Best Pratice in Authentication

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - Trojan Horse I have a "WIN 32 Adverts Trojan Horse Downloader" that has aoppeared on my computor. Whenever I log on to the internet, the Trojan loads a page that asks me to enter an adult site. i have downloaded Ad Aware, but it has not got rid of the problem. Please give me some advice on how to get rid of it. Thanks Wayne Tag: Best Pratice in Authentication Tag: 62604
  - 2
    - Telnet port security Hi . under windows XP we run telnet to access a sun server another user with snoop command he can access my telnet port 23 and watch all my work . how to restrict people to monitor my telnet port we have to use telnet & TCP/IP protcol is there any solution to protect the telnet port . thank you in advance Tag: Best Pratice in Authentication Tag: 62599
  - 3
    - Secure site? Could anyone plz help me. My computer wont let me onto any secure sites ( the ones with the padlock in the corner) could anyone possible offer any advice of how to gain access plz. This is driving me mad as I cannot access my email. Thanks Tag: Best Pratice in Authentication Tag: 62586
  - 4
    - Guest user account I have noticed activity on the guest user account on my pc when I am online. Today Norton blocked a virus sent via the guest account, previously when I noticed the pc was running slowly I found processes running on guest. I have the account switched off any ideas what I should do next? Thanks Dave Tag: Best Pratice in Authentication Tag: 62570
  - 5
    - which firewall? I just found out that you can only use one firewall at a time. I have just installed service pack 2, is the firewall that comes with it the best to use, or is zone alarm a better one? I have zone alarm already installed, should I remove it?? Tag: Best Pratice in Authentication Tag: 62567
  - 6
    - What do you guys think? (Spyware test) Eric L. Howes just posted his results for his "Anti- Spyware Test" (http://spywarewarrior.com/asw-test-results- 1.htm). He's not finished and will post results for the rest of the spyware scanners out there. According to this test, we are to conclude the top three (from a "comparison" of ten total spyware scanners) are: 1. GIANT AntiSpyware (never even heard of this one before!) 2. Pest Patrol (I've heard of this one before) 3. Lavasoft Ad-aware SE Personal (we've ALL heard of this one before!) INCREDIBLY, Spybot Search & Destroy ended up in LAST PLACE (the #10 spot out of competition with nine other spyware scanners). What do you guys make of this?!?!??! Tag: Best Pratice in Authentication Tag: 62559
  - 7
    - block ads Hello, I just install SP2 for windows XP PRO , Can I block ads with SP2 new firewall? for exp: When I surf into a news web site I got all this ads in the screen, some of them came from ads servers, in Zone Alarm I had this option, I wonder if I still need ZA or I can block this ads with the new firewall Tag: Best Pratice in Authentication Tag: 62557
  - 8
    - start up trouble When I try to go on the net or even check E-Mails up gomes this item C:windows32/cmd.exe when this happens it will not allow me to continue,I would like to remove this please help me I'M LOSING IT!!!! -- @telus.net Tag: Best Pratice in Authentication Tag: 62554
  - 9
    - Which free trojan scanner can remove "targetsearch.info"-trojan ? With a trial virus-scanner (without the possibility to remove the found virus) I detected a trojan responsible for "targetsearch.info" startup-entries in the (IE) browser search field. Does someone know a reliable trojan remover which delete successfully this trojan? Peter Tag: Best Pratice in Authentication Tag: 62550
  - 10
    - Security pop-up or Scam Site? I receive a pop-up window telling me that my MSN messenger has a buffer override security issue and that I need to go to the following website to download a patch: http://www.windowspatch.net/ Is this an authorized Microsoft website or is it a scam site trying to get people to download virus or malicious code? Also if it is a scam how are they creating the pop-up as my virus software is up-to-date with no issues? Thanks Dave McQuoid Kiwi Downunder. Tag: Best Pratice in Authentication Tag: 62542
  - 11
    - so2 I just received sp2 and after installing, my internet connection would not work. I use earthlink and Norton and after calling tech support at earthlink I was still unable to connect. I finally did a system restore to access the internet. I would like to install sp2 if needed, but will forego if problems continue. Tag: Best Pratice in Authentication Tag: 62539
  - 12
    - erasing history Can anyone tell me how to erase my history when I am finish on line? Tag: Best Pratice in Authentication Tag: 62533
  - 13
    - Microsoft Certificate Services Hi, My Company is using Microsoft Certificate Services to issue certificates to our customers. However, on some occasions when they go back to check on a pending certificate, it says nothing is pending even though a certificate has been issued. This is mainly happening with Windows XP & 2000 users, but does does not occur every time & sometimes SP2 is installed, sometimes not. Has anyone else come across this & is there a fix or work- around. Tag: Best Pratice in Authentication Tag: 62530
