Search Results

Search found 12055 results on 483 pages for 'password complexity'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 101/483 | < Previous Page | 97 98 99 100 101 102 103 104 105 106 107 108  | Next Page >

  • How to disable automatic login?

    - by iammilind
    I was playing around with "User accounts" and somehow set automatic login. Now, when I start my PC, it just has one button named as "login". Clicking that button, directly logs me in to my PC. There is no music or no asking for password while logging in. As a side effect, it asks me separately for keyring password How to disable auto login and make login/keyring password unified again like before? NOTE: Attempting to disable Automatic Login from System Settings User Accounts does not work. This is the content of my /etc/lightdm/lightdm.conf (where I have commented the autologin for my username mgandhi): [SeatDefaults] greeter-session=unity-greeter user-session=ubuntu #autologin-user=mgandhi

    Read the article

  • How does Requiring users to Periodically Change their Passwords Improve Security? [closed]

    - by Bob Kaufman
    I've had the same password for some sites for years with no regrets. Meanwhile, at work, I find myself being forced to change passwords every two to three months. My thinking is that if a password gets compromised, requiring that I change it several weeks out isn't going to protect me or the network very much. Moreover, I find that by being required to change passwords frequently, I degenerate into a predictable password pattern (e.g., BearsFan111, BearsFan222, ...) which results in easier to remember and easier to guess passwords. Is there a sound argument for requiring that passwords be changed periodically?

    Read the article

  • Can't get vnc to connect

    - by Thom
    I have a server and my laptop. I want to be able to start vnc server on the server and then connect from my laptop. Both are running ubuntu 11.10 64 bit desktop On my server, i installed x11vnc. I set it up with a password, no view only password. I ssh to the box and typed vncserver :42 Now on my laptop, I installed gtkvncviewer and ran it. It popped up a box. I entered the picard:42 (the name of the server in my /etc/hosts file) and the password. I tried with and without the user. It always disconnects immediately. Can anyone point out what I'm doing wrong? Is it because I'm not running a GUI session currently on picard? If so, how can I start the Xwindows session remotely to connect with vncserver?

    Read the article

  • forward sudo verification

    - by Timo Kluck
    I often use the following construct for building and installing a tarball: sudo -v && make && sudo make install which will allow me to enter my password immediately and have everything done unattended. This works well except in the rare case that building takes longer than the sudo timeout, which may happen on my rather slow machine with large projects (even when using make -j4). But when the build takes a long time, that's exactly when doing things unattended has a great advantage. Can anyone think of a shell construct that allows me to input my password immediately, and which has make executing under normal permissions and make install under elevated permissions? For security reasons, I don't want to configure my user to use sudo without password. A viable option is to set the timeout to very long, but I'm hoping for something more elegant.

