Search Results

Search found 1485 results on 60 pages for 'encrypted'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 46/60 | < Previous Page | 42 43 44 45 46 47 48 49 50 51 52 53  | Next Page >

  • Are SqlCipher open cursors a security concern?

    - by user1178479
    I'm using SqlCipher with content providers. Right now, when I want to lock the app I just clear out the cached password. However, the app can continue to work with any open cursors. This means that re-opening the app grants access to the sensitive data. I fix this issue on the surface by redirecting to a login screen if the app doesn't have passwords. However, I'm concerned if there are any security issues with these open cursors or if I should just continue to block UI access and not worry? SqlCipher's docs say that it reads/writes encrypted pages on the fly, as opposed to decrypting the entire DB, this makes me think that open cursors are still secure. The main concern here is that someone loses their phone and then a knowledgeable individual can use these open cursors to extract sensitive data.

    Read the article

  • Service-Based Authentication Using Tokens

    - by jerhinesmith
    I'm having a tough time trying to find clear and concise examples of how one would implement a service-based authentication scheme using tokens. As far as I can tell, the basic steps are as follows: Client requests username/password from user Client passes username/password to identity provider Provider checks username/password and sends back a token if the user is valid Client does something with the token? The third and fourth step are where I'm getting stuck. I assume the "token" in this case just has to be either an encrypted string that the client can decrypt or some random string that gets stored somewhere (i.e. a database) that the client can then verify against, but I'm not really sure what the client is then supposed to do with the token or why you even need a token at all -- couldn't a simple user ID also suffice?

    Read the article

  • What is the current standard for authenticating Http requests (REST, Xml over Http)?

    - by CodeToGlory
    The standard should solve the following Authentication challenges like- Replay attacks Man in the Middle Plaintext attacks Dictionary attacks Brute force attacks Spoofing by counterfeit servers I have already looked at Amazon Web Services and that is one possibility. More importantly there seems to be two most common approaches: Use apiKey which is encoded in a similar fashion like AWS but is a post parameter to a request Use Http AuthenticationHeader and use a similar signature like AWS. Signature is typically obtained by signing a date stamp with an encrypted shared secret. This signature is therefore passed either as an apiKey or in the Http AuthenticationHeader. I would like to know weigh both the options from the community, who may have used one or more and would also like to explore other options that I am not considering. I would also use HTTPS to secure my services.

    Read the article

  • .NET desktop App remembering login to a webservice

    - by pete the pagan-gerbil
    I am in the planning stages of a .NET desktop app that will communicate with a web service. The web service requires a username and password, and a common feature in this sort of app is to save the user's credentials for the next logon. I've thought of a few ways of achieving this, but I am not sure what the most secure way would be. Should it be stored encrypted in a file (and could someone nefarious copy that file to their own machine and hence logon as the original person), or in the registry somehow (I've not done any registry work before, is it secure and would it work)? Are there any other options I might not have thought of?

    Read the article

  • How do I program a hyperlink to include a username and password to the target site?

    - by Fred Griffith
    We have a website with a section restricted to members only. They log in and can view the website. Some of the information is stored on another server. We want that information to ONLY be accessible to those who have logged into the main website. What would be the best way to link the two sites, without making members log in again? Seems like there must be some way to send an encrypted username and password along with the URL in the hyperlink. Any ideas? Thank you in advance. Fred G.

    Read the article

  • How to create digital signature that can not be used to reproduce the message twice

    - by freediver
    I am creating a client-server application and I'd like to send data from server to client securely. Using public/private key algorithms makes sense and in PHP we can use openssl_sign and openssl_verify functions to check that the data came by someone who has the private key. Now imagine that one of the actions sent by server to client is destructive in nature. If somebody uses an HTTP sniffer to catch this command (which will be signed properly) how can I further protect the communication to ensure that only commands coming from our server get processed by the client? I was thinking about using current UTC time as part of the encrypted data but client time might be off. Is there a simple solution to the problem?

    Read the article

  • Android and PHP - Do I need to use sessions?

