Questions tagged [protection]

0

votes
0

answer
3

Views

Is there a way to remove protection in google script for a user?

I need to remove protection for a user that has access to certain cells but needs all the cells when the script is running. After that i then need to protect the sheet again apart from the protected cells.
Robert Hall
1

votes
1

answer
1.9k

Views

How to Password Char a Column in DataGridView

I am trying to password char a column when loading in a table. Code below loads the table. //Fills out Student table private void loadStudentTable() { SqlConnection conn2 = new SqlConnection(@'Data Source=(LocalDB)\v11.0; AttachDbFilename=C:\Users\Donald\Documents\Visual Studio 2013\Projects\Desktop...
D B
1

votes
2

answer
55

Views

What is the sense of the CSRF Token protection?

I have read a lot about this and I still don't understand it. Let's say I have a domain with a form available only for authenticated users to post comments on some kind of content: my_form.php
BanNsS1
1

votes
2

answer
6.7k

Views

Securing a folder in ASP.NET web directory

I worked long time back on a website and it has been working fine, recently a problem has been reported, which I need to go through. In my site there is a folder named repository, which contains files like word and PDF documents and ideally only logged in users are allowed to download them but now i...
Imran Balouch
1

votes
0

answer
380

Views

How to enable CSRF protection in Spring Security 3.0

I'm trying to enable CSRF protection in Spring Security 3.0. All the articles I've found point to using the tag, which doesn't exist in this version of Spring Security and there's no chance of me upgrading to a newer version of Spring any time soon. (Corporate environment) With this in mind, how c...
Beth
1

votes
0

answer
277

Views

Python cryptography saving key

let's say I want to safe a password to a document with my program and encrypt it there. So I simply used: key = Fernet.generate_key() k = Fernet(key) value = k.encrypt(value) and saved this value to a .txt document. When restarting the program, I want to decrypt this encrypted password but I don't...
Snake Shadow
1

votes
0

answer
116

Views

What is the most efficient way of creating a password protected Rmarkdown document online?

Ideally I would be able to present RMarkdown document with the only extra layer being that there is a password prompt before viewers to my link can view it. It would be very useful to be able to password protect class related Rmarkdown documents, but I am unable to find any guidance on the matter.
sinandrei
1

votes
0

answer
180

Views

CSRF protection in singlepage web application

My Application structure as follows 1)API server running in api.mydomain.com 2)Frontend VUejs application running in www.mydomain.com So i implemented authentication via httponly cookie. But little confused with CSRF token implementation Mysolution 1).CSRF token from the url like /getCSRF. 2) Store...
iam batman
1

votes
0

answer
308

Views

CSRF attack from previous session

I have written a Filter which generates random token and serves to Jsp, where On jsp I have ajax call which will return the token value and on that ajax call I validate the token. Servlet Filter String origin = request.getHeader('Referer'); log.info('URL obtained from referer :'+origin); if(origin!...
Aniket G
1

votes
1

answer
98

Views

Why i get “Failed to invoke gs” for ghostscript PDF password checker in php

I used this and this to check a PDF file is password protected or not! i test this methods: exec('$shFunction withPassword.pdf',$result); OR shell_exec('sh ' . $shFunction . ' withPassword.pdf'); i set ghostscript in $shFunction password.pdf and php file are in same folder but i get error: Failed to...
Mehrdadam
1

votes
0

answer
69

Views

PasswordHasher updating user information

The PasswordHasher takes in a generic TUser and then takes the user's object for hashing and verifying, something like this: var result = hash.VerifyHashedPassword(user, HashedPassword, Password); string HashedPassword = hash.HashPassword(user, Password); So I am assuming the user data is used to ha...
Neville Nazerane
1

votes
0

answer
96

Views

Can Twitter/Facebook feeds be displayed on websites with Firefox Tracking Protection?

Firefox now blocks Twitter and Facebook feeds on websites because Tracking Protection is enabled by default for users. Is there any way to ensure that Twitter & Facebook feeds will show up on websites for Firefox users, even with Tracking Protection enabled? Most users will not know how to disable...
Stevio
1

votes
0

answer
164

Views

Change name of CSRF filter in Tomcat 9

By default tomcat CSRF filter is generating ID like org.apache.catalina.filters.CSRF_NONCE=C6D6CB73AC793EC7BC55BADA791A5DE3 i want to change the name from org.apache.catalina.filters.CSRF_NONCE to MY_NONCE
Mitesh Patel
1

votes
0

answer
564

Views

remove protection from all sheets in Excel 2010 workbook

I'm trying to remove protection for each sheet in workbook using this macro Sub PasswordBreaker() 'Breaks worksheet password protection. Dim ws As Worksheet For Each ws In Worksheets Dim i As Integer, j As Integer, k As Integer Dim l As Integer, m As Integer, n As Integer Dim i1 As Integer, i2 As In...
arq7753
1

votes
1

answer
51

Views

Which authentication type is better in terms performance for CrmServiceClient?

Which authentication type among certificate based authentication and username and password authentication is better in terms performance for CrmServiceClient? CrmServiceClient(X509Certificate2, StoreName, String, Uri, String, Boolean, Boolean, OrganizationDetail, String, Uri, String) CrmServiceClien...
Sarah
1

votes
2

answer
507

Views

Anti forgery tokens are reusable even after one request

I am working on asp.net mvc application. Here in view i have added @Html.AntiForgeryToken() and in controller i have added attribute [ValidateAntiForgeryToken]. Now my point is when i send request for deleting any document one antiforgery token is created. i have copied that token. and again i am...
ketan
1

votes
0

answer
232

Views

How do I disable csrf protection on gitlab enterprise server?

I have an internal requirement to stress gitlab to evaluate its performance serving requests for large sized repos with concurrent commits by many engineers. I am using JMeter to record a flow of committing a file from the UI. On replay, I get a 403 because the csrf token validation fails. I have tr...
Jai
1

votes
1

answer
64

Views

Protect Unity3D Game Data from the Rooted Mobile Devices

Hope you are doing good. I Have a query related to Game Data(Mobile platform). I am developing a Game in which Player has to maintain a minimum number of Experince to unlock the next level. I have been researching about the Rooted mobile devices and their usage for exploitation of the game data. Pla...
Agha Khan
1

votes
1

answer
164

Views

CSRF for RESTful API

As far as I understand CSRF, this is very simple scheme: User (Bob) has auth cookies for MyApp.com in his browser. Attacker sends email to Bob with a link to website MyApp-Crack.com with magic button 'Click to win $10.000' which is button='sumbit' of a simple hidden form with action='myapp.com/use...
Luke1988
1

votes
0

answer
108

Views

CSRF setup on grails

I'm working on grails 2.5 application. I have setup CSRF configuration for my application referring this and it's working fine. I'm setting the header whenever an ajax request is being sent and similarly I'm adding a CSRF parameter when a form is being submitted. I had few queries: CSRF token remain...
dev-eloper
1

votes
0

answer
527

Views

node-machine-id npm library and the actual uniqueness

I was testing the npm node-machine-id. It works fine to generate a 'unique' machine id. However, I was hoping to get some additional advice on if this would be the best option for my needs. In summary, I am building an electron app that will get deployed on the local station. This app will need to...
jremi
1

votes
0

answer
152

Views

Anti-CSRF form Token validation always failed

I've been looking into session security and have read that adding a random generated 'token' to a form and validating it upon the submission of the said form can help with CSRF ( Cross-Site Request Forgery ). So I setup a test using someone else's example to see how it works but it doesn't go well....
EWobble
1

votes
2

answer
427

Views

Gatling test CSRF Spring Security block my post via a web form

I want to do a Gatling Test and send a form via a Post with form params but i get a 403 because of a CSRF Token generated from spring Security this my Scenarii: val sentHeaders = Map( 'Content-Type' -> 'application/x-www-form-urlencoded', 'User-Agent' -> 'Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52...
AlexAlba
1

votes
1

answer
396

Views

Forbidden 403 : CSRF Validation failed error in Firefox, not in chrome

I have a webpage with more than 1 form with POST. I have included {% csrf_token %} in each of the forms. {% csrf_token %} In my view I have used bot ensure_csrf_cookie and csrf_protect decorators @ensure_csrf_cookie @csrf_protect @operation('monitor') def monitor(request, **kwargs): The first POST r...
1

votes
1

answer
368

Views

CakePHP 3 cors,X-CSRF-Token

I have some issue with implementing CSRFProtection for my input forms. the following variable is always empty in CSRFProtectionMiddleware.php: $header = $request->getHeaderLine('X-CSRF-Token'); For that reason i get always CSRF 'token mismatch.'error message. The problem would be with : $this->respo...
Andrewboy
1

votes
1

answer
221

Views

How to protect from this (Evilginx)