  - 14
    - security download Received an alert to download 823559. Did so successfully. Two days later I receive the same alert. Download again with a noted success. Several days after that the same thing happens!!!! Anyone know why? Technical support has NOT responded. Thanks Tag: Best Pratice in Authentication Tag: 62529
  - 15
    - Help with removal of virus My virus software has located a virus "W32/WintoolA, which it cannot remove. It suggested I go to microsoft explorer & remove manually. Unable to remove, can you suggest a solution? Tag: Best Pratice in Authentication Tag: 62521
  - 16
    - Help for removing virus My virus program indicates a virus W32/WintoolA, and directs me to windows explorer for removal; However, cannot remove. Tag: Best Pratice in Authentication Tag: 62520
  - 17
    - sp2 i have norton 2005 internet security on my new comp. when i go to win.update it does not tell me to download xp sp2 does that mean that norton is enough? Tag: Best Pratice in Authentication Tag: 62515
  - 18
    - Unknown trojan I have just downloaded the latest updated Yahoo toolbar with version 1.6 of antispy to my wlan notebook. I then ran antispy and found that I have an unknown trojan called C1xstngs.dll which it says is a keylogger. I deleted it and now when I boot, my wireless connection doesn't work. I get the following message. Intel (R) PRO manager PRoNoMgr.exe Unable to locate Component This application has failed to start because C1xstngs.dll was not found. Reinstalling this application may fix this. Can anyone tell me how this got into the system and can anyone tell me how to get my wireless connection back? Tag: Best Pratice in Authentication Tag: 62511
  - 19
    - fire wall hi. i installed ' norton internet security professional' on my computer and i was guided to disable the windows' fire wall.' is it good? does the windows 'fire wall' can't work with norton fire wall? thanks sagie. Tag: Best Pratice in Authentication Tag: 62510
  - 20
    - BackWeb Warning Each Time I star my pc running windowos xp, I get this warnig Item 'Triger`tried to perfom an action not authorazed by the channel's security settings adn has been stoped Tag: Best Pratice in Authentication Tag: 62502
  - 21
    - Content Advisor Each time I go to an "unrated" web site, a "content advisor" pop up comes up to advise me of this and I have to enter a password to enter the site. How can I stop this? Tag: Best Pratice in Authentication Tag: 62500
  - 22
    - How to build + register COM objects when logged in as user? I am developing a COM DLL in C++. At the tail end of my build cycle, the IDE tries to register my DLL. It is failing, reason is ACCESS_DENIED, which I expect, because after running as Administrator for years, I have recently adopted the principle of least-access, and now log in under a user account. When I install software, for example, I have to 'run-as' Administrator. I wish to be able register the objects from the IDE while obeying the principle of least access. What is the easiest way to do this on a routine basis? Ideally, I would not have to change my build process at all. Thanks in advance. Tag: Best Pratice in Authentication Tag: 62486
  - 23
    - user password hello, i would like to know if there is a way to get pass the user password...see i have two accouts in my win XP, and mine, the admin's one, has a password, but i believe one of my son's foud a way to bypass it, without discovering it, because i've changed it several times, and still, when i get home i find my account opened...so, does anyone know if i can get any program that adds a second password, or anything that can help me keeping my account private....thanks... Leo Tag: Best Pratice in Authentication Tag: 62485
  - 24
    - Please Help me. I have norton antivirus 2004, but every time I try to check for viruses my computer restarts, stop responding, or a blue error message comes out. I have never finish a virus scan because of that problem. What should I do? I have windows xp home edition sp2. Tag: Best Pratice in Authentication Tag: 62480
  - 25
    - Boot Sector Viruses Does anyone know of a virus scanner that will run during the boot process? I have several extremely complex infections where files will either disappear when they're scanned by my virus scanner or they will simply reappear after a certain amount of time after I use a scanner and get rid of them. I believe this is due to something that loaded itslef into the ram during startup, but I don't have any way to check for it. I thought that AVG did, but I can't seem to find any mention of an on boot scanner. Any advice here would be appreciated. Tag: Best Pratice in Authentication Tag: 62477
- Next
  - 1