    - by jtnire
    I have created an Android App that communicates with a PHP web server. They both send JSON to each other. My App is almost finished, however there is one thing left to do: authentication. Since the user's username and password will be stored in Android SharedPreferences, is there any need to use PHP sessions, given that the user won't need to enter the username/password at every request? Since I can just send the username and password in the HTTP POST header for every request, and that I will be using SSL, is this sufficient? I guess I could add an extra field in the header called 'random' that just adds a random value, just to use as a salt so that the encrypted SSL payload will be different everytime. The reason why I don't want to use sessions is that my Android App would either have to handle cookies, or managed the storage of the session ID. If there are some serious cons to using my method above, then I'm more than happy to use sessions, however all advice is appreciated. Thanks

    Read the article

  • What is your company's stance on Developers using Laptops?

    - by codepunk
    I am a developer and my company is moving towards a "no laptop" policy in fear of them being lost or stolen and source code being compromised. Now I don't work for NASA, the military or anything labeled Top Secret but our code is very important to our business nonetheless (as all source code would be). I'll be honest, I disagree with this policy against laptops and wanted to see what others think. I'd like to know: What is your team/company's stance on laptops Your company's size and/or field (small, medium or large, Fortune 500, etc). Whether you've had to take any extra precautions (signing any additional legal, ensure your hard drive is encrypted, etc). Thanks!

    Read the article

  • Windows Server 2008 R2 Service Pack 1 issue

    - by saj
    Net 4.0 websites running on a Windows Server 2008 R2 server using IIS 7.0. The websites allows Single Sign on via an encrypted token passed in a query string e.g. www.mywebsite.com?token=1159CE30A4ED1148E86D779AC7A1CF4DC75CCEC7213401D13CA181A2ED1C29A8. However, after installing Service Pack 1; SSO has stopped working and the website redirects to www.mywebsite.com. The redirect occurs before any code is hit. No idea what is causing this and any ideas would be much appreciated.

    Read the article

  • Is my TFS2010 backup/restore hosed?

    - by bwerks
    Hi all, I recently set up a sandbox TFS to test TFS-specific features without interfering with the production TFS. I was happy I did this sooner than I thought--I hadn't been backing up the encryption key from SSRS and upon restoring the reporting databases, they remained inactive, requiring initialization that could only come from applying the encryption key. Said encryption key was lost when I nuked the partition after backing up the TFS databases. The only option I seemed to have is to delete the encrypted data. I'm fine with this, since there wasn't much in there to begin with, however once they're deleted I'm not quite sure how to configure TFS to recognize a new installation of these services while using the restored versions of everything else. Unfortunately, the TFS help file doesn't seem to account for this state though. Is there a way to essentially rebuild the reporting and analysis databases? Or are they gone forever?

    Read the article

  • Creating a function that will handle objects with common properties

    - by geocine
    Take this as an example I have trimmed this example for readability and you may not find the use of this concept here. class Teacher() { public Name {get; set;} public Salt {get; set;} public Department{get; set;} } class Student() { public Name {get; set;} public Salt {get; set;} public Section{get; set;} } public string GetEncryptedName(object Person) { //return encrypted name based on Name and Salt property return encrypt(object.Salt,object.Name) } callig the function GetEncryptedName(Teacher) GetEncryptedName(Student) How do you implement this kind of stuff?

    Read the article

  • Can a proxy server cache SSL GETs? If not, would response body encryption suffice?

    - by Damian Hickey
    Can a (||any) proxy server cache content that is requested by a client over https? As the proxy server can't see the querystring, or the http headers, I reckon they can't. I'm considering a desktop application, run by a number of people behind their companies proxy. This application may access services across the internet and I'd like to take advantage of the in-built internet caching infrastructure for 'reads'. If the caching proxy servers can't cache SSL delivered content, would simply encrypting the content of a response be a viable option? I am considering all GET requests that we wish to be cachable be requested over http with the body encrypted using asymmetric encryption, where each client has the decryption key. Anytime we wish to perform a GET that is not cachable, or a POST operation, it will be performed over SSL.