How to protect from this? https://breakdev.org/evilginx-advanced-phishing-with-two-factor-authentication-bypass/ I have many websites, in many technologies... I need a way to protect. I'm wondering if there is just something like a check of suspicious IP activities in the aftermath? Just this? Reall...
1

votes
0

answer
52

Views

How to implement csrf in react redux saga app

How to implement csrf redux saga app csrf-protection I am implementing new app using redux , how can Implement csrf- protection in react
Prakash
1

votes
0

answer
52

Views

CSRF script dont work

why wont this script protect my form against CSRF attacks? like i tried to add the demo form they had on the site nocsrf site and that worked perfectly. When I change the code of the csrf token nothing happends and it just process the information to the database on my currently form. Here is my For...
IFreeze
1

votes
2

answer
578

Views

Laravel add password protection for existing PDF file

I'm using Laravel 5.4 and PHP 7.0. I want to add password protection for existing PDF file, i searched on the internet but only found solution of adding password protection when export PDF file from HTML to PDF. Please give me some recommend about library or solution to solve this problem.
HoangNK
1

votes
0

answer
19

Views

Authenticated webpages ( via php/html + .htaccess) can’t see assets in other directories (css, JavaScript, images etc )

I’m looking to password protect my entire site directory with HTML forms + PHP. I am able to capture an authenticated session and navigate between the pages with help from this post (Thank you!) - however any external files that are linked in those pages are not visible to the browser. Here's a re...
Viriya
1

votes
1

answer
208

Views

csrf token per request in vaadin

I'm new to vaadin and I want to implement a csrf token protection , I found that vaadin already inject csrf token in requests but the problem is that the csrf token is the same in each request , is their any configuration in vaadin to generate new token in each request? or is their any way to force...
Haneen Jabr
1

votes
1

answer
80

Views

Laravel - Protect AJAX get calls

I am building an application in Laravel with loads of AJAX calls. I have protected the POST, UPDATE calls with CSRF token in AJAX headers. My question is is there a way to protect the GET ajax calls from cross-site access. For example I dont want users to type in the ajax call route and get a respon...
Nenad Kaevik
1

votes
0

answer
101

Views

Check Out Password Protected File

I have a file stored on SharePoint that is password protected. What I am trying to do is simply open the Excel workbook and enter the password so I can begin working (after running the macro to open it). The code below is stored in my 'launch' workbook and I am trying to use that to open the 'data'...
jnjustice
1

votes
0

answer
30

Views

Android app piracyprotection

I'd like to know how can one protect his app from being pirated, verification processes like redeeming a code on app received via mail and etc. Although, this this question is as broad as it can't be simplified to a few words. I just want a hint about where to go, which classes to look and vice vers...
Jack10218
1

votes
1

answer
78

Views

authentication to MQ via mqseries library php

I need some help with php mqseries library. I have some troubles connecting to Queue-manager. It does connect without authentication, but when I'm trying to use MQCSP, I get 2035 error. I've contacted the developers, one of them told me that he no longer works on it, others don't respond. It looks...
1

votes
0

answer
106

Views

Why I cannot Upload file on Dropzone in codeigniter when CSRF is TRUE

Why I cannot Upload file on Dropzone in codeigniter when csrf_protection is TRUE? and when I make 'csrf_protection' is FALSE the upload has works, but can I make 'csrf_protection' is TRUE and works fine ? this is my controllers : function proses_upload(){ $config['upload_path'] = FCPATH.'/upload...
Adhiwhit
1

votes
1

answer
171

Views

Protect data protection key files with a certificate on ASP .NET Core 2 and Linux

I'm trying to protect keys at rest using ProtectKeysWithCertificate method, but I'm running into some issues when code runs on Linux (RHEL7). If I use ProtectKeysWithCertificate('thumbprint') method, it can't find the certificate under /etc/ssl/certs location. So I tried searching Local Machine\Root...
Eric
1

votes
0

answer
24

Views

.htaccess password requested twice when redirected, not requested/site Unauthorized on mobile

I'm trying to user .htaccess for both SSL redirects and Password authentication. when requesting http://example.com, user is asked to login, is then redirected to https://example.com, and asked to login again. How can I prevent this double authentication? on iphone, the user is not asked for a pass...
bcraig
1

votes
1

answer
32

Views

Wordpress Protect Subdirectory

I have a site which is in wordpress, there is one folder within root of that, Which is built in static php. When i am trying to protect that site with .htaccess it conflicts with root .htaccess of wordpress. I have placed the protection htaccess within the folder this is what i put in webmaster di...
Vishal
1

votes
1

answer
107

Views

google apps script: remove and restore protection

I have a spreadsheet that is editable by everyone with a protected sheet with some ranges unprotected. I want cells that can be altered by a script run by any user (from a menu), but not manually. When I run the script not as the owner it gives an error message when I try to temporarily remove the p...
Lexcel Atmadata

View additional questions