I am having trouble getting BASIC authentication to work with Glassfish. I am developing an application and I need to be prompted for a username and password. I have gotten the application to prompt me for a password when I attempt to access the application, but after entering the correct login information, I get HTTP Status 403 - Acce...
(Specifically for VisualSVN.) Should you use SVN authentication or Windows integrated authentication? Correct if anything here is wrong, but... The issue with SVN auth is that the administrator basically either has to have the dev come over to type their own password in when their account is created, or they have to create a password ...
I'd like to provide some background before I pose my question so please, bear with me. I have come across Microsoft's Security Compliance Manager. It's rather new to me and as I understand so far, one can download EC (enterprise) or SSLF (specialized security, limited function) security "baseline" GPOs for implementation in Active Dire...
I guess this is a general question, but I am going through introductory courses to java (SE/ME) and the study material claims that java is often used for "security purposes". It does not explain however what they mean by claiming that java incorporates good security. Is it hacker proof? Does it produce highly stable software? What? S...
I am implementing a security token feature in my application. You can specify an expirytime and/or max number of uses. If both are specified then both conditions are checked, if either one is specified then just that condition is checked. My question is, how should i handle the scenario where a token exists without expiry time or maxus...
Hi all, I am having a wee bit of trouble configuring my couchone instance. I have setup a admin user. But I am still unable to modify any configuration options http://[your-app-name-here].couchone.com/_utils/config.html Throws this error: An error occurred retrieving/updating the server configuration: This config variable...
I was wondering whether a login system that implies that have to upload a certain file and then the server verifies that this is equal to the one stored in the server would be useful. I was thinking that to its advantage, it would have that the "password" (the file) could be quite large (without you having to remember it). Also it woul...
Hi, I have read about using MySQL AES_ENCRYPT/AES_DECRYPT (two-way encryption) is less secure than using PHP - hash() (one-way encryption). http://bytes.com/topic/php/answers/831748-how-use-aes_encrypt-aes_decrypt Is it true that it is more secure that 'Rather than send the User his password, simply send him a link that he can click o...
I'm working on a small webapp that generates exercise program printouts. A user (ie personal trainer) can create an exercise program, then enter the email address of one of their clients. A link to the exercise program then gets sent to the client, like so... http://www.myurl.com/generate.php?hash=abiglonghash... The hash is a sha51...
I am doing a security review on a system. From one part of the system to another, information is sent using an encrypted string. This string is over 400 characters long, but within it are 4 sets of 10 identical characters. I am assuming that the data that was encrypted also has this pattern, for example the word "parameters". I have t...
hello i have some c program that use from those in my c# program. i dont want send those c exe to client. that mean i dont want user can see those exe. i want to load those byte to memory and run its from memory. how i can do that. thanks a lot. ...
How do I lock down my Windows 2008 R2 Server so only certain computers can connect to it? Ideally it would use some sort of certificates. I've done this in Linux, but I don't know where to start with Windows. Thanks! ...
When I try to request a token from Twitter: _consumer = new OAuthConsumer( _consumerKey, _consumerSecret ); var oauthRequest:OAuthRequest = new OAuthRequest( "GET", AppConstants.TWITTER_REQUEST_TOKEN_URL, null, _consumer, null ); var request:URLRequest = new URLRequest( oauthRequest.buildR...
Hi, After knowing that hashing a password is my choice for making a login form. Now I am facing another issue - sha1, sha256 or sha512? This is a standard method using salt I think I got it from a reference book of mine, # create a salt using the current timestamp $salt = time(); # encrypt the password and salt with SHA1 $usr_passwor...
I'm new to using AJAX, and I just followed a tutorial to retrieve some info from my database using AJAX and outputting it on the page. There's a line where I call a php script which is where the database query is made, and the result is echoed out. I'm a little concerned that since the filename is visible on the frontend, and it's only p...
Hello all, I am an IT security professional seeking advice on some project ideas to continue my self-taught journey into C#. I'm having a hard time deciding exactly what I want to write. Obviously I have a few ideas but there are already very good tools/applications out there, that are way beyond anything I have the capacity to write ri...
Hi, I am now creating a sha2 login form after researching and asking for help around online, I find the example code from this link below is quite useful and practical (I hope I am right!??), the only thing I don't understand is the way this programmer wrote the function and getting the salt value from the function. http://hungred.com/...
How do you guys store login information? Probably, store logged status at session. And username at cookies. But what are the safest practices to protect such crucial information, from falling into wrong hands. ...
I need to give access to a specific page of a website to un-registered visitors, when the admin sends a link with token (like we often see for account activation or password renewal). Obviously, token needs to be unique as the token itself will dictate what is visible to the visitor (token will be stored in MySQL DB with access given, s...
Hi there, i have a winforms app in C# that needs access control for certain forms. That means, the application is running under the same (default) user at system startup, but certain forms need to be secured, so that only certain windows users could have access to the additional functions after identifying themself with username and pas...