Search Results

Search found 21071 results on 843 pages for 'account security'.

Page 125/843 | < Previous Page | 121 122 123 124 125 126 127 128 129 130 131 132  | Next Page >

• Enable file download via redirect in IE7

  - by Christian W

  Our application enables our customers to download files to their computer. The way I have implemented it is using asp.net with a dropdown. When the user clicks the dropdown they get the choice of "PDF","Powerpoint", and a couple of other choices depending on circumstances. Then, in postback depending on the choice the user made, it will return a file (changing the content-header and such and then bitbanging a file to the user). This works perfectly in all browsers, but IE7 complains that this is a security risk and blocks the download. Is there any way for the users to authorize downloads from our webapplication?

  Read the article

• Wordpress Automatic Updating/Installing Plugins Permissions

  - by karmic

  I am using the latest Wordpress and I have always had issues with the automatic updater. For the files in the wordpress directory, i set them to permission 770, and add the webserver user 'www-data' as the group owner. I use lighttpd. However, the automatic updating plugins or installing plugins does not work. It works if I chmod 777 the files or if I set the actual owner to the web server as well. What are the best permission settings for security while still allowing the updating feature to work properly in wordress? Also, by 'not work' i mean, it will go to the screen that asks me for FTP credentials when I try to update.

  Read the article

• Concerns about a Dedicated (Windows Server 2008) + DDoS

  - by TheKillerDev

  I am have today a dedicated server with these specs: Intel Core i5 750, 2x120GB (ssd + raid), Windows Server 2008 Web, 200Mbps Network, 24 Gb DD3 And I would like to know what are the best thing I can do to prevent a DDoS Attack, since I know this will be a real threat by the importance of the files that will be archived in it. Today I have apache listening port 80 and RDC listening port 3389. But the security is beeing made only by Windows Firewall. So, any thoughts on what would be good to prevent from DDoS attacks?

  Read the article

• User accounts in FTP

  - by Brad

  I have an FTP server(proftpd on debian) that I'm going to allow a couple friends access to, and I want some safety nets in place, just in case. These are some of the things I'd like to do: Jail the accounts to their home directories and impose a cap on the amount of data they can upload Allow them access to a shared folder(via symlink or something) where they have full access(Also with a storage cap, but larger) Allow my own account full access to the system(Using groups I guess) Not allow anonymous access, or allow it with its own folder, separate from the shared user folder Currently, I've got the accounts set up and jailed, but it seems like the symlink that I put in is not allowing them to visit the shared folder. I suppose this has to do with them not having read permissions anywhere but their own home directories, or maybe it's something else, I'll continue to look into it and provide any information that is requested. Is what I'm trying to do possible? Any tips or resources that you can share are appreciated. Thanks.

  Read the article

• Locking down a server for shared internet hosting.

  - by Wil

  Basically I control several servers and I only host either static websites or scripts which I have designed, so I trust them up to a point. However, I have a few customers who want to start using scripts such as Wordpress or many others - and they want full control over their account. I have started to do the basics - like on php.ini, I have locked it down and restricted commands such as proc, however, there is obviously a lot more I can do. right now, using NTFS permissions, I am trying to lock down the server by running Application Pools and individual sites in their own user, however I feel like I am hitting brick walls... (My old question on Server Fault). At the moment, the only route I can think of is either to implement an off the shelf control panel - which will be expensive and quite frankly, over the top, or look at the Microsoft guide - which is really for an entire infrastructure, not for someone who just wants to lock down a few servers. Does anyone have any guides that can put me on the correct path?

  Read the article

• How to analyse logs after the site was hacked

  - by Vasiliy Toporov

  One of our web-projects was hacked. Malefactor changed some template files in project and 1 core file of the web-framework (it's one of the famous php-frameworks). We found all corrupted files by git and reverted them. So now I need to find the weak point. With high probability we can say, that it's not the ftp or ssh password abduction. The support specialist of hosting provider (after logs analysis) said that it was the security hole in our code. My questions: 1) What tools should I use, to review access and error logs of Apache? (Our server distro is Debian). 2) Can you write tips of suspicious lines detection in logs? Maybe tutorials or primers of some useful regexps or techniques? 3) How to separate "normal user behavior" from suspicious in logs. 4) Is there any way to preventing attacks in Apache? Thanks for your help.

  Read the article

• How can I use fetchmail (or another email grabber) with OSX keychain for authentication?

