Results for "Category: Security"

A file that replaces the old coder.c. Thanks to Brett Taylor. Found at http://www.cprogramming.com/source.html

*(UPDATED)* ADDED: -Code Re-written -Now updates file size if you no the file has been changed by a program. This program makes a list of all the .ini .sys and .com files on you hard-drive in the c:\windows directory and then calculates there size and keeps them in a log. and then every time the program starts it checks the file sizes against the logged ones to see if they differ, if they do then it tells you. I made this because virusses can sometimes alter files and hide inside them so this basicly keeps a eye on them..

This is an early version of the new password program I am working on, it saves Passwords to disk with very low level encryption and it allows you to call it with-In dos prompt with arguments. Please tell me what you think.

Have you ever fogot a password, but it is still inside your program, only that it is hidden with astricks? This source will show you how to remove those astricks and show whats really there. (see screenshot)

*UPDATED* Now uses a more recursive and less pattern oriented algorithm. Basically encrypts a text type file using a simple recursive character shift techinque. Pretty basic, but powerful.

This program is my attempt at encryption. It's fairly secure, I think. It's definitely not a professional job, but it'll do. I devised a funky key representation/generation scheme. Check it out! Read the documentation for much more detail on how to operate it. (Tomb.txt)

It reads the binary of a file, and outputs it in reverse so the new "encrypted" file can't be normally read. To decrypt encode the new file and it will be reversed again, restoring it back to normal. Its pretty handy, and simple, please rate this code.

This code decrypts the passwords stored in a person's computer in the file *.pwl. This is where the passwords are stored for anything where someone has used the "save username and password" feature on a program, like internet dial-up. This is the only C source code of its kind at this site!! Please remember to RATE this awesome code!

This is not really meant as a repost of the one Jared Bruni did (there are some similarties, I admit...only in two cases); this is more of a demonstration of a more efficient way to perform the same task (i.e. no dynamic memory required and writting directly to the file). And, just to keep things a little interesting, this one can delete stuff from a list containing filenames. Vote/Comment/whatever, just keep the "you stole someone else's idea" stuff/flames (which I didn't) to a minimum, k? (update: fixed a slight logic bug and added a little extra error checking in the getline function) update 5-12-02: It's fixed now, according to the software I used to test it (R-undelete). Give it a whirl :)

This is a password script. Every charachter the user input it displays a star. the password is kcTHEgreat. Catches Control c (Taught to me by a friend :)) so the only way out is to enter the correct password. If you like and think it's secure put it in your autoexec.bat

Example of how to stream data behind a "facade" file. Stream 1M behind a 1K text file, and explorer/DIR still shows the file to be 1K. According to "Hacking Exposed 2ED" there is only one application that can find these streams.

Enable or disable the start menu in one line of code.

Provides your site with security. A login and password, with the ability for the user to change their own password. It uses a DSN-less Access database so that you do not need to set up a DSN on the server.

MyLogin is created entirely in ASP. With just a few simple steps you can password protect any of your pages without knowing how to code ASP (But it Helps!) You can assign individual access levels or you can assign Group access levels. You an also assign Expiration Dates on Groups or Individual Levels. MyLogin uses a DSNLess Access database so you will not have to set up an ODBC. Best of all MyLogin is absolutely FREE!

Checks the HTTP Referer header to ensure people are not posting from other websites. You can include this file if you use templates on your website, or just include it on the pages that receive form data posts. Warning - someone who knows there stuff can get around this by modifying there HOST file. this isn't 100% fool proof, but it may deter most from posting data from other websites.

This simple file (2 files including the text file of usernames/passwords) allows password protection of web pages. It was created with 2 thoughts in mind: 1. User does not need access to the web server the script resides on (NT authentication is impossible unless you own the Web Server) 2. Needs no database access.

Securing Your IIS Web & Content With Access MDB Based User Security (Simple Yet Comprehensive) This past week, I sat down to tackle the chore of securing my personal IIS web server... specifically, my web app I previously posted here (MP3Tool.Web).  It was a learning experience to say the least, and so I thought I'd zip up my work and share that experience with the rest of you. The Chore: secure an IIS web or entire server via user logins. The Solution: the magic of my security approach is achieved by making use of the Global.ASA file and sessions.  As it's name implies, it functions as something of a global over all the other asp pages on a web site.  You can find documentation on the global.asa posted here on psc, so I won't repeat those details here (and the rest of this assumes you know what global.asa is).  My security approach makes use of the Session_OnStart on event.  It is triggered the first time a user tries to hit an ASP page on your site... and occurs BEFORE the target asp page is served up by the server.  This is key to making this approach work.  When a session is first started, a number of activities take place.   1) a connection to the database is established (held as an object in the session at the top of the page) 2) the "hit" is logged in the database by IP # and date 3) we test to see if the IP # has been "banned".  If it has, I came up with a pretty slick way to implement the ban.  Attached in this zip is a VB project for my ResponseHelper com object (my solution to my problem expressed in my previous post, MP3Tool.web, about streaming back binary data back directly on the asp response).  In this case, we're not streaming back a binary persay, but an HTML page that looks and works exactly (with 1 smiling exception) to the Server Not Found page IE serves up.  Because I use the com object to stream the file back, rather than a .Redirect, the end user is none the wiser (their browser location never changes).  =) 4) this part is probably optional, but then I put in a browser check to ensure that IE is being used by the client. =) 5) we test to see if a specifically named cookie exists on the client.  This cookie is used to "persist" a user's login... much the same way your developer login is persisted (if you so choose for it to be) here on psc. 6) if no cookie was detected, then we test to see if the Login.htm form is being posted.  While the "target" of the Login.htm page is the Login.ASP page, we actually intercept and process all logins in the Global.asa file.  Login.asp file theoritically should never actually be hit.

(Because of an error at PSC i had to re-upload this article :-S) This method can be used to authenticate users by letting them entering their email address and password. This method is highly secure due to its use of the MD5 algorithm to send the password encrypted. Provided security is better then the basic authentication featured in most browsers, and can be used in combination with HTTPS.

My first ASP project: a login page. It uses a database to verify usernames and passwords. Also includes registration ability. Comment is supplied so that less experienced programmers can also understand the code. PLEASE VOTE IF YOU LIKE THIS CODE!

Encrypts and Decrypts strings on a webpage. Source is hidden from the user, so that a cracker can only guess about the algorythm.