Search Results

Search found 12917 results on 517 pages for 'secure login'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 31/517 | < Previous Page | 27 28 29 30 31 32 33 34 35 36 37 38  | Next Page >

  • How safe is JSONP implementation for login functionality

    - by MKS
    Hi Guys, I am using JSONP for login authentication, below is sample JQuery Code: $.ajax({ type:"GET", url: "https://staging/login/Login.aspx", // Send the login info to this page data: str, dataType: "jsonp", timeout: 200000, jsonp:"skywardDetails", success: function(result) { //Do something after the success } }); In above code, I am having HTTPS page for authentication, from my login dailog box, I am sending username and password to my login.aspx page, which calls "WEB SERVICE" taking input send by the login dialog page and return the users details as JSONP object. My question is that, how safe is above implementation and do also suggest how can I improve my security implementation. Thanks!

    Read the article

  • Login code sample which has been hacked via SQL Injection, although mysql_real_escape_string...

    - by artmania
    Hi friends, I use CodeIgniter, and having trouble with hacking :( is it possible to make SQL Injection to the login code below: function process_login() { $username = mysql_real_escape_string($this->input->post('username')); $password = mysql_real_escape_string(MD5($this->input->post('password'))); //Check user table $query = $this->db->getwhere('users', array('username'=>$username, 'password'=>$password)); if ($query->num_rows() > 0) { // success login data Am I using the mysql_real_escape_string wrong? or what? Appreciate helps!

    Read the article

  • How and when to log account access login with PHP?

    - by Nazgulled
    I want to implement a basic login system in some PHP app where no cookies will be involved. I mean, the user closes the browser and the login expires, it will remain active during the browser session (or if the user explicitly logs out) otherwise. I want to log all this activity and I'm thinking that every time the user refreshes the page, opens a different link or logs out, I record that time as the last access made by that user, overwriting the previous access log. But my problem is when and how should I insert another record into the database instead of overwriting the last one? Should I just define a timeout and if the last access was made above that timeout, another log should be inserted into the database? Should the session expire too after that timeout? Or is there a better way? Ideally, I would like to log the "log out action" when the browser was closed, but I don't think there's a way to detect that is there? Suggestions?

    Read the article

  • How can i use .net webservice to make login app in android phone app?

    - by Srikanth Naidu
    How can i use .net webservice to make login app in android phone app? i have the Main.xml in layout like this i have a dologin.java package ads.login; import android.app.Activity; import android.os.Bundle; import android.view.View.OnClickListener; import android.view.View; import android.widget.Button; import android.widget.Toast; import android.app.AlertDialog; import android.content.DialogInterface; import android.app.ProgressDialog; public class DoLogin extends Activity { /** Called when the activity is first created. */ @Override public void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); setContentView(R.layout.main); } }

    Read the article

  • why nginx rewrite post request from /login to //login?

