Search Results

Search found 30932 results on 1238 pages for 'rogue security software'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 318/1238 | < Previous Page | 314 315 316 317 318 319 320 321 322 323 324 325  | Next Page >

  • Temporarily impersonate and enable privileges?

    - by Luke
    We maintain a DLL that does a lot of system-related things; traversing the file system, registry, etc. The callers of this DLL may or may not be using impersonation. In order to better support all possible scenarios I'm trying to modify it to be smarter. I'll use the example of deleting a file. Currently we just call DeleteFile(), and if that fails that's the end of that. I've come up with the following: BOOL TryReallyHardToDeleteFile(LPCTSTR lpFileName) { // 1. caller without privilege BOOL bSuccess = DeleteFile(lpFileName); DWORD dwError = GetLastError(); if(!bSuccess && dwError == ERROR_ACCESS_DENIED) { // failed with access denied; try with privilege DWORD dwOldRestorePrivilege = 0; BOOL bHasRestorePrivilege = SetPrivilege(SE_RESTORE_NAME, SE_PRIVILEGE_ENABLED, &dwOldRestorePrivilege); if(bHasRestorePrivilege) { // 2. caller with privilege bSuccess = DeleteFile(lpFileName); dwError = GetLastError(); SetPrivilege(SE_RESTORE_NAME, dwOldRestorePrivilege, NULL); } if(!bSuccess && dwError == ERROR_ACCESS_DENIED) { // failed with access denied; if caller is impersonating then try as process HANDLE hToken = NULL; if(OpenThreadToken(GetCurrentThread(), TOKEN_QUERY | TOKEN_IMPERSONATE, TRUE, &hToken)) { if(RevertToSelf()) { // 3. process without privilege bSuccess = DeleteFile(lpFileName); dwError = GetLastError(); if(!bSuccess && dwError == ERROR_ACCESS_DENIED) { // failed with access denied; try with privilege bHasRestorePrivilege = SetPrivilege(SE_RESTORE_NAME, SE_PRIVILEGE_ENABLED, &dwOldRestorePrivilege); if(bHasRestorePrivilege) { // 4. process with privilege bSuccess = DeleteFile(lpFileName); dwError = GetLastError(); SetPrivilege(SE_RESTORE_NAME, dwOldRestorePrivilege, NULL); } } SetThreadToken(NULL, hToken); } CloseHandle(hToken); hToken = NULL; } } } if(!bSuccess) { SetLastError(dwError); } return bSuccess; } So first it tries as the caller. If that fails with access denied, it temporarily enables privileges in the caller's token and tries again. If that fails with access denied and the caller is impersonating, it temporarily unimpersonates and tries again. If that fails with access denied, it temporarily enables privileges in the process token and tries again. I think this should handle pretty much any situation, but I was wondering if there was a better way to achieve this? There are a lot of operations that we would potentially want to use this method (i.e. pretty much any operation that accesses securable objects).

    Read the article

  • Getting started in Mac Development; No Mac.... What Do?!

    - by Andrew Bolster
    Hi folks, With all the RDF et al around King Jobs' newest glass beermat, I'm getting the feeling that its a good time to add the 'iphone/ipad developer' string to my bow. One problem (two if you count not being in a financial position to slap down $1000+ for a mac) ; I am a PC head, specifically a Linux-head, and have no regular access to a Mac platform to develop on. I cannot see any way of getting my hands on iSDK without being on a Mac, (but have been known to be wrong) How hopeless is my plight and where can I go from here?

    Read the article

  • how to force client(winform) application to use NTLM when calling web services

    - by peanut
    Hi, I have a winform application calling web services hosted in IIS, by default, the client app will use Kerberose for authentication to IIS, and it failed for some reasons? But the same app works fine at another PC(with different user login), and I found it is using NTLM by checking the IIS server event log. is there anyway we can change the client app(winform) authentication type? Thanks in advance

    Read the article

  • What's the best way to detect web applications attacks ?

    - by paulgreg
    What is the best way to survey and detect bad users behavior or attacks like deny of services or exploits on my web app ? I know server's statistics (like Awstats) are very useful for that kind of purpose, specially to see 3XX, 4XX and 5XX errors (here's an Awstats example page) which are often bots or bad intentioned users that try well-known bad or malformed URLs. Is there others (and betters) ways to analyze and detect that kind of attack tentative ? Note : I'm speaking about URL based attacks, not attacks on server's component (like database or TCP/IP).

