-
How to determine password expiration
Recently this iSeries user wrote in with a question about password expiration. He writes, "How can I tell if a user's password does not expire? I've used the user profile report, but all it gives me for expiration values are 0's or -1's for all of the users." Can you help? Michelle Davidson Editor...
Last updated:
515 pointsBadges:
-
Hello, I'm the Assistant Editor on SearchWindowsSecurity.com. I'm looking to start a discussion about what browser people are using and why. Also, is anyone considering switching from IE to Firefox, or are your plans to stay with IE? Here's some food for thought... As of Feb. 2005, an estimated 35...
Last updated: -
Hi All, what is the basic difference between layer 2 & layer 3 switch. how can configure layer 2 & layer3 managable switch
Last updated: -
How is FIDO U2F different from OTP?
I recently saw that Google and Yubico announced the availability of cryptographic security tokens, after the FIDO U2F specification. I'm curious to find out if this is just another two-factor authentication or is it significantly better than SecureID or TOTP. Can anyone share their opinion....
Last updated:
1,137,160 pointsBadges:
-
WinXP laptop, part of domain, when disconnected frm domain uses cached login. While disconnected, changed from domain member to workgroup member. :( Now login only has name/pwd text boxes - can't get domain selection box. Thus, can't login. How to get domain option back at login screen? (How to...
Last updated: -
For some reason, at random, among 20 PCs on my network, in the morning or during the day, the network connection stops responding for both intranet and internet communications. The only solution thus far is to remove the NIC from the Device Manager, reboot the PC, and let Windows XP Pro find the...
Last updated: -
Allow regular user to unlock screensaver locked computer
We have the problem that in a multiuser environment users either lock their computers, or have the screensaver automatically lock it, and leave the workstation. As a result, nobody else can use that computer. By default, only the current user or an adminstrator can unlock the computer. I would like...
Last updated: -
What’s the best way to generate a cryptographically secure token?
In order to generate a 32 character token for access to our API, we've been using this: $token = md5(uniqid(mt_rand(), true)); But someone told us that this isn't the best way to secure it and that we should use this instead: openssl_random_pseudo_bytes What's the best way here? Thanks for the help.
Last updated:
1,137,160 pointsBadges: -
We are a company where we have experience on network remote administration and now we have open a new area, The area of security. Now I need to start to make new procedures like when a new customer come to us and ask if we can handle the security for his network. I need to know if some one can...
Last updated: -
How do I securely store a life-long access token?
Does anyone know what security measures I should put in place to ensure that if my database was compromised, that my long-life access tokens wouldn't be stolen. Ideally, I would like to encrypt them but I'm not sure how I should do this (particularly when it comes to an open source project).
Last updated:
1,137,160 pointsBadges: -
How do I generate a secure token for a mobile app to protect its data?
I recently developed a back end REST API for my mobile application and now I'm looking to implement token-based authentication so I avoid having the user to login every run on the application. My first thought was using basic authentication over SSL. So once the user sends the credentials through...
Last updated:
1,137,160 pointsBadges: -
What’s the best practice to generate random/unique tokens of custom length?
I'm trying to create an identifier for forgot password. I've tried using a timestamp with mt_rand() but the timestamp isn't unique every time. Is there something I'm missing here? What's the best way to generate random tokens of custom length? Thank you.
Last updated:
1,137,160 pointsBadges: -
Secret Service and identity theft
I was researching the TJX data breach (since I was a victim) and found myself being directed to the Secret Service Web site. What’s up with that?
Last updated:
59,225 pointsBadges: -
Critical Error in Security Log
All, I manage a Windows 2003 Small Business Server Network with 9 clients. The server provides all network services. We use Logon/logoff, shared storage, and print server functions. We do not use exchange except for the server reporting tool. We do use about 4 instances of SQL. All clients are...
Last updated: -
Data vs. perimeter vs. network security
A short time ago, author Wes Noonan wrote some tips for SearchWindowsSecurity.com about deperimeterization. He explained how security is always pitted against business needs, and perimeters have become porous because businesses require traffic from SMTP, HTTP or VPNs to pass through the firewall....
Last updated: -
Single Sign On with Windows NT and IIS and Domino
Hi there, my dear peers, What solutions do you know for the following situation: A user has logged in into Windows NT using a certain name/password combination. He then starts his web browser and opens an application on an IIS web server (same domain) where he must be authenticated without entering...
-
Migrating from Novell 6.5 to Windows ???
Hi, In the coming weeks I'm going to be migrating our file storage data from a novell netware 6.5 server to a windows 2003 server...basically for financial reasons. And I feel netware and microsoft are moving to far apart and it just doesnt run as smoothly as it used to... My question is what would...
Last updated: -
Tracking the computer or source of an email
system: Ex 2003 back-end cluster, Ex 2003 Network Load Balanced Front end. Hi there, A user's account has become comprimised. They have since changed their password, but there are a few mails sent from their account that they did not send. Is it possible to find out the source ie PC hostname or IP...
Last updated: -
Application Access Control Management
Is there an enterprise wide software management program that can manage access to our web-based applications, vendor specific programs located thru out the entire company, and our MS applications, including MS Outlook? In other words, we would like to control all of the various software programs...
Last updated: -
oracle internet directory application developer’s guide — dbms_ldap_utl sample code doesn’t work
Hi, all I'm trying to set up Oracle Internet Directory Rel 9. I'm trying to use APIs provided in Application Developer's Guide. I started by copying and trying to run the examples given in the guide. My procedure connects to LDAP, authenticates me, but won't create a user. (Actually, it passes the...
Last updated:
