and that doesn't use MSMQ (because some clients will use Windows XP Home). The clients only need to be able to receive messages, not send them. We already have a message queue on the server for each user, and the receivers have been getting messages by connecting to an HttpHandler on the server and getting a Stream from WebResponse.GetResponseStream() We keep this stream open, and pull messages off of it using Stream.Read(). This MOSTLY works, but Stream.Read() is a blocking call, and we can't reliably interrupt it. We need to be able to stop and start the receiver without losing messages, but the old stream often hangs around, even after we call Thread.Abort on its thread. Any suggestions?

Read the article
postgreSQL - pg_class question

- by Sachin Chourasiya

PostgreSQL stores statistics about tables in the system table called pg_class. The query planner accesses this table for every query. These statistics may only be updated using the analyze command. If the analyze command is not run often, the statistics in this table may not be accurate and the query planner may make poor decisions which can degrade system performance. Another strategy is for the query planner to generate these statistics for each query (including selects, inserts, updates, and deletes). This approach would allow the query planner to have the most up-to-date statistics possible. Why postgres always rely on pg_class instead?

Read the article
Sanitize HTML before storing in the DB or before rendering? (AntiXSS library in ASP.NET)

- by user102533

I have an editor that lets users add HTML that is stored in the database and rendered on a web page. Since this is untrusted input, I plan to use Microsoft.Security.Application.AntiXsSS.GetSafeHtmlFragment to sanitize the HTML. Should I santiize before saving to the database or before rendering the untrusted input into the webpage? Is there an advantage in including the AntiXSS source code in my project instead of just the DLL? (Maybe I can customize the white list?) Which class file should I look in for actual implementation of the GetSafeHtmlFragment

Read the article
Can I embed video on external sites while still using tokens to protect the content?

- by JKS

On our own website, it's easy to protect against direct links to our video content by grabbing a token through AJAX and verifying the token through PHP before the file download is started. However I'm also researching how I could provide an embed feature, like YouTube or vimeo etc., without compromising this security feature. The problem is that the embed code I want to provide should look something like <object>...<embed>...</embed></object> -- but I don't know how to grab and append the token to the filename. I mean, I guess I could attach a script that did some gnarly JNOP business, but that's too dirty. I'm using JW Player for the actual video container. Huge thanks to anyone who can help...

Read the article
building a website

- by Ant

Not sure if this is the right place to post this, or if it should be under programmers.stackexchange... Anywho, a couple of my friends run a business and they asked me to build them a public website. It will only be used for information about the company with soe pictures. No transactions will be involved. Right now I work for a company where I build internal websites, and do alot of backend programming in C#. I understand html, css, jquery, etc. so I feel like I am completely capable of building a website for them. However, I do not know all the basic knowledge to building one. For example, where should we host the files, what type of security issues do I need to be aware of, what's the best software to use for developing websites (I use visual studio at work), where can I find some design techniques, etc. Any help is appreciated.

Read the article
Does Google provide any Android tutorials that teach how to implement a Service?

- by Bub

I apologize in advance for the "newbie" nature of this question. Here is my predicament: I'm brand new to android and developing in general. I'm using android's SDK with eclipse Galileo. I've followed several tutorials to create different layouts. I've even learned recently how to use radio buttons and verify which ones were selected. Now I need to create a service that downloads and updates an xml file within the application. I've tried to locate a simple tutorial for services on Google's developer site but so far, so bad. If they exist could somebody point me in the right direction? On the other hand, I've been told Google's tutorials are a little out dated. Is that true? If so, are there any other tutorials that would hand-hold (and possibly over-explain) how to use a service to a true newbie for free (like google)? Any suggestions would be appreciated.

Read the article
Can I using cross-site XmlHttpRequest in Itunes LP environment?

- by jameulrich

Itunes is based on Webkit platform and we can't use cross-site XmlHttpRequest in JavaScript because of security policy. But, as a exception, we can do that with a special header. Here is source code and I did it successfully in Safari: /////////////// var url = 'http://mysite.net/canvas.php'; var mybody = "Arun"; var http = new XMLHttpRequest(); http.open("POST", url, true); http.setRequestHeader("X-PINGOTHER", "pingpong"); http.setRequestHeader('Content-Type', 'application/xml'); http.setRequestHeader("Content-length", mybody.length); http.setRequestHeader("Connection", "close"); http.send(mybody); /////////////// I sent xml data to my server and get return response successfully in Safari browser but i can't do it in iTunes LP environment. So what is the problems?

Read the article
Display Computer Info on an ASP.NET Page

- by Gene

I want to build a page for end users to visit (in our MPLS Network) and it show the following information in regards to them: Computer Name OS Disk Space Memory IP Address Active Directory User Name Password Expiration Time (As defined by Global Policy) Maybe a few other things such as Trend Micro Office current version vs. their version, # of MS Updates needed (we utilize WSUS), and a few other things in the future. My question is how would I pull this information from the user when they visit the page? What is the proper function for this? Anyone have examples they wish to share for me to learn by if possible?

Read the article
How do you handle passwords or credentials for standalone applications?

- by Abel Morelos

Let's say that you have a standalone application (a Java application in my case) and that this application has a configuration file (a XML file in my case) where you store the credentials (user and password) for a bunch of databases you need to connect. Everything works great, but now you discover (or your are given a new requirement like me) that you have to put this application in a different server and that you can't have these credentials in the configuration files because of security and/or compliance considerations. I'm considering to use data sources hosted in the application server (a WAS server), but I think this could have poor performance and maybe it's not the best approach since I'm connecting from a standalone application. I was also considering to use some sort of encryption, but I would like to keep things as simple as possible. How would you handle this case? Where would you put these credentials or protect them from being compromised? Or how would you connect to your databases in this scenario?

Read the article
Does CAS Support Application Level Impersonation?

- by Rob Wilkerson

I have a PHP application that is successfully authenticating against a CAS server. One of the features supported by the application is impersonation; a user with the appropriate privileges can impersonate another of the application. Generally, this isn't a problem because the app itself can keep track of who the user is impersonating and manage privileges (which are based on username). A new requirement has come up, though, that requires the original app to include, via an iframe, content from a second PHP app that is also CAS-enabled. Somehow, I need for the second app to know whether impersonation is happening in the first. I don't want to pass usernames around for security reasons, so I'm wondering whether I can offload the responsibility for handling impersonation to the CAS server which is shared by both apps. Thanks.

Read the article
Non-string role names in ASP.NET MVC?

- by MikeWyatt

ASP.NET MVC has good support for role-based security, but the usage of strings as role names is maddening, simply because they cannot be strongly-typed as enumerations. For example, I have an "Admin" role in my app. The "Admin" string will now exist in the Authorize attribute of my action, in my master page (for hiding a tab), in my database (for defining the roles available to each user), and any other place in my code or view files where I need to perform special logic for admin or non-admin users. Is there a better solution, short of writing my own authorization attribute and filter, that would perhaps deal with a collection of enumeration values?

Read the article
Are there built-in issue tracking and task management in IDEs that integrate into SourceForge, Googl

- by Kai Sellgren

Hi, This question may not be exactly programming related, but this is about development. I have been trying to find IDEs that support JIRA/Bugzilla so that I could simply integrate the IDE with SourceForge. I do not like to refresh my browser to see issues, bug reports, security problems, etc. I would like to send issues, resolve issues, right from the IDE. I am currently developing with NetBeans, but I see no ways of integrating into any of the services provided by SourceForge. Am I missing something?

Read the article

< Previous Page | 548 549 550 551 552 553 554 555 556 557 558 559 | Next Page >