    Read the article

  • Pirates, Treasure Chests and Architectural Mapping

    Pirate 1: Why do pirates create treasure maps? Pirate 2: I do not know.Pirate 1: So they can find their gold. Yes, that was a bad joke, but it does illustrate a point. Pirates are known for drawing treasure maps to their most prized possession. These documents detail the decisions pirates made in order to hide and find their chests of gold. The map allows them to trace the steps they took originally to hide their treasure so that they may return. As software engineers, programmers, and architects we need to treat software implementations much like our treasure chest. Why is software like a treasure chest? It cost money, time,  and resources to develop (Usually) It can make or save money, time, and resources (Hopefully) If we operate under the assumption that software is like a treasure chest then wouldn’t make sense to document the steps, rationale, concerns, and decisions about how it was designed? Pirates are notorious for documenting where they hide their treasure.  Shouldn’t we as creators of software do the same? By documenting our design decisions and rationale behind them will help others be able to understand and maintain implemented systems. This can only be done if the design decisions are correctly mapped to its corresponding implementation. This allows for architectural decisions to be traced from the conceptual model, architectural design and finally to the implementation. Mapping gives software professional a method to trace the reason why specific areas of code were developed verses other options. Just like the pirates we need to able to trace our steps from the start of a project to its implementation,  so that we will understand why specific choices were chosen. The traceability of a software implementation that actually maps back to its originating design decisions is invaluable for ensuring that architectural drifting and erosion does not take place. The drifting and erosion is prevented by allowing others to understand the rational of why an implementation was created in a specific manor or methodology The process of mapping distinct design concerns/decisions to the location of its implemented is called traceability. In this context traceability is defined as method for connecting distinctive software artifacts. This process allows architectural design models and decisions to be directly connected with its physical implementation. The process of mapping architectural design concerns to a software implementation can be very complex. However, most design decision can be placed in  a few generalized categories. Commonly Mapped Design Decisions Design Rationale Components and Connectors Interfaces Behaviors/Properties Design rational is one of the hardest categories to map directly to an implementation. Typically this rational is mapped or document in code via comments. These comments consist of general design decisions and reasoning because they do not directly refer to a specific part of an application. They typically focus more on the higher level concerns. Components and connectors can directly be mapped to architectural concerns. Typically concerns subdivide an application in to distinct functional areas. These functional areas then can map directly back to their originating concerns.Interfaces can be mapped back to design concerns in one of two ways. Interfaces that pertain to specific function definitions can be directly mapped back to its originating concern(s). However, more complicated interfaces require additional analysis to ensure that the proper mappings are created. Depending on the complexity some Behaviors\Properties can be translated directly into a generic implementation structure that is ready for business logic. In addition, some behaviors can be translated directly in to an actual implementation depending on the complexity and architectural tools used. Mapping design concerns to an implementation is a lot of work to maintain, but is doable. In order to ensure that concerns are mapped correctly and that an implementation correctly reflects its design concerns then one of two standard approaches are usually used. All Changes Come From ArchitectureBy forcing all application changes to come through the architectural model prior to implementation then the existing mappings will be used to locate where in the implementation changes need to occur. Allow Changes From Implementation Or Architecture By allowing changes to come from the implementation and/or the architecture then the other area must be kept in sync. This methodology is more complex compared to the previous approach.  One reason to justify the added complexity for an application is due to the fact that this approach tends to detect and prevent architectural drift and erosion. Additionally, this approach is usually maintained via software because of the complexity. Reference:Taylor, R. N., Medvidovic, N., & Dashofy, E. M. (2009). Software architecture: Foundations, theory, and practice Hoboken, NJ: John Wiley & Sons  

    Read the article

  • How do I set a system wide proxy?

    - by armando Armandiano
    I'm trying to set a system wide proxy, and I'm specifically having difficulties with apt-get for installing applications on my Ubuntu. I'm in a university using a proxy server with username/password. I'm aware of setting a proxy with username and password in the following manner: http://username:[email protected]:8080/ But it fails, as a critical example with apt-get. Username contains backslash( \ ) in it and I'm wondering whether that could be a problem for failing. I'd be grateful with any input on this. P.S I'm on Ubuntu 11.04

    Read the article

  • Copying an SSH Public Key to a Server

    - by Nathan Arthur
    I'm attempting to setup a git repository on my Dreamhost web server by following the "Setup: For the Impatient" instructions here. I'm having difficulty setting up public key access to the server. After successfully creating my public key, I ran the following command: cat ~/.ssh/[MY KEY].pub | ssh [USER]@[MACHINE] "mkdir ~/.ssh; cat >> ~/.ssh/authorized_keys" ...replacing the appropriate placeholders with the correct values. Everything seemed to go through fine. The server asked for my password, and, as far as I can tell, executed the command. There is indeed a ~/.ssh/authorized_keys file on the server. The problem: When I try to SSH into the server, it still asks for my password. My understanding is that it shouldn't be asking for my password anymore. What am I missing?

    Read the article

  • How do I start Nautilus as root?

    - by Pho swan
    I got problem with nautilus in Ubuntu 12.04 LTS when i run command "gksu nautilus /" password ask box appear and I type my super-user password , than password box is disappear and nautilus is not open. . when i try to open nautilus via normal user in command box . "nautilus" the folder is open up. when i try in terminal ... $sudo nautilus I got following error $ sudo nautilus / ** (nautilus:8523): WARNING **: Command line `dbus-launch --autolaunch=2c8ce9b7da2257c2609b749700000007 --binary-syntax --close-stderr' exited with non-zero exit status 1: Autolaunch error: X11 initialization failed.\n Could not parse arguments: Cannot open display: how can i fix this error..

