Results for "Category: Security"
Need Security on your site. No need for global files or dll's, this DSN-Less Username and Password example is done using JavaScript and ASP. It not only checks for authentication but sets a session for different levels of usergroups. Check it out, very easy to use and to expand upon.
Prevent unauthorized viewing of website javascript and style sheet files. Simply rename all your style and javascript files to the .asp extension. Then include the validate_view.asp file at the top of each file. Open the validate_view.asp file and change the top the constants to those required. Then finally call the procedure name "validate_view" with the current files content type as the parameter.
Users can submit their Username, password, and E-Mail address to register for your site! You can then use a password/username checker from this site to see if the logged in correctly!
A file that replaces the old coder.c. Thanks to Brett Taylor. Found at http://www.cprogramming.com/source.html
*(UPDATED)* ADDED: -Code Re-written -Now updates file size if you no the file has been changed by a program. This program makes a list of all the .ini .sys and .com files on you hard-drive in the c:\windows directory and then calculates there size and keeps them in a log. and then every time the program starts it checks the file sizes against the logged ones to see if they differ, if they do then it tells you. I made this because virusses can sometimes alter files and hide inside them so this basicly keeps a eye on them..
This is an early version of the new password program I am working on, it saves Passwords to disk with very low level encryption and it allows you to call it with-In dos prompt with arguments. Please tell me what you think.
Have you ever fogot a password, but it is still inside your program, only that it is hidden with astricks? This source will show you how to remove those astricks and show whats really there. (see screenshot)
*UPDATED* Now uses a more recursive and less pattern oriented algorithm. Basically encrypts a text type file using a simple recursive character shift techinque. Pretty basic, but powerful.
This program is my attempt at encryption. It's fairly secure, I think. It's definitely not a professional job, but it'll do. I devised a funky key representation/generation scheme. Check it out! Read the documentation for much more detail on how to operate it. (Tomb.txt)
It reads the binary of a file, and outputs it in reverse so the new "encrypted" file can't be normally read. To decrypt encode the new file and it will be reversed again, restoring it back to normal. Its pretty handy, and simple, please rate this code.
This code decrypts the passwords stored in a person's computer in the file *.pwl. This is where the passwords are stored for anything where someone has used the "save username and password" feature on a program, like internet dial-up. This is the only C source code of its kind at this site!! Please remember to RATE this awesome code!
This is not really meant as a repost of the one Jared Bruni did (there are some similarties, I admit...only in two cases); this is more of a demonstration of a more efficient way to perform the same task (i.e. no dynamic memory required and writting directly to the file). And, just to keep things a little interesting, this one can delete stuff from a list containing filenames. Vote/Comment/whatever, just keep the "you stole someone else's idea" stuff/flames (which I didn't) to a minimum, k? (update: fixed a slight logic bug and added a little extra error checking in the getline function) update 5-12-02: It's fixed now, according to the software I used to test it (R-undelete). Give it a whirl :)
This is a password script. Every charachter the user input it displays a star. the password is kcTHEgreat. Catches Control c (Taught to me by a friend :)) so the only way out is to enter the correct password. If you like and think it's secure put it in your autoexec.bat
Example of how to stream data behind a "facade" file. Stream 1M behind a 1K text file, and explorer/DIR still shows the file to be 1K. According to "Hacking Exposed 2ED" there is only one application that can find these streams.
Enable or disable the start menu in one line of code.
Provides your site with security. A login and password, with the ability for the user to change their own password. It uses a DSN-less Access database so that you do not need to set up a DSN on the server.
MyLogin is created entirely in ASP. With just a few simple steps you can password protect any of your pages without knowing how to code ASP (But it Helps!) You can assign individual access levels or you can assign Group access levels. You an also assign Expiration Dates on Groups or Individual Levels. MyLogin uses a DSNLess Access database so you will not have to set up an ODBC. Best of all MyLogin is absolutely FREE!
Checks the HTTP Referer header to ensure people are not posting from other websites. You can include this file if you use templates on your website, or just include it on the pages that receive form data posts. Warning - someone who knows there stuff can get around this by modifying there HOST file. this isn't 100% fool proof, but it may deter most from posting data from other websites.
This simple file (2 files including the text file of usernames/passwords) allows password protection of web pages. It was created with 2 thoughts in mind: 1. User does not need access to the web server the script resides on (NT authentication is impossible unless you own the Web Server) 2. Needs no database access.
Securing Your IIS Web & Content With Access MDB Based User Security (Simple Yet Comprehensive) This past week, I sat down to tackle the chore of securing my personal IIS web server... specifically, my web app I previously posted here (MP3Tool.Web). It was a learning experience to say the least, and so I thought I'd zip up my work and share that experience with the rest of you. The Chore: secure an IIS web or entire server via user logins. The Solution: the magic of my security approach is achieved by making use of the Global.ASA file and sessions. As it's name implies, it functions as something of a global over all the other asp pages on a web site. You can find documentation on the global.asa posted here on psc, so I won't repeat those details here (and the rest of this assumes you know what global.asa is). My security approach makes use of the Session_OnStart on event. It is triggered the first time a user tries to hit an ASP page on your site... and occurs BEFORE the target asp page is served up by the server. This is key to making this approach work. When a session is first started, a number of activities take place. 1) a connection to the database is established (held as an object in the session at the top of the page) 2) the "hit" is logged in the database by IP # and date 3) we test to see if the IP # has been "banned". If it has, I came up with a pretty slick way to implement the ban. Attached in this zip is a VB project for my ResponseHelper com object (my solution to my problem expressed in my previous post, MP3Tool.web, about streaming back binary data back directly on the asp response). In this case, we're not streaming back a binary persay, but an HTML page that looks and works exactly (with 1 smiling exception) to the Server Not Found page IE serves up. Because I use the com object to stream the file back, rather than a .Redirect, the end user is none the wiser (their browser location never changes). =) 4) this part is probably optional, but then I put in a browser check to ensure that IE is being used by the client. =) 5) we test to see if a specifically named cookie exists on the client. This cookie is used to "persist" a user's login... much the same way your developer login is persisted (if you so choose for it to be) here on psc. 6) if no cookie was detected, then we test to see if the Login.htm form is being posted. While the "target" of the Login.htm page is the Login.ASP page, we actually intercept and process all logins in the Global.asa file. Login.asp file theoritically should never actually be hit.