    - by jiangchengwu
    There is a if statement, which will rewrite url when the client is Android. Everything ok. But, something got strange. Nginx will write post request /login to //login, even if the block of if statement is bank. So I got a 404 page. As the jetty server only accept /login request. Server conf: location / { proxy_pass http://localhost:8785/; proxy_set_header Host $http_host; proxy_set_header Remote-Addr $http_remote_addr; proxy_set_header X-Real-IP $remote_addr; if ( $http_user_agent ~ Android ){ # rewrite something, been commented } } Debug info, origin log https://gist.github.com/3799021 ... 2012/09/28 16:29:49 [debug] 26416#0: *1 http script regex: "Android" 2012/09/28 16:29:49 [notice] 26416#0: *1 "Android" matches "Android/1.0", client: 106.187.97.22, server: ireedr.com, request: "POST /login HTTP/1.1", host: "ireedr.com" ... 2012/09/28 16:29:49 [debug] 26416#0: *1 http proxy header: "POST //login HTTP/1.0 Host: ireedr.com X-Real-IP: 106.187.97.22 Connection: close Accept-Encoding: identity, deflate, compress, gzip Accept: */* User-Agent: Android/1.0 " ... 2012/09/28 16:29:49 [debug] 26416#0: *1 HTTP/1.1 404 Not Found Server: nginx/1.2.1 Date: Fri, 28 Sep 2012 08:29:49 GMT Content-Type: text/html;charset=ISO-8859-1 Transfer-Encoding: chunked Connection: keep-alive Cache-Control: must-revalidate,no-cache,no-store Content-Encoding: gzip ... Only when I commented the block in the configration file: location / { proxy_pass http://localhost:8785/; proxy_set_header Host $http_host; proxy_set_header Remote-Addr $http_remote_addr; proxy_set_header X-Real-IP $remote_addr; #if ( $http_user_agent ~ Android ){ # #} } The client can get an 200 response. Debug info, origin log https://gist.github.com/3799023 ... "POST /login HTTP/1.0 Host: ireedr.com X-Real-IP: 106.187.97.22 Connection: close Accept-Encoding: identity, deflate, compress, gzip Accept: */* User-Agent: Android/1.0 " ... 2012/09/28 16:27:19 [debug] 26319#0: *1 HTTP/1.1 200 OK Server: nginx/1.2.1 Date: Fri, 28 Sep 2012 08:27:19 GMT Content-Type: application/json;charset=UTF-8 Content-Length: 17 Connection: keep-alive ... As the log: 2012/09/28 16:29:49 [notice] 26416#0: *1 "Android" matches "Android/1.0", client: 106.187.97.22, server: ireedr.com, request: "POST /login HTTP/1.1", host: "ireedr.com" 2012/09/28 16:29:49 [debug] 26416#0: *1 http script if 2012/09/28 16:29:49 [debug] 26416#0: *1 post rewrite phase: 4 2012/09/28 16:29:49 [debug] 26416#0: *1 generic phase: 5 2012/09/28 16:29:49 [debug] 26416#0: *1 generic phase: 6 2012/09/28 16:29:49 [debug] 26416#0: *1 generic phase: 7 2012/09/28 16:29:49 [debug] 26416#0: *1 access phase: 8 2012/09/28 16:29:49 [debug] 26416#0: *1 access phase: 9 2012/09/28 16:29:49 [debug] 26416#0: *1 access phase: 10 2012/09/28 16:29:49 [debug] 26416#0: *1 post access phase: 11 2012/09/28 16:29:49 [debug] 26416#0: *1 try files phase: 12 2012/09/28 16:29:49 [debug] 26416#0: *1 posix_memalign: 0000000001E798F0:4096 @16 2012/09/28 16:29:49 [debug] 26416#0: *1 http init upstream, client timer: 0 2012/09/28 16:29:49 [debug] 26416#0: *1 epoll add event: fd:13 op:3 ev:80000005 2012/09/28 16:29:49 [debug] 26416#0: *1 http script copy: "Host: " 2012/09/28 16:29:49 [debug] 26416#0: *1 http script var: "ireedr.com" 2012/09/28 16:29:49 [debug] 26416#0: *1 http script copy: " " 2012/09/28 16:29:49 [debug] 26416#0: *1 http script copy: "" 2012/09/28 16:29:49 [debug] 26416#0: *1 http script copy: "" 2012/09/28 16:29:49 [debug] 26416#0: *1 http script copy: "X-Real-IP: " 2012/09/28 16:29:49 [debug] 26416#0: *1 http script var: "106.187.97.22" 2012/09/28 16:29:49 [debug] 26416#0: *1 http script copy: " " 2012/09/28 16:29:49 [debug] 26416#0: *1 http script copy: "Connection: close " 2012/09/28 16:29:49 [debug] 26416#0: *1 http proxy header: "Accept-Encoding: identity, deflate, compress, gzip" 2012/09/28 16:29:49 [debug] 26416#0: *1 http proxy header: "Accept: */*" 2012/09/28 16:29:49 [debug] 26416#0: *1 http proxy header: "User-Agent: Android/1.0" 2012/09/28 16:29:49 [debug] 26416#0: *1 http proxy header: "POST //login HTTP/1.0 Host: ireedr.com X-Real-IP: 106.187.97.22 Connection: close Accept-Encoding: identity, deflate, compress, gzip Accept: */* User-Agent: Android/1.0 " ... Maybe post rewrite phase had rewrite the request. Anybody can help me to solve this problem or know why nginx do that ? Much appreciated.

    Read the article

  • Add Secure notes to Keychain via Applescript

    - by TomA
    I have switched from Windows to Mac and one of the things I need to set up properly is password management. Previously on Windows I was using a small TrueCrypt file containing text files with usernames and passwords. I need to write an Applescript that takes those text files and imports them as Secure notes into Mac's Keychain Access app. I know that there are some Applescript commands related to Keychain, but I haven't found a way to add Secure notes.

    Read the article

  • Best Secure Encryption for Zip Files via Linux

    - by Daniel
    I want to use highly secure encryption for zipped files via Linux/Ubuntu using a command line terminal, what is the best command line tool to get this job done? zip -e -P PASSWORD file1 file2 file3 file4 Or 7za a file.7z *.txt -pSECRET What encryption is used and how secure is it?

    Read the article

  • How to secure adhoc networks

    - by moshroum1
    What is the right way to secure adhoc networks? WPA_NONE is a cruel hack (doesn’t work most of the time, discards important packets, ..), WEP is not secure and Open… open is open. IPSec is a level to high. Does there exists something which works under linux and wifi?

    Read the article

  • Setting the secure flag on cookies from Outlook Web Access

    - by Cheekysoft
    I'm running Exchange 2007 SP3 which is exposing outlook web access over only HTTPS. However the server delivers the sessionid cookie without the secure flag set. Even though I don't have port 80 open, this cookie is still vulnerable to being stolen over port 80 in the event of a man-in-the-middle attack. It also contributes to a PCI-DSS failure Does anyone know if I can persuade the web server/application to set the secure flag?

    Read the article

  • Trying to link http://www.example.com to my shopping cart on https://secure.example.com

    - by Pickledegg
    Heres my saga - I'm trying to link http://www.example.com to my shopping cart on https://secure.example.com, but it doesnt seem to be linking correctly. Heres my code: <!--Google Analytics --> <script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); </script> <script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-125xxxxx-1"); //start cart link pageTracker._setDomainName(".example.com"); pageTracker._setAllowHash(false); //end cart link pageTracker._trackPageview(); } catch(err) {}</script> <!--Google Analytics --> Notice the two lines: pageTracker._setDomainName(".example.com"); pageTracker._setAllowHash(false); I added the first line so I could share the cookies between site and cart, and added the setAllowHash to make sure it used the utm values from the cookie, and didnt 'recreate' them when I entered https://secure.example.com. Using firecookie, it does indeed share the same cookie between site and cart, and the cookies domain is 'example.com'. I'm pretty sure though that if it was working right, all my utmz, utma values etc should be copied over and remain the same, but they're changing. I've copied all the params that are being sent to google analytics and pasted then below. It shows what is happening from my homepage, to my product page, then into my cart all the way to the page before ordering. ( I can't practically test the final page myself without buying something, so I'll post the code from our confirmation page later if needed.) Here goes: =============================================================== HOMEPAGE - http://www.example.com ---------------------------------------------------------------------------------------- utmac UA-125xxxxx-1 utmcc __utma=1.1920057171.1269446996.1269446996.1269446996.1;+__utmz=1.1269446996.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); utmcs UTF-8 utmdt GSM Cell Phone Rental from example utmfl 10.0 r45 utmhid 69978133 utmhn www.example.com utmje 1 utmn 1806413990 utmp / utmr - utmsc 24-bit utmsr 1280x800 utmul en-gb utmwv 4.6.5 PRODUCT PAGE - http://www.example.com/products/international-cell-phone-purchase/ ---------------------------------------------------------------- utmac UA-125xxxxx-1 utmcc __utma=1.1920057171.1269446996.1269446996.1269446996.1;+__utmz=1.1269446996.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); utmcs UTF-8 utmdt example | International Cell Phones utmfl 10.0 r45 utmhid 276151647 utmhn www.example.com utmje 1 utmn 155808433 utmp /products/international-cell-phone-purchase/ utmr 0 utmsc 24-bit utmsr 1280x800 utmul en-gb utmwv 4.6.5 CART STAGE 1 - https://secure.example.com/checkout/viewbasket.php ------------------------------------------------ utmac UA-125xxxxx-1 utmcc __utma=60286578.994269564.1269447144.1269447144.1269447144.1;+__utmz=60286578.1269447144.1.1.utmcsr=example.com|utmccn=(referral)|utmcmd=referral|utmcct=/products/international-cell-phone-purchase/; utmcn 1 utmcs UTF-8 utmdt Your Cart utmfl 10.0 r45 utmhid 1802074903 utmhn secure.example.com utmje 1 utmn 1621444199 utmp 1-reviewcart utmr http://www.example.com/products/international-cell-phone-purchase/ utmsc 24-bit utmsr 1280x800 utmul en-gb utmwv 4.6.5 CART STAGE 2 - https://secure.example.com/checkout/docheckout.php ------------------------------------------------ utmac UA-125xxxxx-1 utmcc __utma=60286578.994269564.1269447144.1269447144.1269447144.1;+__utmz=60286578.1269447144.1.1.utmcsr=example.com|utmccn=(referral)|utmcmd=referral|utmcct=/products/international-cell-phone-purchase/; utmcs UTF-8 utmdt Checkout utmfl 10.0 r45 utmhid 871670520 utmhn secure.example.com utmje 1 utmn 1153927228 utmp 2-checkout utmr 0 utmsc 24-bit utmsr 1280x800 utmul en-gb utmwv 4.6.5 CART STAGE 3 - https://secure.example.com/checkout/doreview.php ---------------------------------------------- utmac UA-125xxxxx-1 utmcc __utma=60286578.994269564.1269447144.1269447144.1269447144.1;+__utmz=60286578.1269447144.1.1.utmcsr=example.com|utmccn=(referral)|utmcmd=referral|utmcct=/products/international-cell-phone-purchase/; utmcs UTF-8 utmdt Checkout utmfl 10.0 r45 utmhid 1731598159 utmhn secure.example.com utmje 1 utmn 1442257710 utmp 3-checkoutreview utmr 0 utmsc 24-bit utmsr 1280x800 utmul en-gb utmwv 4.6.5 =============================================================== As you can see, the utma values are not being preserved, so it looks like a config issue. I've studied the help does but none of the cases seem to fit mine. I hope someone can offer help on this, its been an ongoing problem of mine for a while, and would be good to finally get rock-solid reliable analytics set up.