    Read the article

  • Does someone have used Network Emulator API exposed in VS 2010

    - by Pritam
    Hi, I have seen VS2010 exposing Network Emulator API. I have installed it and trying to use this API, but not able detect whether it is really running with this code or not. Sometime I have given wrong profile name but it does not throw any error. Please find below my piece of code. If some one have used it please help me. IntPtr m_emulatorHandle = IntPtr.Zero; NetworkEmulationApi.LoadProfile(m_emulatorHandle, "300KB_WithLatency.xml"); NetworkEmulationApi.StartEmulation(m_emulatorHandle); Thanks, Pritam

    Read the article

  • authentication on gui application written on perl

    - by oren
    Its not specific perl question I am building a perl gui/wxperl application that connect to DB . I want my application to be a password protected i.e first the user should enter the user and password and then use the appication . what is the best secure method to store the password could someone provide an idea what is the best method to how should i store the user and the password and how should i retrieve them for authentication ? if possible could someone provide some perl code how to do this ?

    Read the article

  • Multiple Hotel Booking Engine?

    - by Raf
    Does anyone know of a good solution to make my travel website list all my contractual hotels and list their room nightly rates with flexibility options. I found something quite similar, www.touristway.com was offering it, but I need an open source solution if possible.

    Read the article

  • AES Encryption library

    - by Spines
    Is there a library or something that will allow me to simply call a function that will AES encrypt a byte array? I don't want to deal with multiple update blocks/transformFinal/etc, because there is a possibility I will mess up...

    Read the article

  • Row level user permissions, help with design

    - by bambam
    Hi, Say I am creating a forums application, I understand how to design a forum level permission system with Groups. i.e. you create a forum to group mapping, and assign users to a group to give them access to a particular forum. How can I refine the permissions to allow for row level permissions (or in forum terms, post level).

    Read the article

  • Problem exporting RSA key -'key not valid for use in specified state'

    - by asp316
    I'm encrypting the web.config in our web sites using aspnet_regiis. However, I want the ability to export the encryption key so if we need to move from Machine A to Machine B, asp.net will be able to decrypt it. When I run aspnetregiis -px "NetFrameworkConfigurationKey" c:\keys.xml -pri, I get the following : 'Key not valid for use in specified state'. I've seen all kinds of responses online but they don't seem to apply. It's not an invalid key because when I use aspnet_regiis to encrypt sections of the web.config, they encrypt fine. Ideas?

    Read the article

  • Shared User Session for Multiple ASP.NET Websites

    - by Oliver
    I have been tasked with developing a single Login and Dashboard page that user can login too, the user will then be shown all the systems (we developed) that they have access based to based on some roles stored in our databases. If they logged in we would like that "User Session" (not sure of correct terminology) to be carried to which ever system they are redirected too. To illustrate a very rough overview of what I want to achieve: Is there a way that a user can login in one site, and then carry over that login to the other sites? Help, Advice, Link will be much appreciated. Sorry I am not experienced at ASP.net but have a good understanding of Silverlight, C#, WPF. Thanks in advance.

    Read the article

  • Coding without Grock. Is it wrong?

    - by OldCurmudgeon
    Should a professional programmer allow themselves to write code without completely understanding the requirements? In my 30+ years as a programmer I must have written many thousands of lines of code without completely understanding what is required of me at the time. In most cases the results were rubbish that should have been discarded. Every other industry that employs professionals has systems to root out such behavior. Ours does not. Is this right?

    Read the article

  • Does using ReadDirectoryChangesW require administrator rights?

    - by Alex Jenter
    The MSDN says that using ReadDirectoryChangesW implies the calling process having the Backup and Restore priviliges. Does this mean that only process launched under administrator account will work correctly? I've tried the following code, it fails to enable the required privileges when running as a restricted user. void enablePrivileges() { enablePrivilege(SE_BACKUP_NAME); enablePrivilege(SE_RESTORE_NAME); } void enablePrivilege(LPCTSTR name) { HANDLE hToken; DWORD status; if (::OpenProcessToken(::GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken)) { TOKEN_PRIVILEGES tp = { 1 }; if( ::LookupPrivilegeValue(NULL, name, &tp.Privileges[0].Luid) ) { tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; BOOL result = ::AdjustTokenPrivileges(hToken, FALSE, &tp, 0, NULL, NULL); verify (result != FALSE); status = ::GetLastError(); } ::CloseHandle(hToken); } } Am I doing something wrong? Is there any workaround for using ReadDirectoryChangesW from a non-administrator user account? It seems that the .NET's FileSystemWatcher can do this. Thanks!

    Read the article

  • Which SHA-256 is correct? The Java SHA-256 digest or the Linux commandline tool

    - by Peter Tillemans
    When I calculate in Java an SHA-256 of a string with the following method I get : 5e884898da2847151d0e56f8dc6292773603dd6aabbdd62a11ef721d1542d8 on the commandline I do : echo "password" | sha256sum and get 5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8 if we compare these more closely I find 2 subtle differences 5e884898da2847151d0e56f8dc6292773603dd6aabbdd62a11ef721d1542d8 5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8 or : 5e884898da28 47151d0e56f8dc6292773603d d6aabbdd62a11ef721d1542d8 5e884898da28 0 47151d0e56f8dc6292773603d 0 d6aabbdd62a11ef721d1542d8 Which of the 2 is correct here?

    Read the article

  • Restrict the page to be browsed in the other browser with the same urls

    - by subash
    how to restrict the page to be browsed in the other browser with the same urls with out logging asp.net & c#.net. i followed the following steps for example: i am logging in to a page developed in asp.net & c#.net. i am viewing a page.Let it be admin page. i am copying the url of the admin page. i am opening another browser window and pasting the url. i was able to see the same admin page in the other browser. the question is how to restrict the opening of admin page in other browser,if they try to open admin page in another browser while user is currently viewing the admin page then it should be redirected to the login page? how could this be accomplished? is there any thing could be done with "login" control tool of the .net frame work?

    Read the article

  • There are lots of useful answers about estimating the cost of a project. Are there any recommendatio

    - by Chrys
    Let me clarify this a bit more. I started giving estimations about projects/tasks. I write everything down in a spreadsheet. I know that soon this spreadsheet won't help much (searching, recommending similar project estimations etc...) Do you have any recommendations for any tools I can use for keeping a track of all these estimations? Is there a tool out there that for example will give me related project estimations like stackoverflow gives me related questions when I type one question.

    Read the article

  • Flex Inheriting Logged in User

    - by Nick
    I am trying to secure my Flex application within my Java web application. Currently my Java web application, handles logging and managing user accounts and the like. I was wondering if there is a way to essentially share that user credentials with the Flash movie in a secure mechanism? For instance, if you log in, we want you to be able to save items in the Flex application for that user, only if that user is logged in of course. Any ideas? Any help is greatly appreciated.

    Read the article

  • How to prevent multiple registrations?

    - by GG.
    I develop a political survey website where anyone can vote once. Obviously I have to prevent multiple registrations for the survey remains relevant. Already I force every user to login with their Google, Facebook or Twitter account. But they can authenticate 3 times if they have an account on each, or authenticate with multiple accounts of the same platform (I have 3 accounts on Google). So I thought also store the IP address, but they can still go through a proxy... I thought also keep the HTTP User Agent with PHP's get_browser(), although they can still change browsers. I can extract the OS with a regex, to change OS is less easier than browsers. And there is also geolocation, for example with the Google Map API. So to summarize, several ideas: 1 / SSO Authentication (I keep the email) 2 / IP Address 3 / HTTP User Agent 4 / Geolocation with an API Have you any other ideas that I did not think? How to embed these tests? Execute in what order? Have you already deploy this kind of solution?

    Read the article

  • Are these two functions overkill for sanitization?

    - by jpjp
    function sanitizeString($var) { $var = stripslashes($var); $var = htmlentities($var); $var = strip_tags($var); return $var; } function sanitizeMySQL($var) { $var = mysql_real_escape_string($var); $var = sanitizeString($var); return $var; } I got these two functions from a book and the author says that by using these two, I can be extra safe against XSS(the first function) and sql injections(2nd func). Are all those necessary? Also for sanitizing, I use prepared statements to prevent sql injections. I would use it like this: $variable = sanitizeString($_POST['user_input']); $variable = sanitizeMySQL($_POST['user_input']);

    Read the article

  • What are some good design patterns for CRUD?

    - by Extrakun
    I am working with a number of data entities which can be created, read, updated and deleted, and I find myself writing more or less the same code for them. For example, I need to sometimes output data as JSON, and sometimes in a table format. I am finding myself writing 2 different types of view to export the data to. Also, the creation of those entities within DB usually differs just by the SQL statements and the input parameters. I am thinking of creating a strategy pattern to represent different 'contexts'. For example, the read() method of an AJAX context will be to return the data as JSON. However, I wonder if others have deal with this problem beforehand and will like to know what design patterns are usually use for CRUD operations.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 314 315 316 317 318 319 320 321 322 323 324 325  | Next Page >