Results for "Category: Security"
I took this code from MSDN's November Magazine and used it in many project of mine..Its very useful security measure. I did change it to make it more understandable for all you .net coders there. Zip file includes a type lib and an example project. Hope you guys find it useful.
Authenticates a user to make sure if they have previously logged into the site. Requires Session("UserID") to be populated. This usually represents the Users ID within a data base. (Users.UserID) If a user is not loged in, they are redirected to a page to attempt a login. This is useful when the ability to "Auto-Login" has been enabled to use previously saved login information in the users cookies. When a user is redirected to the login page, The URL they were attempting to view is passed along in the Query String along with the reason why they need to login. If the user was posting data to the protected page (perhaps a session timed out), then the previous page they were posting from is sent as the URL that the user is redirected to after they have successfully logged in. This is done to help reduce errors when visiting a page that expected posted form data.
Checks the HTTP Referer header to ensure people are not posting from other websites. You can include this file if you use templates on your website, or just include it on the pages that receive form data posts. Warning - someone who knows there stuff can get around this by modifying there HOST file. this isn't 100% fool proof, but it may deter most from posting data from other websites.
Requests users to login to website with NT Account.
Create new key pairs for asymmetric encryption or copy/paste strings into text fields provided. Encrypts and decrypts text to encrypted base64 strings. Main benefit here is I got around a problem with where the key was stored and can now load keys on the fly. Asymmetric keys are usually used to encrypt Session Keys and Digital Signatures. Session Keys are used with Symmetric Encryption on the Message itself because it is much faster then Assymetric encryption. This is great for anyone beginning to learn about Security or how to Implement RSA Public Key / Private Key Infrastructure.
*UPDATED* Now uses a more recursive and less pattern oriented algorithm. Basically encrypts a text type file using a simple recursive character shift techinque. Pretty basic, but powerful.
Security issues using ".inc" include files.
Cold Steel - Defender is a file encryption/decryption utility (using 3DES) that gives you the option to use a "USB Hard drive" as a secondary means of security in addition to just using a password. A USB drive is not required to use this program, but is suggested, as it will insure that only the person who knows the password -and- has the physical USB DRIVE can decrypt a file. Nothing is stored on your USB drive; we only extract some unique information from the USB drive and create a key from it.
***Disabling CTRL-ALT-DELETE on Windows NT, Windows 2000, and Windows XP*** There is an undocumented way to disable the Ctrl Alt Del key sequence on Windows NT/2000/XP using the registry. The key, 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon : AutoAdminLogon (REG_SZ)' has only two legal values, according to Microsoft: "0" and "1". 0 disables automatic logon of the account stored, and 1 enables it. The strange thing is that if you set the key to "2"...
The .NET Framework provides a rich set of permissions and security settings that (when used properly) ensures that your programs only do what their allowed to do. After searching for articles on security and permissions and finding virtually nothing here I decided to create this tutorial to explain the basic concepts. This simple tutorial explains how the Demand and Assert methods work. It also teach's you how to create a simple code group that grants a specific assembly more access to the system. Remember to vote!
A.L.F.G is a sort of anti-leech technical, which mainly based on Browser Referrer and Cookie checking technologies. The advantage of A.L.F.G identifying to others is that A.L.F.G process file requirement as a transparence file gateway, whereas other anti-leech technologies need to cooperate with additional files. Also, A.L.F.G record every leech attempt and traffic byte, those record and setting can be viewed or checked in a Integrated console which come with the A.L.F.G. FOR DEMO OR FUTURE VERSION RELEASE PLEASE REFER TO http://www.21code.com/alfgate/index.php Please Give Me Credit Where Credit Is Due! Thanks!
This simple file (2 files including the text file of usernames/passwords) allows password protection of web pages. It was created with 2 thoughts in mind: 1. User does not need access to the web server the script resides on (NT authentication is impossible unless you own the Web Server) 2. Needs no database access.
