Is it possible to reverse a SHA-1 hash?

No, you cannot reverse SHA-1, that is exactly why it is called a Secure Hash Algorithm. What you should definitely be doing though, is include the message that is being transmitted into the hash calculation. Otherwise a man-in-the-middle could intercept the message, and use the signature (which only contains the sender’s key and the timestamp) … Read more

PHP: How To Disable Dangerous Functions

Afraid you’re pretty much stuck using php.ini to disable most of those. However, it gets worse. eval() is technically not a function, it is a language construct, so it CANNOT be disabled using disable_functions. In order to do that, you would have to install something like Suhosin and disable it from there. A good webmaster … Read more Access denied (

Within your <jre location>\lib\security\java.policy try adding: grant { permission; }; And see if it allows you. If so, you will have to add more granular permissions. See: Java 8 Documentation for java.policy files and

IIS7, web.config to allow only static file handler in directory /uploads of website

Add the following to a web.config file in the folder containing the files you wish to be served only as static content: <configuration> <system.webServer> <handlers> <clear /> <add name=”StaticFile” path=”*” verb=”*” modules=”StaticFileModule,DefaultDocumentModule,DirectoryListingModule” resourceType=”Either” requireAccess=”Read” /> </handlers> <staticContent> <mimeMap fileExtension=”.*” mimeType=”application/octet-stream” /> </staticContent> </system.webServer> </configuration>

Encrypting credentials in a WPF application

Here’s a summary of my blog post: How to store a password on Windows? You can use the Data Protection API and its .NET implementation (ProtectedData) to encrypt the password. Here’s an example: public static string Protect(string str) { byte[] entropy = Encoding.ASCII.GetBytes(Assembly.GetExecutingAssembly().FullName); byte[] data = Encoding.ASCII.GetBytes(str); string protectedData = Convert.ToBase64String(ProtectedData.Protect(data, entropy, DataProtectionScope.CurrentUser)); return protectedData; … Read more

a better approach than storing mysql password in plain text in config file?

Personally, I store sensitive information such as database connection details in a config.ini file outside of my web folder’s root. Then in my index.php I can do: $config = parse_ini_file(‘../config.ini’); This means variables aren’t visible if your server accidentally starts outputting PHP scripts as plain text (which has happened before, infamously to Facebook); and only … Read more