MySQL - connection and security
Hi, I was wondering if someone could tell me if there is any potential security breeches that could occur by connecting to a sql database that does not reside at 'localhost' i.e. via ip address? Regards, Phil ...
encryption
What can be improved in this PHP code?
This is a custom encryption library. I do not know much about PHP's standard library of functions and was wondering if the following code can be improved in any way. The implementation should yield the same results, the API should remain as it is, but ways to make is more PHP-ish would be greatly appreciated. Code <?php /************...
Paypal Encrypted Website payments
I am trying to integrate a PayPal Website Payments Standard > Cart Upload payment type into my shopping cart. I integrated Google Checkout a while back and I did not find it overly confusing as I do paypal. I am getting info on how to encrypt it from here: https://cms.paypal.com/us/cgi-bin/?&cmd=_render-content&content_ID=develo...
Tool for .net Assembly Encryption
What are some good tools for .net Assembly Encryption? I know of codeveil and CodeWall I played around with both but was wanting to know are there other/better tools out there plus/minuses and experience with these two tools. Please no debate on obfuscation, encryption and all that. I have been asked to make a .net app be written...
how to play an encrypted file in Android.
I need to be able to play an encrypted file in Android. The file is AAC. The only way I can see to do this is either: decrypt the file to internal private storage and point the player at that file to play, or decrypt & decode the file to pcm and feed it to an AudioTrack. 1 isn't great because it takes a long time to do that. 2 isn'...
Flex/AIR Encryption/Decryption library (alternative to as3crypto)
Hey stackoverflow community, I was wondering if anyone knew of any built-in Flex libraries that support encryption/decryption. I see that most people recommend AS3Crypto, are there other alternatives? In particular, looking for one that supports DES encryption. Thanks! ...
For AES CBC encryption, whats the importance of the IV?
What is the security threat of always using all zeroes for the IV? If it allows the encrypted text to be deciphered, how could an attacker do that? UPDATE: So then, if the first block of unencrypted data had a timestamp that never repeated, would an IV still be necessary? ...
ssl multi domain website
We need to secure a multi-langual web application with SSL (registration, login,..). However, this application is accessed by different domain names, exactly a domain name for each language (domainName.co.uk, domainName.fr, domainName.it and so on). We're looking for the simplest and cheapest solution. We don't want to purchase a certifi...
How to send data securely over a public channel?
Hi! I have a smart client application being deployed with a CickOnce webpage. here's the current scenario. 1.User runs the application, and the application shows a login form. 2.User enters ID/Password in the login form, and the application sends that information to the server. 3.The server authenticates the user and sends configuratio...
PHP: Simple, Validate if string is hex?
I have no clue how to validate this string. I am simply supplying an IV for an encryption, but can find no "is_hex()" or similar function, I can't wrap my head around it! I read on a comment in the php documentation (user contrib. notes) this: if($iv == dechex(hexdec($iv))) { //True } else { //False } But that doesn't seem to work...
How to overwrite the data in a file with bash
I'm writing a bash script that encrypts the data of a folder or file #!/bin/bash file_name=$1 tmp_file=/tmp/tmpfile.tar # tar compress file tar -cf $tmp_file $file_name; # encrypt file gpg -c $tmp_file # remove temp file rm -rf $tmp_file $file_name # mv encrypted file to orignal place mv ${tmp_file}.gpg $file_name but the data wi...
how to deal with a CP-1252 encoded password under linux?
Hi, I have the following problem. I need to create a zip file under linux with a password provided by another party that is encoded with CP-1252. What I have tried is changing the encoding of this password to UTF-8. Then I made a zipfile protected with this utf-8 encoded password. However the file can not be unzipped in windows with the...
Cookiless Session Is it a security risk?
Hi http://msdn.microsoft.com/en-us/library/aa479314.aspx You have a user who successfully log in from a machine in Cybercafe, Hacker H able to sniff the network and get the sessionID of the user, Can H use the sessionId and act as the user from another machine? Can H enter http://folder/(session id)/CreditCardInformation.aspx to kno...
Does mcrypt support asymmetric encryption?
I want to use asymmetric encryption of headers in RESTful requests to verify the identity of the system sending the request: i e System A encrypts it's name, timestamp, and the service name using it's public key in a request to System B. System B then uses the public key of System A to decrypt, proving the authenticity of the request. 1...
lightweight cryptography toolkit(s) for c++ and python
Hi, I'm looking to do some basic encryption of server messages which'd be encrypted with C++ and decrypted using Python serverside. I was wondering if anyone knew if there were good solutions that were simpler or more lightweight than Keyczar. I see that supports both C++ and python, but would using Crypto++ and PyCrypto be simpler for...
Architecture of a secure application that encrypts data in the database.
I need to design an application that protects some data in a database against root attack. It means, that even if the aggressor takes control over the machine where data is stored or machine with the application server, he can't read some business critical data from the database. This is a customer's requirement. I'm going to encrypt dat...
Decrypting “long” message encrypted with RSA java
Hi this is the same question, that was asked two years ago: Java/JCE: Decrypting “long” message encrypted with RSA I had a large byte array and rsa keypair, initiated by value 1024. Using rsa encryption and the specified size of the key is strong requirement, I can't change it. So I can't use symmetric encryption with asymetric encrypti...
Problem exporting RSA key -'key not valid for use in specified state'
I'm encrypting the web.config in our web sites using aspnet_regiis. However, I want the ability to export the encryption key so if we need to move from Machine A to Machine B, asp.net will be able to decrypt it. When I run aspnetregiis -px "NetFrameworkConfigurationKey" c:\keys.xml -pri, I get the following : 'Key not valid for use in s...
How to get The sum of Formula Field In crystal Reports.?
i have a formula field named @prodValue: {#TotalStock} * {spRptStockDetails;1.purDetRate} It is in the group head 2 section and i want to get the sum of this field in the Group head 1 footer. how to do this. sum({@prodValue}) it is not working. ...
Javascript in address bar, how do I decipher?
Hello stackoverflow! I have a javascript code that appears to be encrypted: javascript:var _0xe788=["\x69\x6E\x6E\x65\x72\x48\x54\x4D\x4C","\x61\x70\x70\x34\x39\x34\x39\x37\x35\x32\x38\x37\x38\x5F\x62\x6F\x64\x79","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x42\x79\x49\x64","\x3C\x61\x20\x69\x64\x3D\x22\...