    Read the article

  • User Already Exists in the Current Database - SQL Server

    - by bullpit
    I was moving a lot of databases from one SQL Server to another, and my applications were giving me errors saying "Login failed for <user>". The user was already in the database with appropriate rights to allowed objects in the database. I tried mapping the user to the database and that's when I got this message: "User Already Exists in the Current Database"... I googled and found this very useful post about orphaned users when moving databases. These are the steps you should take to fix this issue: First, make sure that this is the problem. This will lists the orphaned users: EXEC sp_change_users_login 'Report' If you already have a login id and password for this user, fix it by doing: EXEC sp_change_users_login 'Auto_Fix', 'user' If you want to create a new login id and password for this user, fix it by doing: EXEC sp_change_users_login 'Auto_Fix', 'user', 'login', 'password'

    Read the article

  • Is it possible for an application (written in Mono C#) to run a console command?

    - by Razick
    I am wondering if a Mono C# application can somehow run a terminal command. For example, could the user give the program his or her password and then have the application run sudo apt-get install application-name (console requests password) password (console requests confirmation) y Preferably, this would be done without actually opening a terminal visible to the user, so that the application could provide the necessary feedback and manage the whole operation cleanly with as little user interaction as possible. Is there a way to do that? Let me know if clarification is needed. Thank you!

    Read the article

  • SharePoint Apps &ndash; the dark side

    - by Sahil Malik
    SharePoint 2010 Training: more information First of all, I am a proponent of SharePoint apps. As I have said many times over, SharePoint Apps make me very ‘appy, they are very app-propriate. But there are some points to consider that make a bit app-rehensive. These are all mentioned in my book “SharePoint 2013 - Planet of the Apps”, .. but here are some thoughts of the negatives of Apps that I think we need to consider before diving in, Mutliple Servers, More Complexity Apps, by definition will include an extra server. This excludes SharePoint-hosted apps of course. Extra servers by definition will add more complexity. As it is, when you introduce SharePoint to an organization, the number of servers multiply like bunnies. Now you will have additional servers, and these servers talking with each other. You will have to maintain trusts, and you will have to patch more stuff, reset more “admin” passwords – you get my point. Read full article ....

    Read the article

  • Xfce session will not login from login prompt. Why?

    - by hydroparadise
    Well, not sure how I did it, but for some reason I am unable to get past the login screen on Xfce. What's odd is that I had set the machine up (from install) to login automatically. Then when I finish rebooting after installing sudo apt-get install openssh-server and sudo apt-get install vnc4server all the sudden I am getting prompted for my password. I proceed to type my password (successfully might I add) to login, the screen goes black for a second, then brings me right back to the same password prompt. I am able ssh in(now), but I get no love from workstation login. Maybe vnc4server is the culprit? What did I do? And can I fix it? EDIT: The guest account, however will let me login no problem. What gives? I have a sneaking feeling that this could be permission issue.

    Read the article

  • How can I have my VPN connect automatically when the wireless connects?

    - by ams
    I have a working VPN connection using NetworkManager, OpenConnect, and the network-manager-openconnect-gnome package, but I have to start it manually every time I connect to a network, and I have to enter my password manually each time. How can I get it to connect automatically, and remember my password (securely)? I have checked the 'Connect Automatically' box on the Configure VPN page, but this seems to have no effect. I've also got the 'Start connecting automatically' box checked in the pop-up box, and that does avoid the need to press the connect button in that window, but seems to have no part in kicking off the whole process in the first place. There is no option to remember the password in the window, but maybe there's one somewhere else?

    Read the article

  • auth_mysql and php [migrated]

    - by user1052448
    I have a directory with auth_mysql in a virtualhost file password protected using a mysql user/pass combo. The problem I have is one file inside that directory needs to be accessed without a user/pass. Is there a way I can pass the user/pass within the php file? Or excluse the one file? What would I put between the code below? <Location /password-protected> ...mysql password protection require valid-user </Location>

    Read the article

  • What is an achievable way of setting content budgets (e.g. polygon count) for level content in a 3D title?

    - by MrCranky
    In answering this question for swquinn, the answer raised a more pertinent question that I'd like to hear answers to. I'll post our own strategy (promise I won't accept it as the answer), but I'd like to hear others. Specifically: how do you go about setting a sensible budget for your content team. Usually one of the very first questions asked in a development is: what's our polygon budget? Of course, these days it's rare that vertex/poly count alone is the limiting factor, instead shader complexity, fill-rate, lighting complexity, all come into play. What the content team want are some hard numbers / limits to work to such that they have a reasonable expectation that their content, once it actually gets into the engine, will not be too heavy. Given that 'it depends' isn't a particularly useful answer, I'd like to hear a strategy that allows me to give them workable limits without being a) misleading, or b) wrong.

