I'm sorry if this is not a programmatic issue, i also may get many down votes for it, but i really need to know in details, what does (Resolving Host) means ?!
I'm trying to configure a connection to a web server hosting a friend's web site, and i'm developing a vb6.0 app. using WinSock.OCX tool, and one of its states is (Resolving Host) so i need to know what does it mean to be able to provide some code for it.
You don't have to handle that state. This is just the phase when WinSock.ocx is converting a DNS name (let's say www.dilbert.com) to the corresponding IP (184.106.169.31). This is handled automatically by WinSock, so you just have to wait.
WinSock might give you errors during this phase, because it could be that
the supplied domain name is/was no longer valid
the supplied domain name is invalid (92$!#d.com, for example)
the DNS server is not available (no network connection, for example)
Related
I am from Iran. All Mtproto proxies have been banned by the GWF (the great firewall) and It's impossible to use them, although somehow someone made a weird Mtproto proxy with even weirder server name!
The Server name: cloudflare.com.nokia.com.co.uk.do_yo.want_to.clash_with.this.www.microsoft.com.there_is_no.place_like.localhost.www.bing.com.count_with_me.cyou.com.now_sudo.rm_rf.ddns.net.we_are_here.again_to_fight.everyone.i_am.the_internet.special_nbvd.koromozom.cfd.
It is the only way that we can access Telegram. Does anyone know how to make such proxies with this kind of Domain?
enter image description here
As you can see on the attached image, It is written unknown in the server name box, but when you connect to the proxy, you will see the following domain name.
Please help to create such proxies. I really need this.
We are building a system on windows where we centrally (server) need to do fopen to either local files or remote smb resources. The idea is to authenticate in the case of remote resources before doing fopen (with unc paths).
We need to authenticate with the credentials the user (client application) supplied for this resource on that remote share. We don't want to copy any resources.
Using the Win Net Api this works smoothly since it stores the given credentials so that subsequent fopens in the same or in different processes succeed.
But there is a problem:
Many of you probably know the following message from windows when trying to connect to a smb share with different credentials then the ones used for a previous connection:
"Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed. Disconnect all previous connections to the server or shared resource and try again."
See http://support.microsoft.com/kb/938120 for the defined limitation and possible "work arounds".
Since we have a central server application running as a service ('Local System' account) we hit this limitation with having already two different users :).
Closing the previously established connection to allow for the 2nd one is not an option (ongoing processing).
On the one hand it's great that windows caches authentication information on the other hand it's too limited.
Modifying the hosts file for each user does not look very nice.
Using smb client libraries (like libsmb++, impacket) doesn't seem to be the solution since we need "over process" authentication.
Configuring a "master" smb share user is also not wanted.
Maybe passing windows user auth tokens around is a way?
This problem is of general nature (i.e. independent of language) and I'm convinced that there are people out there who solved it (in a more or less elegant way ;))
I hope my explanation is understandable.
Thanks in advance for any hint.
felix
Is there a way to limit the login to a web application based on client machine name or id. The requirement is a certain userid login should be done only from pre-determined or preset systems.
Hope this covers the queries mentioned.
I am not sure if IP address of the machine can be used as much effective as the machine name or macid may server the purpose.
Client OS can be windows or mac. Its a public facing site but a certain group of users should login from certain machines only.
The site is php, mysql and hosted on apache and linux.
Generally speaking, a web browser will only send basic HTTP headers along for the ride, in addition to a known IP address.
Assuming you even could get this information from the client system via javascript, it would not be trustable, (eg, a client could fake it).
Perhaps you can expand your question a bit?
On Modern Windows, the default configuration is done in such a way that if I network-login as a local user, I actually only get authenticated as a guest (more details about this behavior is explained in http://technet.microsoft.com/en-us/library/cc786449(WS.10).aspx)
When my program tries to access WMI on this kind of servers via DCOM, I simply get "Access Denied" error, presumably because a guest user isn't allowed to connect to WMI.
I'd like to differentiate this error from other kinds of access denied errors, such as a wrong password or non-existent user name, so that I can explain to the user what they need to fix the problem.
So my question is, what can I do to detect such a server. I'm thinking that if there's some COM components that can be activated by a guest, that would do --- I can try to activate such a component, and if that works, I know that my login credential was correct. But I can't think of any such concrete component.
Does anyone know such a component? Or any other ways of diagnosing this situation?
No, I cannot recall that there is a DCOM server that can be accessed by a guest. Wouldn't that be unsafe?
If you have time you can check all security settings of DCOM servers using dcomcnfg. Maybe there is a guest. But I don't think so.
On the other side. You cannot see the reason behind AccessDenied on the client side because that would make the server more vulnerable. If an attacker could distinguish between different kinds of access denied errors, he probably would be able to adapt his actions accordingly.
But if you have access to the server you can activate DCOM logging (see http://support.microsoft.com/?scid=kb%3Ben-us%3B892500&x=18&y=11)
As a solution, I suggest that you write such a and similar problems and how they happen into a FAQ/Readme/Webpage. People tend to rather search the web than read a message box.
I have a site i am working on that i would like to display only to a few others for now. Is there anything wrong with setting up windows user names and using windows auth to prompt the user before getting into the development site?
There are several ways, with varying degrees of security:
Don't put it on the internet - put it on a private network, and use a VPN to access it
Restrict access with HTTP authentication (as you suggest). The downside to this is it can interfere with the actual site, if you are using HTTP auth, or some other type of authentication as part of the application.
Restrict access based on remote IP. Just allow the IPs of users you want to be able to access it.
Use a custom hostname. Have it on a public IP, but don't publish the hostname. This means make an entry in your HOSTS file (or configure your own DNS server, if possible) so that "blah.mysite.com" goes to the site, but that is not available on the internet. Obviously you'd only make the site accessible when using that hostname (and not the IP).
That depends on what you mean by "best": for example, do you mean "easiest" or "most secure"?
The best way might be to have it on a private network, which you attach to via VPN.
I do this frequently. I use Hamachi to allow them to access my dev box so they can see whats going on. they have access to it when they want , and/or when I allow. When they are done I evict them from my Hamachi network and change the password.
Hamachi is a software VPN. Heres a link to Hamachi - AKA LogMeIn
Hamachi
They have a free version which works quite well.
Of course, there's nothing wrong with Windows auth. There are couple of (not too big) drawbacks, though:
your website auth scheme is different from the final product.
you are giving them more access to the box they really need.
you automatically reimaging the machine and redeploying the website is more complex, as you have to automate the windows account creation.
I would suggest two alternatives:
to do whatever auth you plan on doing in the final website and make sure all pager require auth
do a token cookie based auth - send them a link that sets a particular token in a cookie and in your website code add quick check for that token before you even go to the regular user auth
If you aren't married to IIS, and you need developers to be able to change the content, I would consider Apache + SSL + WebDav (aka Web Folders). This will allow you to offer a secure sandbox where developers can change and view the content without having user accounts on the server.
This setup requires some knowledge of Apache so it only makes sense if you are already using Apache or if you frequently need to provide outsiders access to your web server.
First useful link I found on the topic: http://pascal.thivent.name/2007/08/howto-setup-apache-224-webdav-under.html
Why don't you just set up an NTFS user and assign it to the website (and remove anonymous access)