Now see my situation. My Web application's security audit is being done. I implemented everything like MD5, SSL etc.
But if my auditor use this fiddler (or may be another tool for testing, i don't know what they are using) and he/she can see the password in the fiddler what should I do/say? I am not getting the point.
If they always use fiddler or any other tool they can easily see the password. then what's the solution so that password between server and client should not be in clear text.
Is there any other methods doing this so that they cant see the password using any tool? or any other client side technique?
One could explain the expert that it he/she is looking at a stream that is encrypted before it goes over the net.
Is there any other methods doing this so that they cant see the password using any tool?
Yes, but if he/she is using the key to open the lock, then it is not a security risk. If there's another application client side with administrative priviliges, then you already lost and don't need the audit.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
After successfully inject .dll file into a target process, i' would like to run it but how can i do this !!
I' know how to do it into my application by adding the dllMain() function ...
But in the target process how can it be achived ??
I read many articles talking about windows Hook but i would like to understand the method !
Good afternoon, I wanted to share with you a problem I'm having, which you can not find a convincing answer.
What is the problem?
It is that database connections are many active and AWAITING COMMAND status SLEEPING, and every time I run a new query to the database, a new connection is added, I see this with sp_who2 from Management Studio.
What is the scenario?
An application of three layers (BUSINESS, DATA and PRESENTATION) which, because it is a client-server application, data is accessed by a Windows service that raises a
console application that instantiates a class that encapsulates access to data and records on the server so it can be accessed through Net Remotting.
Proper operation, can access data and execute everything correctly. At each attempt to access data, I end with Connection.close () method.
The problem is that despite using Connection.close () connections do not die and are all state SLEEPING, and there comes a time when you can no longer accumulate more
and SQL SERVER rejects the connection attempt, because limit was reached in the POOL.
Even if I close the main application, connections are maintained, but if I close the application that instantiates the object, all connections are closed.
Anyone has been in a similar situation? any suggestions?
Hi again, i've implemeted the Dispose method on the conection object and it's seems to be the solution, first close, then dispose.
I also made some changes, before the Windows Service starts a mini app than register the remote object in a tcp channel, now the Windows services does all the work, and no extra app is needed, so, the solution copuld be bay one of thos changes or a combination.
Actually, you're looking at two different things. Visual Studio Online is not the Visual Studio IDE in the cloud. There is one feature of VSO that does enable you to edit code in the cloud, but it's only for websites deployed to Azure. See: Visual Studio Online "Monaco" videos on Channel 9.
Visual Studio Online is essentially a cloud implementation of Team Foundation Server with some additional cloud-based functionality. You should go ahead and create a free Visual Studio Online Basic account. That'll give you a place in the cloud for online source control. As you learn to code, you should also learn how to work with source control.
Express for Windows Desktop is the IDE heir to what was once Visual Basic Express, Visual C# Express, and Visual C++ Express. All three of those products (2010 era) are now what comprises Express for Windows Desktop. It's the best starting point for learning to code with any of those languages, and it connects to Visual Studio Online. For ASP.NET development, you'll need a separate Express product: Express for Web.