    Read the article

  • Encrypted Ubuntu Partition HELP!

    - by user207984
    I had Zorin 7 Encrypted. I accidentally deleted important GRUB data trying to make more room in the boot folder i think? So the computer would no longer boot up. Anyways, I installed a second Linux OS on the same laptop, but I am unable to access all of my important information that is still on the encrypted partition. When i go to mount it to access everything, it asks for the encryption password... however, it tells me the password is incorrect, which I know 100% that it is the correct password. Someone please help me! Inform me how I can access this encrypted partition or restore the data so that I can boot the computer in Zorin 7 again.

    Read the article

  • I can't log-in to WinSCP using username "root"

    - by Jessyle Ivy
    I can't log-in to WinSCP using username "root". I already change the password of "root" in Ubuntu, and I successfully log-in there. But in WinSCP, it goes like this Search for host... Connecting to host... Authenticating... Using username "root" Authenticating with pre-entered password. Access Denied. and I am need to re-type the password again. By the way I'm using VMware Player for Ubuntu. Thanks!

    Read the article

  • 407 Proxy Authentication Required

    - by user38507
    When I try to install a software using Ubuntu Software center I get: Failed to download repository information Check Your Internet connection When I try to do a apt get-install something, I get: 407 Proxy Authentication Required I use a proxy server that requires a user-name and a password. I have set my systems proxy manually, by plugging in the required numbers in the Networks proxy and applied it system wide. I guess the problem now is plugging in my user-name and password. When I use INTERNET via Mozilla, it specifically asks me for my user-name and password.

    Read the article

  • What &lsquo;enterprise&rsquo; doesn&rsquo;t understand about risk

    - by Liam McLennan
    Enterprises (large bureaucracies) obsess about risk. I think it is because of the inertia generated by the process and politics that they have to deal with. The trouble is that they respond to risk in precisely the wrong way: by adding complexity. Need to call a method? Better wrap it in WCF service. Need to talk to another application? Better hook a message queue to a service bus connected to a biztalk sharepoint – on Oracle. Here is a simple guide: Complexity increases risk. Simplicity reduces risk.

    Read the article

  • Nashorn ?? JDBC ? Oracle DB ?????·?? 3

    - by Homma
    ???? Nashorn ?? JavaScript ??????? JDBC ? Oracle DB ???????????????????? Oracle DB ????? SQL ??????????????? ???????????????????????????????? ????????? URL ? https://blogs.oracle.com/nashorn_ja/entry/nashorn_jdbc_3 ??? JDBC ??????????????? JDBC ????????????????? Nashorn ????? JavaScript ????????????? ???????? JDBC OCI ???????????????????????????????? ????? ?? Java ??????????????? Nashorn ? JavaScript ???????????????? // Invoke jjs with -scripting option. /* * This sample can be used to check the JDBC installation. * Just run it and provide the connect information. It will select * "Hello World" from the database. */ var OracleDataSource = Java.type("oracle.jdbc.pool.OracleDataSource"); function main() { // Prompt the user for connect information print("Please enter information to test connection to the database"); var user, password, database; user = readLine("user: "); slash_index = user.indexOf('/'); if (slash_index != -1) { password = user.substring(slash_index + 1) user = user.substring(0, slash_index); } else password = readLine("password: "); database = readLine("database(a TNSNAME entry): "); java.lang.System.out.print("Connecting to the database..."); java.lang.System.out.flush(); print("Connecting..."); // Open an OracleDataSource and get a connection var ods = new OracleDataSource(); ods.setURL("jdbc:oracle:oci:@" + database); ods.setUser(user); ods.setPassword(password); var conn = ods.getConnection(); print("connected."); // Create a statement var stmt = conn.createStatement(); // Do the SQL "Hello World" thing var rset = stmt.executeQuery("select 'Hello World' from dual"); while (rset.next()) print(rset.getString(1)); // close the result set, the statement and the connection rset.close(); stmt.close(); conn.close(); print("Your JDBC installation is correct."); } main(); oracle.jdbc.pool.OracleDataSource ? Java.type() ?????Nashorn ??????????????????????????? Java ? System.out.println() ? System.out.flush() ? java.lang. ???????????????? Java ?????????? readEntry() ????? Nashorn ? readLine() ???????????? Java ????????????????????????JavaScript ?????????????????? ?? Java ??????????????????????????? Java ???????????????? JavaScript ?????????????????? ???????? JDBC OCI ???????????????? LD_LIBRARY_PATH ????????????????? ???Nashorn ? readLine() ??????????jjs ????? -scripting ????????????????? $ export LD_LIBRARY_PATH=${ORACLE_HOME}/lib $ jjs -scripting -cp ${ORACLE_HOME}/jdbc/lib/ojdbc6.jar JdbcCheckup.js Please enter information to test connection to the database user: test password: test database(a TNSNAME entry): orcl Connecting to the database...Connecting... connected. Hello World Your JDBC installation is correct. JDBC OCI ????????????????? "select 'Hello World' from dual" ??? SQL ?????????????? ?????????????????database ???? :: ??????????? ??? ??? Oracle DB ????? SQL ???????????????? Java ? JDBC ??????????????????????????? Nashorn ??????????????????????????????????