    Read the article

  • PHP secure logon script - md5 hash is not matching the hash i wrote to the database in a previous sc

    - by Chris Sobolewski
    I am trying to cobble together a login script in PHP as a learning project. This is the code for my database write when the user registers. Both of these values are written to the database. $this->salt = md5(uniqid()); $this->password = md5($password.$salt); Upon logging in, the following function is fired. For some function challengeLogin($submittedPassword, $publicSalt, $storedPassword){ if(md5($submittedPassword.$publicSalt) == $actualPassword){ return 0; }else{ return 1; }; } Unfortunately, on stepping through my code, the two values have never equaled. Can someone help me understand why?

    Read the article

  • Where the heck is mod_login? (Joomla)

    - by Joey Adams
    I'm a Joomla newbie, and I'm trying to set up a site to require login access to certain articles. Simply setting the article's Access Level to Restricted makes it disappear rather than prompting for a login. I can't figure out how to make a login page because I can't find any menu items or documentation pertaining to mod_login. I want to set at least one page to require login access. Where do I start?

    Read the article

  • Cross domain login - what to store in the database?

    - by Jenkz
    I'm working on a system which will allow me to login to the same system via various domains. (www.example.com, www.mydomain.com, sub.domain.com etc) The following threads form the basis of my research so far: Single Sign On across multiple domains Cross web domain login with .net membership What I want to happen is that If I am logged in on the master domain and I visit a page on a client domain to be automatically logged in on the client. Obviously If I am not logged in on the master, I will need to enter my username and password. Walkthrough: 1. User logs in on master site 2. User navigates to client site 3. Client site re-directs to master site to see if User is logged in. 4. If User is logged in on master, record a RFC 4122 token ID and send this back to the client site. 5. Client site then looks up the token ID in the central database and logs this user in. This might eventually end up running on more than once instance of PHP and Apache, so I can't just store: token_id, php_session_id, created Is there any problem with me storing and using this: token_id, username, hashed_password, created Which is deleted on use, or automatically after x seconds.