This example will do several things. Returns the user’s full name. Allows you to authenticate the users login name and password on the network. And gives you the ability to check to see if a user belongs to a specified group in the active directory. 01. GetUserName - Returns the login user’s FULL name 02. GetUserFirstName - Returns the login user's first name 03. GetUserLastName - Returns the login user’s last name 04. GetUserLoginName - Returns the users login name 05. GetDomainName - Returns the domain name the user is logged on 06. GetComputerName - Returns the computers name 07. AuthenticateUser - Validates the users login name and password 08. GetUserGroups - Returns all the groups the user belongs to in the active directory 09. GetGroupUsers - Returns all the users of a specified group in the active directory 10. ValidateGroupUser - Returns true or false of whether a specified user belongs to a specified group in the active directory
Securing Your IIS Web & Content With Access MDB Based User Security (Simple Yet Comprehensive) This past week, I sat down to tackle the chore of securing my personal IIS web server... specifically, my web app I previously posted here (MP3Tool.Web). It was a learning experience to say the least, and so I thought I'd zip up my work and share that experience with the rest of you. The Chore: secure an IIS web or entire server via user logins. The Solution: the magic of my security approach is achieved by making use of the Global.ASA file and sessions. As it's name implies, it functions as something of a global over all the other asp pages on a web site. You can find documentation on the global.asa posted here on psc, so I won't repeat those details here (and the rest of this assumes you know what global.asa is). My security approach makes use of the Session_OnStart on event. It is triggered the first time a user tries to hit an ASP page on your site... and occurs BEFORE the target asp page is served up by the server. This is key to making this approach work. When a session is first started, a number of activities take place. 1) a connection to the database is established (held as an object in the session at the top of the page) 2) the "hit" is logged in the database by IP # and date 3) we test to see if the IP # has been "banned". If it has, I came up with a pretty slick way to implement the ban. Attached in this zip is a VB project for my ResponseHelper com object (my solution to my problem expressed in my previous post, MP3Tool.web, about streaming back binary data back directly on the asp response). In this case, we're not streaming back a binary persay, but an HTML page that looks and works exactly (with 1 smiling exception) to the Server Not Found page IE serves up. Because I use the com object to stream the file back, rather than a .Redirect, the end user is none the wiser (their browser location never changes). =) 4) this part is probably optional, but then I put in a browser check to ensure that IE is being used by the client. =) 5) we test to see if a specifically named cookie exists on the client. This cookie is used to "persist" a user's login... much the same way your developer login is persisted (if you so choose for it to be) here on psc. 6) if no cookie was detected, then we test to see if the Login.htm form is being posted. While the "target" of the Login.htm page is the Login.ASP page, we actually intercept and process all logins in the Global.asa file. Login.asp file theoritically should never actually be hit.
Demonstrate how to spawn a shell on a remote computer bound to a port. If u like it, please VOTE!
This is a simple multi-threaded port scanner programmed in VB.NET. It shows a way of connecting to a remote host via a specific port using VB.NET's free threading capabilities. Please don't use this to scan anyone other than yourself though, its simply an example.
Cookies in PHP can sometimes be a huge pain in the butt. This function is simple, and teaches you how cookies work, how to write them, expire them, and check their values. Use this cookie for whatever you want, but feedback is always appreciated :o)
(Because of an error at PSC i had to re-upload this article :-S) This method can be used to authenticate users by letting them entering their email address and password. This method is highly secure due to its use of the MD5 algorithm to send the password encrypted. Provided security is better then the basic authentication featured in most browsers, and can be used in combination with HTTPS.
Yet another password program!! This one takes into account the backspace key, a feature which i didn't find in the other password programs on this site.
UPDATED: UI and DLL Free REAL RSA encryption 2048 bits security library. WARNING NOTE: Use this RSA library wisely, I, Hariyanto Lim, the author, will NOT be liable for any damage of any kind caused by this FREE library. This is library is subject to export law of each country, consult your local law adviser (lawyer) before using this library for commercial purpose.