    - What is the best antivirus? Im trying to get an antivirus but first I would like to know which one offers the best security and stability. Please help me. Tag: Best Pratice in Authentication Tag: 62473
  - 2
    - IE5.5 indicates all pages are "Trusted Sites" After having my IE browser severly hyjacked. I thought I was successful in using the utilities for that purpose available. Everything seems ok except the browser indicates every site I hit as a "Trusted Site" instead of Internet Zone. In my IE setings, I have NO sites entered in the Trusted Sites list and this only happens on my desktop and no other users. Where can I find this entry and change it so any new sites encountered do NOT come up as Trusted Sites? Thanks. Tag: Best Pratice in Authentication Tag: 62467
  - 3
    - gdtdi.sys folder error Hi, I have an error with MacAfee Internet security and my windows System 32 folder gdtdi.sys. I have tried with MacAfee support and with a MacAfee support forum, to fix this but I am unable to do so. The error is, when I connect my Laptop wirelessly with my desktop computer via my LAN, the desktop shuts down and a Microsoft error notification which states I have an error with gdtdi.sys, please contact MacAfee. I am at a loss now, so I was wondering if it was a problem with the system32 folder gdtdi.sys. I have run SFC /scannow; I've also done a clean reinstall of MacAfee Internet security, to no avail. Can you please help me, as its driving me nuts!? I was wondering if it was possible to reinstall the gdtdi.sys folder. I have searched my XP disc, but I can't find a new gdtdi.sys folder to replace it with. I have tried deleting the folder and running SFC /scannow to see if that replaced the folder but it obviously doesn't! Thank you for any assistance you provide. Mike Tag: Best Pratice in Authentication Tag: 62461
  - 4
    - X-Win32 and SP2 Since installing XP SP2 my X-Win32 (x-windows) application no longer connects to my Linux machine. If I turn off the firewall it works fine. I have unblocked the program and created exceptions for TCP Port 6000 and UDP Port 177. Has anyone run into a similar problem? If so, have you been able to solve the problem? Thank you, Neil Tag: Best Pratice in Authentication Tag: 62448
  - 5
    - Javascript Bookmarks Hello, Before sp2 on windows XP professional if i type something like javascript:document.write('hello');void(document.close()) into the address bar of IE and I selected add to favorites it would add the javascript url to my favorites. NOW with sp2 if I do the same it adds the address of the last html website I visited. Does anybody know why and how I can fix this. Thanks M Tag: Best Pratice in Authentication Tag: 62445
  - 6
    - JPEG vulnerability iissue: Defective copies of file From Tom: The subject is that godawful JPEG vulnerability. Upon running the scanning tool at the SANS Internet Storm Center, http://isc.sans.org/diary.php?date=2004-09-23 , I get the following: ----------------------------------------------------- Scanning Drive C:... C:\I386\ASMS\1000\MSFT\WINDOWS\GDIPLUS\GDIPLUS.DLL Version: 5.1.3097.0 <-- Vulnerable version C:\I386\SXS.DLL Version: 5.1.2600.1106 <-- Vulnerable version C:\I386\VGX.DLL Version: 6.0.2800.1106 <-- Possibly vulnerable (Win2K SP2 and SP3 w/IE6 SP1 only) C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll Version: 6.0.2900.2180 C:\WINDOWS\$NtServicePackUninstall$\sxs.dll Version: 5.1.2600.1515 C:\WINDOWS\$NtServicePackUninstall$\vgx.dll Version: 6.0.2800.1106 <-- Possibly vulnerable (Win2K SP2 and SP3 w/IE6 SP1 only) C:\WINDOWS\$NtUninstallKB839645$\sxs.dll Version: 5.1.2600.1106 <-- Possibly vulnerable (Backup for uninstall purposes) C:\WINDOWS\ServicePackFiles\i386\sxs.dll Version: 5.1.2600.2180 C:\WINDOWS\ServicePackFiles\i386\vgx.dll Version: 6.0.2900.2180 C:\WINDOWS\SYSTEM32\sxs.dll Version: 5.1.2600.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13\GdiPlus.dll Version: 5.1.3097.0 <-- Possibly vulnerable (Windows Side-By-Side DLL) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.10.0_x-ww_712befd8\GdiPlus.dll Version: 5.1.3101.0 <-- Possibly vulnerable (Windows Side-By-Side DLL) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\GdiPlus.dll Version: 5.1.3102.2180 Scan Complete. -------------------------------------------------------- From Tom: I have Win XP Home Edition, but not Office. Would someone explain to me what in the world ASMS is? Also, sxs.dll? And how to replace the vulnerable copies of GDIPLUS.DLL? And why in hades is my computer still seemingly vulnerable, having done every d--- thing Microsoft said to do, get patches, etc.? Tom Tag: Best Pratice in Authentication Tag: 62433
  - 7
    - Spyware problems There is this company called "smart Security" that has somehow gotten into my computer and set up residence. My desktop has changed and I can't get rid of there icon. If I click on it, it takes me to there website where there is no way of clicking off of it. It has affected my computer's operation. How can I get rid of it? I've tried spyware and virus removal and also retoring to a previous point. Nothing helps. What can I do? Rosslyn Tag: Best Pratice in Authentication Tag: 62423