    Read the article

  • How can I know if a file has been changed in .NET C#?

    - by Anthony D
    I have an application that requires a secure way to store its configuration. There are users that can change the configuration. I need some sort of signature scheme where I can verify that the config file has not changed with out a valid user. I had thought about using RSA, where the private key is encrypted with the users password, and the public key is used to sign the config. However there is nothing to prevent someone from changing the user file and adding their own public key, thus circumventing my security. Any ideas?

    Read the article

  • decode mysql query before returning it to view

    - by stormdrain
    I'm running a query to mysql that returns encrypted data. I'd like, if possible, to decode the results before sending it to the view. It seems like better form to handle the decoding in the controller (or even the model) rather than inside the view. I can't seem to wrap my head around how to do it, though. I was thinking I could iterate through the object, decodode it, and push it to another array that would be sent to the view. Problem with this is I won't know (and need to keep) the indexes of the query. So the query might return something like: [id] => 742 [client_id] => 000105 [last] => dNXcw6mQPaGQ4rXfgIGJMq1pZ1dYAim0 [first] => dDF7VoO37qdtYoYKfp1ena5mjBXXU0K3dDlcq1ssSvCgpOx75y0A== [middle] =>iXy6OWa48kCamViDZFv++K6okIkalC0am3OMPcBwK8sA== [phone] => eRY3zBhAw2H8tKE Any ideas?

    Read the article

  • PAC with kerberoes

    - by Varun
    I am currently working on kerberoes, and for now have this doubt on PAC in MS-KILE kerberoes extension. Can pac included in pactype strcuture withtin authorization data, is meant for client to decrypt and decode. It seems (if my understanding is correct), that PAC is encrypted with target server's encryption key, which is known only to kdc and target server, and therefore, client just needs to forward that to server when requesting a service, and isn't suppose to decrypt and extract details about its credentails. Is there a way to try to decrypt this on the fly? ( is there sufficient information available in AS-REP for me extract and decrypt this?

    Read the article

  • PHP: Safe way to store decryptable passwords

    - by Jammer
    I'm making an application in PHP and there is a requirement that it must be possible to decrypt the passwords in order to avoid problems in the future with switching user database to different system. What encryption/decryption algorithm would you suggest? Is it good idea to just store the encrypted value and then compare the future authentication attempts to that value? Are the passwords still as safe as MD5/SHA1 when the private key is not available to the attacker (Hidden in USB drive for example)? I should still use salting, right? What encryption libraries should I use for PHP?

    Read the article

  • How to show the animation without exposing the code?

    - by bonCodigo
    There's an animation done in jQuery within jsfiddle. I do not have a website as of now to "implant" it and share the URL. I also can't give the jsfiddle. So how can I share my animation to the audience without showing the code? Does github or any other facility tools allow locking the code and showing the final product without having a website, yet I could get a URL for the audience to view it? I regret for the rookie-question in this context as I am still new to web stuff. EDIT: jsFiddle shows 3 code windows along the results :html, css, js. My requirement is to only show the results window to the audience and by all means to hide codes and leads via URL to the codes. Ideal solution demands a results to be shown and URL that is encrypted (at best).

    Read the article

  • Hashbytes comparison in stored proceduring not matching record

    - by Michael Itzoe
    The password field in my user table (SQL Server 2008) is encrypted using HASHBYTES on insertion. I have a stored procedure with parameters for the username and plain-text password which does a SELECT using that username and the password sent through HASHBYTES, then returns the user record if it finds a match. The SP is always returning an empty recordset, but if I copy and paste just the SELECT from the SP to a new query window, it returns the matched record. There're no other statements in the SP. I'm missing something here; what is it?

    Read the article

  • Decryption with the public key in iphone

    - by vignesh
    Hi all, I have a public key and an encrypted string. I could encrypt with publickey successfully.But when i try to decrypt using the publickey it fails. I mean when i pass the publickey seckeyDecrypt it fails. I have Googled and found out that by default kSecAttrCanDecrypt is false for public keys.So When i import the public key, i have added this particular line , [publicKeyAttr setObject:(id)kCFBooleanTrue forKey:(id)kSecAttrCanDecrypt]; But there is no improvement it still fails. Please somebody help.