    Read the article

  • problem with network-manager-pptp

    - by Riuzaki90
    I've a problema with the VPA CAble connection of my university... on the website of the university there's a .sh file that set all the variables of the connection in ETC/PPP/PEERS and another .sh file that call the connection...I'm on ubuntu 11.10 and when I run the setup.sh I have this error: impossible to find network-manager-pptp these are the two file that I had talk about: #!/bin/bash echo "Creazione della connessione in corso attendere........." apt-get update apt-get install pptp-linux network-manager-pptp echo -n "Digitare la propria Username: " read USERNAME echo -n "Digitare la propria Password: " read PASSWORD pptpsetup --create UNICAL_Campus_Access --server 160.97.73.253 --username $USERNAME --password $PASSWORD echo 'pty "pptp 160.97.73.253 --nolaunchpppd"' >/etc/ppp/peers/UNICAL_Campus_Access echo 'require-mppe-128' >>/etc/ppp/peers/UNICAL_Campus_Access echo 'file /etc/ppp/options.pptp'>>/etc/ppp/peers/UNICAL_Campus_Access echo 'name '$USERNAME''>>/etc/ppp/peers/UNICAL_Campus_Access echo 'remotename PPTP'>>/etc/ppp/peers/UNICAL_Campus_Access echo 'ipparam UNICAL_Campus_Access'>>/etc/ppp/peers/UNICAL_Campus_Access echo $USERNAME' PPTP '$PASSWORD' *'>>/etc/ppp/chap-secrets rm /etc/ppp/options.pptp echo '###############################################################################'>/etc/ppp/options.pptp echo '# $Id: options.pptp,v 1.3 2006/03/26 23:11:05 quozl Exp $'>>/etc/ppp/options.pptp echo '#'>>/etc/ppp/options.pptp echo '# Sample PPTP PPP options file /etc/ppp/options.pptp'>>/etc/ppp/options.pptp echo '# Options used by PPP when a connection is made by a PPTP client.'>>/etc/ppp/options.pptp echo '# This file can be referred to by an /etc/ppp/peers file for the tunnel.'>>/etc/ppp/options.pptp echo '# Changes are effective on the next connection. See "man pppd".'>>/etc/ppp/options.pptp echo '#'>>/etc/ppp/options.pptp echo '# You are expected to change this file to suit your system. As'>>/etc/ppp/options.pptp echo '# packaged, it requires PPP 2.4.2 or later from http://ppp.samba.org/'>>/etc/ppp/options.pptp echo '# and the kernel MPPE module available from the CVS repository also on'>>/etc/ppp/options.pptp echo '# http://ppp.samba.org/, which is packaged for DKMS as kernel_ppp_mppe.'>>/etc/ppp/options.pptp echo '###############################################################################'>>/etc/ppp/options.pptp echo '# Lock the port'>>/etc/ppp/options.pptp echo 'lock'>>/etc/ppp/options.pptp echo '# Authentication'>>/etc/ppp/options.pptp echo '# We do not need the tunnel server to authenticate itself'>>/etc/ppp/options.pptp echo 'noauth'>>/etc/ppp/options.pptp echo '#We won"t do PAP, EAP, CHAP, or MSCHAP, but we will accept MSCHAP-V2'>>/etc/ppp/options.pptp echo '#(you may need to remove these refusals if the server is not using MPPE)'>>/etc/ppp/options.pptp echo 'refuse-pap'>>/etc/ppp/options.pptp echo 'refuse-eap'>>/etc/ppp/options.pptp echo 'refuse-chap'>>/etc/ppp/options.pptp echo 'refuse-mschap'>>/etc/ppp/options.pptp echo '# Compression Turn off compression protocols we know won"t be used'>>/etc/ppp/options.pptp echo 'nobsdcomp'>>/etc/ppp/options.pptp echo 'nodeflate'>>/etc/ppp/options.pptp echo '# Encryption'>>/etc/ppp/options.pptp echo '# (There have been multiple versions of PPP with encryption support,'>>/etc/ppp/options.pptp echo '# choose with of the following sections you will use. Note that MPPE'>>/etc/ppp/options.pptp echo '# requires the use of MSCHAP-V2 during authentication)'>>/etc/ppp/options.pptp echo '# http://ppp.samba.org/ the PPP project version of PPP by Paul Mackarras'>>/etc/ppp/options.pptp echo '# ppp-2.4.2 or later with MPPE only, kernel module ppp_mppe.o'>>/etc/ppp/options.pptp echo '#{{{'>>/etc/ppp/options.pptp echo '# Require MPPE 128-bit encryption'>>/etc/ppp/options.pptp echo '#require-mppe-128'>>/etc/ppp/options.pptp echo '#}}}'>>/etc/ppp/options.pptp echo '# http://polbox.com/h/hs001/ fork from PPP project by Jan Dubiec'>>/etc/ppp/options.pptp echo '#ppp-2.4.2 or later with MPPE and MPPC, kernel module ppp_mppe_mppc.o'>>/etc/ppp/options.pptp echo '#{{{'>>/etc/ppp/options.pptp echo '# Require MPPE 128-bit encryption'>>/etc/ppp/options.pptp echo '#mppe required,stateless'>>/etc/ppp/options.pptp echo '# }}}'>>/etc/ppp/options.pptp echo "setup di 'UNICAL Campus Access' terminato correttamente" echo "per connettersi eseguire lo script 'UNICAL_Campus_Access.sh' " and the second: #!/bin/bash echo "Connessione alla Rete del Centro Residenziale in corso attendere........." modprobe ppp_mppe pppd call UNICAL_Campus_Access sleep 30 tail -n 8 /var/log/messages echo "Connessione Stabilita" echo -n "Per terminare la connessione premere invio (in alternativa eseguire il commando 'killall pppd'):----> " read CONN killall pppd echo "Connessione terminata" I've correctly installed network-manager-pptp to the latest version...help?

    Read the article

  • LexisNexis and Oracle Join Forces to Prevent Fraud and Identity Abuse

    - by Tanu Sood
    Author: Mark Karlstrand About the Writer:Mark Karlstrand is a Senior Product Manager at Oracle focused on innovative security for enterprise web and mobile applications. Over the last sixteen years Mark has served as director in a number of tech startups before joining Oracle in 2007. Working with a team of talented architects and engineers Mark developed Oracle Adaptive Access Manager, a best of breed access security solution.The world’s top enterprise software company and the world leader in data driven solutions have teamed up to provide a new integrated security solution to prevent fraud and misuse of identities. LexisNexis Risk Solutions, a Gold level member of Oracle PartnerNetwork (OPN), today announced it has achieved Oracle Validated Integration of its Instant Authenticate product with Oracle Identity Management.Oracle provides the most complete Identity and Access Management platform. The only identity management provider to offer advanced capabilities including device fingerprinting, location intelligence, real-time risk analysis, context-aware authentication and authorization makes the Oracle offering unique in the industry. LexisNexis Risk Solutions provides the industry leading Instant Authenticate dynamic knowledge based authentication (KBA) service which offers customers a secure and cost effective means to authenticate new user or prove authentication for password resets, lockouts and such scenarios. Oracle and LexisNexis now offer an integrated solution that combines the power of the most advanced identity management platform and superior data driven user authentication to stop identity fraud in its tracks and, in turn, offer significant operational cost savings. The solution offers the ability to challenge users with dynamic knowledge based authentication based on the risk of an access request or transaction thereby offering an additional level to other authentication methods such as static challenge questions or one-time password when needed. For example, with Oracle Identity Management self-service, the forgotten password reset workflow utilizes advanced capabilities including device fingerprinting, location intelligence, risk analysis and one-time password (OTP) via short message service (SMS) to secure this sensitive flow. Even when a user has lost or misplaced his/her mobile phone and, therefore, cannot receive the SMS, the new integrated solution eliminates the need to contact the help desk. The Oracle Identity Management platform dynamically switches to use the LexisNexis Instant Authenticate service for authentication if the user is not able to authenticate via OTP. The advanced Oracle and LexisNexis integrated solution, thus, both improves user experience and saves money by avoiding unnecessary help desk calls. Oracle Identity and Access Management secures applications, Juniper SSL VPN and other web resources with a thoroughly modern layered and context-aware platform. Users don't gain access just because they happen to have a valid username and password. An enterprise utilizing the Oracle solution has the ability to predicate access based on the specific context of the current situation. The device, location, temporal data, and any number of other attributes are evaluated in real-time to determine the specific risk at that moment. If the risk is elevated a user can be challenged for additional authentication, refused access or allowed access with limited privileges. The LexisNexis Instant Authenticate dynamic KBA service plugs into the Oracle platform to provide an additional layer of security by validating a user's identity in high risk access or transactions. The large and varied pool of data the LexisNexis solution utilizes to quiz a user makes this challenge mechanism even more robust. This strong combination of Oracle and LexisNexis user authentication capabilities greatly mitigates the risk of exposing sensitive applications and services on the Internet which helps an enterprise grow their business with confidence.Resources:Press release: LexisNexis® Achieves Oracle Validated Integration with Oracle Identity Management Oracle Access Management (HTML)Oracle Adaptive Access Manager (pdf)

    Read the article

  • SQL SERVER – Importance of User Without Login

    - by pinaldave
    Some questions are very open ended and it is very hard to come up with exact requirements. Here is one question I was asked in recent User Group Meeting. Question: “In recent version of SQL Server we can create user without login. What is the use of it?” Great question indeed. Let me first attempt to answer this question but after reading my answer I need your help. I want you to help him as well with adding more value to it. Answer: Let us visualize a scenario. An application has lots of different operations and many of them are very sensitive operations. The common practice was to do give application specific role which has more permissions and access level. When a regular user login (not system admin), he/she might have very restrictive permissions. The application itself had a user name and password which means applications can directly login into the database and perform the operation. Developers were well aware of the username and password as it was embedded in the application. When developer leaves the organization or when the password was changed, the part of the application had to be changed where the same username and passwords were used. Additionally, developers were able to use the same username and password and login directly to the same application. In earlier version of SQL Server there were application roles. The same is later on replaced by “User without Login”. Now let us recreate the above scenario using this new “User without Login”. In this case, User will have to login using their own credentials into SQL Server. This means that the user who is logged in will have his/her own username and password. Once the login is done in SQL Server, the user will be able to use the application. Now the database should have another User without Login which has all the necessary permissions and rights to execute various operations. Now, Application will be able to execute the script by impersonating “user without login – with more permissions”. Here there is assumed that user login does not have enough permissions and another user (without login) there are more rights. If a user knows how the application is using the database and their various operations, he can switch the context to user without login making him enable for doing further modification. Make sure to explicitly DENY view definition permission on the database. This will make things further difficult for user as he will have to know exact details to get additional permissions. If a user is System Admin all the details which I just mentioned in above three paragraphs does not apply as admin always have access to everything. Additionally, the method describes above is just one of the architecture and if someone is attempting to damage the system, they will still be able to figure out a workaround. You will have to put further auditing and policy based management to prevent such incidents and accidents. I guess this is my answer. I read it multiple times but I still feel that I am missing something. There should be more to this concept than what I have just described. I have merely described one scenario but there will be many more scenarios where this situation will be useful. Now is your turn to help – please leave a comment with the additional suggestion where exactly “User without Login” will be useful as well did I miss anything when I described above scenario. Reference: Pinal Dave (http://blog.sqlauthority.com) Filed under: PostADay, SQL, SQL Authority, SQL Query, SQL Security, SQL Server, SQL Tips and Tricks, T SQL, Technology

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 97 98 99 100 101 102 103 104 105 106 107 108  | Next Page >