Search Results

Search found 15914 results on 637 pages for 'physical security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 185/637 | < Previous Page | 181 182 183 184 185 186 187 188 189 190 191 192  | Next Page >

  • Password verification; Is this way of doing it safe?

    - by Camran
    I have a classifieds website, where everybody may put ads of their products. For each classified, the user has to enter a password (so that they can delete the classified whenever they wish). So basically, when somebody wants to delete a classified, they click on the classified, click on the delete button, and enter the pass. I use MySql as a database. I use this code basically: if ($pass==$row['poster_password']) where row[poster_password] is fetched from MySql... What do you think? Thanks

    Read the article

  • Is it possible to get RSA private key knowing public key and set of "original data=>encrypted data"

    - by Riz
    Hi, I work on apllication which allows plugins to access different set of functionality, every plugin provides "initialization string" which sets level of access to different features. Developers send me this strings, and I encrypt them using my 1024 bit RSA private key and send encoded data back. When started, my application decodes encoded data(encoded initialisation string) using built-in public key and if "decoded data != initialization string" it fails to start. So, is it possible to use a database of "initialization string" = "encoded initialization string"(extracted from other plugins) to crack my private key, or make it possible to bruteforce it in reasonable time?

    Read the article

  • How to play music on site preventing easy direct file download

    - by Hugo Palma
    I'm starting a blog with a hosted wordpress instance and i would like to be able to stream music using a flash player on some posts. The problem is that every player i find uses a simple param to get the file url which makes it very easy for someone to find that url and just download the file. I know that it's probably impossible to prevent this all together, but i at least don't want it to be obvious. A server side solution can be implemented as i have full access to the server.

    Read the article

  • Access denied for user 'root@localhost' (using password:NO)

    - by Nasser Hajloo
    I'm new to mysql, I'm trying to run Wordpress inmy windows desktop and it need Mysql. I install everything with Web Platform Installer which provided by microsoft. I never seta root password for mysql and in final step of installing wordpressit askfor root password of mysql. What is the default password for root (if there is one) and how to change it? I try mysql -u root password '123' but it show me Access denied for user 'root@localhost' (using password:NO) after this I try mysql -u root -p but it ask for a password which I don't have Thank you in advance

    Read the article

  • Customer provider Password Reset client.

    - by ProfK
    I'm looking for guidence on writing a custom password reset UI, but it must fit the Provider 'Pattern', or degrade silently to built-in defaults. E.g. my Reset Control must collect extra information, and perform differently to the standard Password Recovery Control. It must close as possible use the standard MembershipProvider interface for standard functions, and only use an extended interface for the non-standard stuff. I'd like some reading on issues such as, what must I ask the Membership Provider for, and what must I do myself. What must I tell the provider (service?) about what I do? Etc.

    Read the article

  • How to Check Authenticity of an AJAX Request

    - by Alex Reisner
    I am designing a web site in which users solve puzzles as quickly as they can. JavaScript is used to time each puzzle, and the number of milliseconds is sent to the server via AJAX when the puzzle is completed. How can I ensure that the time received by the server was not forged by the user? I don't think a session-based authenticity token (the kind used for forms in Rails) is sufficient because I need to authenticate the source of a value, not just the legitimacy of the request. Is there a way to cryptographically sign the request? I can't think of anything that couldn't be duplicated by a hacker. Is any JavaScript, by its exposed, client-side nature, subject to tampering? Am I going to have to use something that gets compiled, like Flash? (Yikes.) Or is there some way to hide a secret key? Or something else I haven't thought of? Update: To clarify, I don't want to penalize people with slow network connections (and network speed should be considered inconsistent), so the timing needs to be 100% client-side (the timer starts only when we know the user can see the puzzle). Also, there is money involved so no amount of "trusting the user" is acceptable.

    Read the article

  • password/login system in php

    - by Jonathan
    For a login system in php would this be a suitable outline of how it would work: users types in username and password, clicks login button. Checks if user exists in database, if it does, then retrieve the salt for that user hash the password and salt (would this be done on the client or server side? I think client side would be better, but php is server side so how would you do this?) check value against value in database, if the values match then user has typed in correct password and they are logged in.

    Read the article

  • How do I password protect IIS in a method analogous to Apache's AuthType / AuthUserFile mechanism?

    - by Matt
    I'm used to doing basic password protection for Apache w/ the following method in Apache config files: AuthType Basic AuthName "By Invitation Only" AuthUserFile /path/to/.htpasswd Require valid-user However, I've been asked to put some protection on a subdirectory of a site running ColdFusion on top of IIS6, and I'm unfamiliar with how to do this. How is this done? What should I look out for? I just need to password protect an administrative subdirectory, so I don't need a full user login system - just something that limits who can access the section of the site.

    Read the article

  • External user domain in grails

    - by archer
    We're currently using Acegi 0.5.2 plugin for Grails 1.2.1. However, we're going to move our user management to external CRM. What would be the best way to link existing Person domain with external CRM entity?

    Read the article

  • Exists a replacement for the command-line-tool CASPOL.exe?