  - 8
    - Allowing authorized remote users We want to prevent our remote users from using their home pc to dial-up into our network. Instead, we prefer them to use one of the company's laptop which we have patched and locked it down. Is there a way with Windows2000/2003 to register our company provided laptops on the network and only accept those when a user dials in? When a user trys to dial-up using their home pc, we like for Windows2000/2003 to reject the request because it knows it's not a registered company laptop. Thanks in advance. Tag: Best Pratice in Authentication Tag: 62418
  - 9
    - Security of log-in details I read alarming news today about the increase in fraudsters gaining access to internet bank Log-in details. How can I check that (unknown to me)my computer has not been infected with programs which allow fraudsters to record my log-in details? Thank you Tag: Best Pratice in Authentication Tag: 62416
  - 10
    - How to access certain sites We are a non-profit agency with many different programs, one of which serves sexually acting-out children and youth, and their victims. Our counselors often need to do research on current treatment methodologies, but whenever their search criteria includes words containing those "certain" three letters it seems to lead to problems with unwanted "extras" being put on their computers. How can we deal with this while still allowing the counselors to do legitimate research for their work? They all have active virus programs, but are there other, hopefully free, applications we can use to prevent this? Any suggestions/recommendations would be greatly appreciated! Tag: Best Pratice in Authentication Tag: 62409
  - 11
    - Allow sub-frames to navigate across domains? Hello! While perusing this newsgroup recently, I came across one expert's listing of recommended IE browers settings. One of those settings was to set "Navigate subframes across different domains" to "Prompt." I did that, and now even when using this newsgroup, every time I click on one of the questions or responses, I get the prompt. What is that setting for, anyway? And how would I know if I want to say yes or no when prompted? Sorry for what must be a basic question...I'm rather in the dark about a lot of this, and any enlightenment would be most appreciated! Tag: Best Pratice in Authentication Tag: 62408
  - 12
    - MS CA Certificate Renewal Hi, Windows Server 2003 Certification Authority Windows XP SP1 Clients 2 CAs: RootCA offline, Subordinate enterprise CA (signed by RootCA) What will happen if I renew the Certificate of my Enterprise sub ordinate CA ? Do I have to renew all client certificates (e.g. stored on smart cards for windows logon or s/mime encryption) ? Is there a way that the user certificates on smart card renew automatically their certificates and private keys ? Thanks for answers. Tag: Best Pratice in Authentication Tag: 62406
  - 13
    - Kazaa.Irc.SpyBot12.RoyLomag: Spybot flags this up and "fixes" it but on restarting the computer it is still there when I next run a check - can this be gotten rid of? Also - would this prompt my puter to ask to connect to the internet once started (WIndows XP) - it never did it before and I can't find a way of stopping it - I just have to cancel it each time. Ta in adavance for any help. Motz Tag: Best Pratice in Authentication Tag: 62401
  - 14
    - can't see pictures I can never see pictures in some emails or from travel agencies--I used to . It says some pictures have been blocked to prevent the sender from identifing your computer. How do I ondo this I have windows xp? Tag: Best Pratice in Authentication Tag: 62398
  - 15
    - View.php.o One of our users suddenly has an icon called view.php.o on her desktop. About the same time our anti-virus program found the Netsky worm on her PC. Are the two related? Does anyone know what the view.php.o is? I tried "googling" but didn't find out anything informative. Thanks in advance for any assistance. Tag: Best Pratice in Authentication Tag: 62394
  - 16
    - pc cillin I have pc cillin on my computer and all of a sudden I keep getting a message that says my computer is at risk because my protection is shut off. When I go in and look at it, it is off. I turn it back on and in a lttle bit it is off again. Any suggestions on what to do? Tag: Best Pratice in Authentication Tag: 62390
  - 17
    - Securing Wireless LANs with PEAP and Passwords Could sombody please forwad me a copy of the above document in a readable form. I have downloaded the file from the Microsof web site but as Microsoft choose not to provide it in a common standard I cannot read it as my PC gives me errors !! (Something not installed) Thanks Tag: Best Pratice in Authentication Tag: 62388
  - 18