    Read the article

  • How do I secure password parameters in RESTful web service URIs?

    - by adam
    i'm a newbie to server-side programming, so please forgive me if this gets messy. i've been contracted to create a web service to allow authenticated users to access a database. users have to enter a login and password. been reading and reading about REST vs SOAP, and i thought i'd settled on a RESTful design when i came across this statement: "Data that needs to be secure should not be sent as parameters in URIs." this seems like a major demerit against a RESTful approach. i'm aware that with https the password would be encrypted to prevent man-in-the-middle interception, but that leaves the server logs and client history as possible exposure points. is there a RESTful solution out there for this problem, or do i need to go SOAPy? any advice appreciated.

    Read the article

  • How to hash and salt passwords

    - by Henrik Skogmo
    I realize that this topic have been brought up sometimes, but I find myself not entirely sure on the topic just yet. What I am wondering about how do you salt a hash and work with the salted hash? If the password is encrypted with a random generated salt, how can the we verify it when the user tries to authenticate? Do we need to store the generated hash in our database as well? Is there any specific way the salt preferably should be generated? Which encryption method is favored to be used? From what I hear sha256 is quite alright. And lastly, would it be an idea to have the hash "re-salted" when the user authenticates? Thank you!

    Read the article

  • How to access website CMS with only access to database

    - by user1741615
    I have a website that uses an "in-house" cms and I don't know the login details. The platform itself doesn't have the "reset your password" functionality. I do have access to ftp and phmyadmin and I found the SQL table containing the user details, but of course the password is MD5 encryption. I tried manually creating a user in php my admin and filling in a password encrypted in MD5 (used a md service online for that), but it still doesn't work. Does anybody know other tricks I can use? Thanks.

    Read the article

  • Don't know how to encrypt database using SQLCipher

    - by Armaan
    I have included SQLCipher into my project exactly like explained in this link: http://sqlcipher.net/ios-tutorial/ But I am not sure how to encrypt the database I have read description from above link but not getting. Actually what I am doing is if application is opening first time then it will copy the database(i.e. without encryption) to the document directory. One more thing my database is blank when copying from bundle to document directory. I have tried to use sqlite3_key function after opening the database but nothing is encrypted. But I didn't found something like how to encrypt database when copying from bundle to document directory. I am planning to use FMDB so it would be better to reply according to that. Please guide me how to do that or point to direction if is there any tutorial for it. Also suggest what should be the standard approach to do that.

    Read the article

  • IPSec help on Windows 2003 please!!

    - by roacha
    Hey guys, I am trying to configure IPSec between a web and app server in our environment. I want all traffic between these two servers to use IPsec and be encrypted. These servers are on the same domain so i am currently using Kerebos for security, I have also tried pre-defined keys and nothing changed. When I try and ping between the servers I get "Negotiating IP Security" everytime. I have also confirmed that when I change "Require Security" to "Permit" everything works so IPSec is working, I believe its something with my security setup. Under the security tab both servers have the default 3DES keys first and then DES keys. I have also specified tunnel endpoints (the alternate server's IP). What am I missing? Thanks for any help..

    Read the article

  • Can Parallel.ForEach be used safely with CloudTableQuery

    - by knightpfhor
    I have a reasonable number of records in an Azure Table that I'm attempting to do some one time data encryption on. I thought that I could speed things up by using a Parallel.ForEach. Also because there are more than 1K records and I don't want to mess around with continuation tokens myself I'm using a CloudTableQuery to get my enumerator. My problem is that some of my records have been double encrypted and I realised that I'm not sure how thread safe the enumerator returned by CloudTableQuery.Execute() is. Has anyone else out there had any experience with this combination?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 42 43 44 45 46 47 48 49 50 51 52 53  | Next Page >