|
Trouble is that when you start talking about passwords, and "back end" or client / server architecture, nearly all the time you are talking about a javascript based client (which while execrable is vastly safer than Active-bloody-X was) - and that means public source code, and public encryption. Nasty.
Sent from my Amstrad PC 1640
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
There were some protocol downgrade attacks, but that should not happen on a modern machine.
So, which insecurity?
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
"If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
|
|
|
|
|
I don't recall specifically. In the end, there's absolutely nothing wrong with an additional layer of security. I was just tossing the idea out there.
".45 ACP - because shooting twice is just silly" - JSOP, 2010 ----- You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010 ----- When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013
|
|
|
|
|
John Simmons / outlaw programmer wrote: In the end, there's absolutely nothing wrong with an additional layer of security. There is!
It adds complexity, a point of failure, and hence, a point of attack. Think of it as using two condoms; you think you're safer, while the integrity of both lubbers is not guaranteed.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
"If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
|
|
|
|
|
You're confusing specific issues with general insecurity. HTTPS over SSL has been prohibited,. TLS should use version 1.2 or later (with no fallback to SSL.)
Heartbleed was a vulnerability in OpenSSLs implementation of TLS heartbeats, which has been fixed.
HTTPS over TLS is secure (for now; all security can, and will, be broken in time.)
|
|
|
|
|
Kevin Marois wrote: The part I'm questioning is that it seems that you have to pass the PLAIN TEXT password to the back end to do the comparing.
What's the right way to do this? That is the right way.
Hashing on the client would prolly mean that your salt is no longer as secret as you like. It's not done to make the password unreadable during transmission, but to "not" have to store a readable version. Even if the datastore is leaked, hashed passwords are useless.
Imagine me hashing and salting my CodeProject-password on the client, before entering it, and with keeping "my" salt private - would CodeProject in that case not act like my password is a plain text? To CodeProject, the hashed string would seem just like a plain-text password and behave in the same way for all purposes.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
"If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
|
|
|
|
|
That's precisely why you should never send or load ANYTHING over http if it's got anything to do with passwords (or other sensitive data) - Https encrypts which protects the plain text that you send to the server, and prevents eavesdropping via a man in the middle - hence why everything is loaded via https (if it's not, then you can't guarantee anything)
Troy Hunt has some good explanations on the whys and wherefores
C# has already designed away most of the tedium of C++.
|
|
|
|
|
|
Try creating a .Exe solution and adding your code into it.
This space for rent
|
|
|
|
|
I try installed visual studio 2015 for windows 7 x64bit, when running demo xamarin was reported "No Android NDK found". I go to "Tools> Options> Xamarin> Android Settings" in this tab I see Android NDK Location -> "No Android NDK found" how do i want to install android ndk for visual studio 2015 ? What can I do ?
|
|
|
|
|
|
I have searched google but it's not results are true
|
|
|
|
|
|
I have followed your instructions but it's still get error messages not found ndk-stack.exe while there is file ndk-stack.cmd. you see my attach file.
File sharing and storage made simple
|
|
|
|
|
Those messages clearly say that ndk-stack.exe cannot be found in that path, so have you checked to see where it actually is?
|
|
|
|
|
the link you send to me, in the file compression is not a ndk-stack.exe, you can you want to find more ?
|
|
|
|
|
You need to do the searching for yourself. Have you checked every directory on your system to see if it has been saved in the wrong place? Have you checked again the downloads to see if something is missing?
|
|
|
|
|
|
If the system continues to produce this message then you will need to find the missing file by other means. We cannot do it for you as we have no access to your system.
|
|
|
|
|
When a user clicks on the delete button to delete a jqgrid row, the form Action attribute is triggered and calls my controller method, which then returns a view. Then in this view, depending on the value of a certain viewbag, an alert will display the message "Successfully deleted" and the grid is reloaded.
Everything worked fine but I would like to use a confirm modal to make user confirm his/her intention so I put a part of the Razor code above the modal script and the rest inside the Success section of the AJAX code inside of the modal code. Below is my script:
@{var message = ViewBag.Message;}
$("#DeleteDialog").dialog({
height: 280,
modal: true,
autoOpen: false,
buttons: {
'Confirm': function () {
$.ajax({
type: "POST",
cache: false,
url: "/Forms/MyMethod",
success: function (data) {
@if (message == "Deleted"){
ViewBag.Message = null;
ViewBag.Status = null;
<text>
alert("Successfully deleted!");
jQuery("#jQGrid").clearGridData(true).trigger("reloadGrid");
jQuery('#jqGrid').trigger( 'reloadGrid' );
$('#files').empty();
</text>
}
}
});
$(this).dialog('close');
},
'Cancel': function () {
$(this).dialog('close');
}
}
});
I noticed that during debugging the viewbag codes were executed but the "<text>" element was skipped. That means the alert and other code inside of the TEXT element are not executed.
modified 23-Jun-18 20:04pm.
|
|
|
|
|
Please, look at the top of this page: this is a forum for C# discussions, not javascript / razor. Either try the JavaScript Discussion Boards[^] or Ask a Question[^]
Sent from my Amstrad PC 1640
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Hi thanks for your reply. My question is related to ASP.Net MVC which encompasses C#, Razor, and Javascript, if you had read my question you would see that.
modified 24-Jun-18 4:47am.
|
|
|
|
|
We read your question but the code you posted was JavaScript.
This space for rent
|
|
|
|
|
Please go ahead and delete this post. I will find an appropriate forum for this topic.
|
|
|
|
|
Hello everybody,
Unfortunately I did not find it online or asked the wrong questions, I hope you can help me.
I am new to the world of C # and Visual Studio 2017.
I used to work with Boost in C ++ in Visual Studio 2010.
So I created a project in Windows Forms Control Library and created everything I needed to enter data about a Froms application and put my little program in there.
Then I created a second project as an application (main project) with a button.
Now I have:
After I added the project under, "Project -> Add Reference -> Browse".
Now I would like when I press in the application (main project) on my button, then the Forms
Application from the Windows Forms Control Library (Added Project).
If I conclude that firm, then I come back to the Froms main project.
Similar to a window switching
Great thanks for your help.
Manuel
|
|
|
|