    Read the article

  • Unity 3D won't load - Choosing "Ubuntu" during login still loads Unity 2D

    - by Shasteriskt
    I just installed Ubuntu 11.10 on my ASUS N43SL laptop and Unity 3D loaded right after installation. But upon reboot, I noticed that Ubuntu loaded Unity 2D instead of Unity 3D. I logged-off and made sure I had "Ubuntu" selected during login, but after many attempts Unity 3D just won't load. Just to make it definite, I did echo $DESKTOP_SESSION on the terminal and it says ubuntu-2d, which is not expected. My laptop runs on i5 with 1Gb NVIDIA GT540M so I don't think its a case of lacking graphics capability. And yes, I have installed the proprietary driver using "Additional Drivers" in "System Settings". What can be the cause of this problem? How can it be fixed?

    Read the article

  • Can't Log in to Lubuntu 12.04 X Server

    - by isomorphismes
    As of rebooting yesterday I can't login as myself to the X server part of 64-bit Lubuntu 12.04. Same problem as Can not get passed the login screen but that solution didn't work for me. Troubleshooting steps I already took: I can log in as guest (with whatever window manager) to the graphic (X) view of Lubuntu. log in as myself into a virtual terminal. (In fact I'm writing this from w3m for that reason.) So I know my password is correct and that most aspects of the system are working. One of the top google results for "can't log into lubuntu" mentioned a disk-full problem on netbooks; I don't have that problem. Let me know if I need to paste any messages or config files to make this question clearer and I'll do so. $ ls -l /home total 12 drwxr-xr-x 99 me me 12288 May 26 14:16 me $ ls -ld /tmp drwxrwxrwt 16 root root 4096 May 26 15:46 /tmp

    Read the article

  • Starting a guest session from the login screen

    - by Odd-rationale
    I was wondering what is the best way to start the guest session from the login screen (GDM). Currently, I created a new user called 'ubuntu-guest' (has to be something other than 'guest'). Then added the following script to the Startup Applications. #!/bin/bash /usr/share/gdm/guest-session/guest-session-launch & /usr/bin/gnome-session-save --logout The problem with this method, is that when you log in as 'ubuntu-guest', you have to start up two gnome sessions: one for 'ubuntu-guest' and one for the actual guest account. Please let me know if you have any other better ideas. Thanks!

    Read the article

  • Keyring Password, Unity in 11.10

    - by Collin Owens
    Login to 11.10 I input my password and shortly afterward I am asked for a keyring password. I realize that I was asked for this during installation (second time lucky!) and I did enter a password (what a mistaka to maka). This now entails my having to input the keyring password on every boot up! Looking at previous answers it would seem that the applications - accesories - password and encryption keys - was the suggested route. However I assume that was in Gnome (At this stage I look back in fondness!!!) Certainly, I don't get the same route in Unity! I saw a reference to seahorse in a terminal - but this results in several error reports and a sub windows which does not seem to open. The objective in this exercise is to log in using the login password and not also the keyring password! any help would be appreciated - thank you

    Read the article

  • How to stop programs on starting from returning to log in screen?

    - by Bruce McKean
    I'm not a computer nerd but have been able to fix Ubuntu/Linux problems in the pass two years with a Google search but this on has me stumped. I upgraded to 12.04 about thirty days ago and all was well except that every time I tried to load KeePassX it would go to the login screen. I installed KeePass2 and all seemed to work. Last week I tried to load Bibble5 (Raw photo editor) and it would try to load and then back to the login screen. After a few days I gave up and downloaded Corel After Shot Pro (Corel's now owns Bibble5) and it has the same problem. Could someone please head me into the steps I need to follow to find out what is the cause. I'm interested in learning more about the Linux system how to correct any future problems thanks in advance – Bruce -Computer- Processor : 8x Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz Memory : 8155MB (1092MB used) Operating System : Ubuntu 12.04 LTS OpenGL Renderer : GeForce GT 520/PCIe/SSE2

    Read the article

  • Facebook Connect with CodeIgniter login problems

    - by Alastair Dewar
    Im having a problem using Facebook Connect on my latest website. Im running it using the CodeIgniter framework and Elliot Haughin's library (http://www.haughin.com/code/facebook/). Everything is setup okay, when the user goes to login, the request is sent to Facebook okay and returns with the code (which i presume identifies the session?). However, it doesnt seem to update the library, and after doing all this still thinks that the user is not logged in. It makes me think its a bug in the library itself, but I can't see anyone else with this problem. I have tried dumping the error log from the library but it doesnt find any problems. If someone could shed any light I would be so grateful!

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 27 28 29 30 31 32 33 34 35 36 37 38  | Next Page >