    - Deep Freeze I made the mistake of buying an old, used laptop off ebay. The software has "Deep Freeze" software on it which allows no changes to the hard drive or system settings. You can't even save a file to the hard drive. You save it, but when the system is restarted, it automatically reverts to original settings and all files which were saved are gone. Is there any way to remove this Deep Freeze software. I uninstalled it through Windows, but when I rebooted, it was back on. Help. Tag: Best Pratice in Authentication Tag: 62387
  - 19
    - w32.spybot.worm Problem Norton Antivirus found this worm in the system but was unable to delete. After checking Symantecr site I followed their instructions to remove the worm manually by editing Registry, removing 0 byte files, etc. However yesterday my PC started to shut-down with the RCP standard warning. After further investigation found there was a Service called Windows RC and disabled it. Also found additional entries in the registry with that name as well as others under the name Windows Registry Cleaner. Tried to delete but system wouldn't let me. The main virus executable which NAV quarantined was winclean.exe which I have since also removed. Appreciate any advice on how to ensure removal of this worm from system. thanks in advance Tag: Best Pratice in Authentication Tag: 62384
  - 20
    - Simple question I wanted to make sure that one of my file can,t be viewed by others.So i clicked on properties and changed the properties to "Hidden" and the file disappeared and now i dont know myself how to access that file.It has simply disaappeared. Can you help me in getting that file again? Tag: Best Pratice in Authentication Tag: 62376
  - 21
    - Authenticode Signature Digital Certificate I've recently acquired a digital certificate issued by Verisign. I am trying to sign an application with the cert using InstallShield, but it doesn't work. But if I use it to with Signcode.exe it will work only if I select Microsoft Strong Cryptographic Provider in the wizard. It will not work if I select Microsoft Base Cryptographic Provider. This is because InstallShield uses Microsoft Base Cryptographic Provider when reading the provite key. Is it possible to convert my pvk to MS Base Crypto using some tools? I've already checked with Verisign and there is no way they can do this but to issue a new cert, which will involve cost. Would really appreciate it, if anyone out there can help. Thank you very much. Regards, Audrey. Tag: Best Pratice in Authentication Tag: 62374
  - 22
    - Stranger in the comp Hi what the heck is this. I was going through my active connections and users and I found this. I was gonna delete the user but then wanted to see what your verdict is. never seen this before. SUPPORT_388945a0 CN=Microsoft Corporation,L=Redmond,S=Washington,C=US listed as one of my users. theres aspnet guest me Support** could you answer this please Tag: Best Pratice in Authentication Tag: 62372
  - 23
    - How To: Configure SpyBot Not to Flag "DSO Exploit" Pardon crosspost, this is long overdue. http://forum.aumha.org/viewtopic.php?t=8435 Silj -- siljaline MS - MVP Windows (IE/OE) AH-VSOP ________________________________ Security Tools Updates http://forum.aumha.org/viewforum.php?f=31 (Reply to group, as return address is invalid - that we may all benefit) Tag: Best Pratice in Authentication Tag: 62371
  - 24
    - 213.159.117.134 just hijacked my browser Feel free to ICMP bomb, hack, DOS this site: http://213.159.117.134/index.php Tag: Best Pratice in Authentication Tag: 62367
  - 25
    - vulnerability open ports After running a Symantic security scan I was informed that I was vulnerable due to open ports , http port80 and http over tsl/ssl . How do I close these ports? Any help would be appreciated thanks. Tag: Best Pratice in Authentication Tag: 62362

Hi,

I have a conceptual question about security. In a default 3 tier structure
(web application, MTS and database), what are the best pratices to:

a) Authenticate the application in MTS and the MTS in database ?
b) Store the passwords for authentication (DPAPI ??)

Thank's

Weber Ress

Top

Re: Best Pratice in Authentication by Brian

Brian
Tue Oct 05 10:37:56 CDT 2004

Ress, this can be a very big subject. Personally, I boil it down to as
follows:

The middle tier should authenticate and then impersonate the user. Thusly
the middle tier will be accessing the database on behalf of the user and the
database security should be set up with the appropriate access settings for
that particular user.

Never, ever store passwords anywhere. If you stick with windows
authentication, you can achieve single logon functionality without ever
soliciting for a password from the user.

Brian

"Weber Ress" <weber_ress@hotmail.com> wrote in message
news:ugW0oHlqEHA.2436@TK2MSFTNGP10.phx.gbl...
> Hi,
>
> I have a conceptual question about security. In a default 3 tier structure
> (web application, MTS and database), what are the best pratices to:
>
> a) Authenticate the application in MTS and the MTS in database ?
> b) Store the passwords for authentication (DPAPI ??)
>
> Thank's
>
> Weber Ress
>
>

Top