    - by tantran
    When trying to execute a .NET-App, it throws a "PolicyException", because "only one group is allowed". The tool should list existing settings, and allow to delete selected settings. Using caspol to list is not helpful, it is cruel. I've seen there is a simple gui-frontend, which allows to define NEW settings, but it does not allow to list or delete existing settings. Caspol is a nightmare, no wonder anyone uses it by choice. With .NET 1.1 Microsoft delivered a configuration-utility, but for .NET 2.0 i've found nothing.

    Read the article

  • j_security_check to SSO in different module under Oracle App Server?

    - by thebearinboulder
    I have an existing j2ee application running on Oracle App Server. It is targeted towards paying customers so the content is secured and a SSO module properly intercepts all requests for secured content. Now the company is adding a unbranded public-facing module with a number of unsecured pages. At one point the user is expected to register for a free account and log in to proceed further. Think doctors adding a public-facing site with information for potential patients, or lawyers adding a public-facing site with information for potential clients. There's some information on the session and the usual approach would be to authenticate the user, persist the session information using the now-known user id, invalidate the existing session (to prevent certain types of attacks), the reload the session information before returning to the user. I can't just persist it under the session id since that's about to change. The glitch is that the existing application already has an SSO module and I get a 404 error every time I try to direct to j_security_check. I've tried that, /sso/j_security_check, even http://localhost/sso/j_security_check, all without success. I noticed that an earlier question said that tomcat requires access to a secured page before j_security_check is even visible. I don't know if that's the case with Oracle AS. Ideas? Or is the best approach to continue arguing that we have a different user base so it would be better to handle authentication in our own module anyway?

    Read the article

  • include() Why should I not use it?

    - by aliov
    I am working through an older php mysql book written in 2003. The author uses the include() function to construct html pages by including header.inc, footer.inc, main.inc files, etc. Now I find out that this is not allowed in the default ini settings, (allow_url_include is set to Off) after I got many warnings from the server. I noticed also that you can use include without the parenthesis. I tried this and it works and I get no error messages or warnings. Are the two different? That is, is include() different from include ?

    Read the article

  • Using Forms authentication with remote auth system?

    - by chobo
    I am working on a website that uses a remote websites database to check for authentication (they are both share some database tables, but are separate website...) Right now I check the username and password against the remote websites account / member table, if there is a match I create a session. Questions: Is this secure? On authenticated pages I just check if a session of a specific type exists.Is it possible for someone to create an empty session or something that could bypass this? Is it possible to use Forms authentication with this setup? Right now if a user is authenticated I just get an object back with the username, email and id.

    Read the article

  • Why can't we just use a hash of passphrase as the encryption key (and IV) with symmetric encryption algorithms?

    - by TX_
    Inspired by my previous question, now I have a very interesting idea: Do you really ever need to use Rfc2898DeriveBytes or similar classes to "securely derive" the encryption key and initialization vector from the passphrase string, or will just a simple hash of that string work equally well as a key/IV, when encrypting the data with symmetric algorithm (e.g. AES, DES, etc.)? I see tons of AES encryption code snippets, where Rfc2898DeriveBytes class is used to derive the encryption key and initialization vector (IV) from the password string. It is assumed that one should use a random salt and a shitload of iterations to derive secure enough key/IV for the encryption. While deriving bytes from password string using this method is quite useful in some scenarios, I think that's not applicable when encrypting data with symmetric algorithms! Here is why: using salt makes sense when there is a possibility to build precalculated rainbow tables, and when attacker gets his hands on hash he looks up the original password as a result. But... with symmetric data encryption, I think this is not required, as the hash of password string, or the encryption key, is never stored anywhere. So, if we just get the SHA1 hash of password, and use it as the encryption key/IV, isn't that going to be equally secure? What is the purpose of using Rfc2898DeriveBytes class to generate key/IV from password string (which is a very very performance-intensive operation), when we could just use a SHA1 (or any other) hash of that password? Hash would result in random bit distribution in a key (as opposed to using string bytes directly). And attacker would have to brute-force the whole range of key (e.g. if key length is 256bit he would have to try 2^256 combinations) anyway. So either I'm wrong in a dangerous way, or all those samples of AES encryption (including many upvoted answers here at SO), etc. that use Rfc2898DeriveBytes method to generate encryption key and IV are just wrong.

    Read the article

  • Can the user take the resource from the iPhone Apps?

    - by Tattat
    I know that the Apple Mac OS .app file is a collection of programs and data. I guest the iPhone is similar in this way. I can unzip a Mac OS .app to find the resource , images using this way. Can the iPhone App do the similar thing? I mean, can the user unzip the iPhone .app to get the resource/ img from that? thz.

    Read the article

  • How secure is .htaccess protected pages

    - by Steven smethurst
    Are there any known flaws with htaccess protected pages? I know they are acceptable to brute force attacks as there is no limit to the amount of times someone can attempt to login. And a user can uploaded and execute a file on the server all bets are off... Anything other .htaccess flaws?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 181 182 183 184 185 186 187 188 189 190 191 192  | Next Page >