  - by bias

  Every fetchmail tutorial I've read says putting your email account password clear-text in a config file is safe. However, I prefer security through layers (since, if my terminal is up and someone suspecting such email foolery slides over and simply types "grep -i pass ~/.*" then, oops, all my base are belong to them!). Now, with msmtp (as opposed to sendmail) I can authenticate using the OSX keychain. Is there an email 'grabber' that lets me use Keychains (specifically the OSX keychain) or at least, that lets me MD5 the password? This is a duplicate of my unanswered question on serverfault. I've put it on superuser because I'm doing this on a personal computer (viz. with OSX) so it's more of a superuser question.

  Read the article

• How can I set up VLANs in a way that won't put me at risk for VLAN hopping?

  - by hobodave

  We're planning to migrate our production network from a VLAN-less configuration to a tagged VLAN (802.1q) configuration. This diagram summarizes the planned configuration: One significant detail is that a large portion of these hosts will actually be VMs on a single bare-metal machine. In fact, the only physical machines will be DB01, DB02, the firewalls and the switches. All other machines will be virtualized on a single host. One concern that has been is that this approach is complicated (overcomplicated implied), and that the VLANs are only providing an illusion of security, because "VLAN hopping is easy". Is this a valid concern, given that multiple VLANs will be used for a single physical switch port due to virtualization? How would I setup my VLANs appropriately to prevent this risk? Also, I've heard that VMWare ESX has something called "virtual switches". Is this unique to the VMWare hypervisor? If not, is it available with KVM (my planned hypervisor of choice)?. How does that come into play?

  Read the article

• Barring connections if VPN is down.

  - by Majid

  I have a VPN account and use it for sensitive communication. However the VPN connection sometimes is dropped while my main connection to the internet is still alive. The pages I visit through VPN are on HTTP (not secure) and have javascript code which pings the host every minute or so on a timer. So it happens sometimes that the VPN connection is dropped and yet js sends a request to the server (with the cookies). How could I restrict connections so they only happen if the VPN is live? Edit - Some required details were missing OS: Windows XP SP2 Browser (mostly used): Google Chrome Firewall: Windows default Sites to filter: not all traffic but all in a list of sites like abc.com, xyz.com

  Read the article

• "This file came from another computer..." - how can I unblock all the files in a folder without having to unblock them individually?

  - by Schnapple

  Windows XP SP2 and Windows Vista have this deal where zone information is preserved in downloaded files to NTFS partitions, such that it blocks certain files in certain applications until you "unblock" the files. So for example if you download a zip file of source code to try something out, every file will display this in the security settings of the file properties "This file came from another computer and might be blocked to help protect this computer" Along with an "Unblock" button. Some programs don't care, but Visual Studio will refuse to load projects in solutions until they've been unblocked. While it's not terribly difficult to go to every project file and unblock it individually, it's a pain. And it does not appear you can unblock multiple selected files simultaneously. Is there any way to unblock all files in a directory without having to go to them all individually? I know you can turn this off globally for all new files but let's say I don't want to do that

  Read the article

• Securing a persistent reverse SSH connection for management

  - by bVector

  I am deploying demo Ubuntu 10.04 LTS servers in environments I do not control and would like to have an easy and secure way to administer these machines without having to have the destination firewall forward port 22 for SSH access. I've found a few guides to do this with reverse port (e.g. howtoforge reverse ssh tunneling guide) but I'm concerned with security of the stored ssh credentials required for the tunnel to be opened automatically. If the machine is compromised (primary concern is physical access to the machine is out of my control) how can I stop someone from using the stored credentials to poke around in the reverse ssh tunnel target machine? Is it possible to secure this setup, or would you suggest an alternate method?

  Read the article

• How to get back-to-work with a Windows 7 PC that has no admin account?

  - by Nam Gi VU

  Hi everyone, I have a PC which doesn't have the Administrator account active and the only user account left is a Guest user. I want to get back the admin account but I don't know how to do that with a guest user. I have tried searching the internet and try to use the Recovery Mode but adding/activating the admin account from DOS not working for me at all. Please help if you meet & solve it before! Thank you, Nam. ps. You can see my diigo try on solving this problem.

  Read the article

• Chrome - Why am I automatically authenticated to a web app even after clearing browser cookies?

  - by Howiecamp

  I am accessing a web application using Chrome. If I sign out of the app and clear all Chrome history/cookies/etc (even Flash cookies which are now handled by Chrome in the same Clear History area) and then re-access the site, I am automatically logged in without being prompted for credentials. I then launched Chrome in Incognito mode and was able to reproduce the same behavior. However, the I was prompted upon the first logon while in Incognito mode. The web application behaves as expected in Internet Explorer 10. Some info about the application: It's a Sharepoint site using NTLM authentication The credentials are Active Directory-based, as the username is domain\username My connection is over the Internet and there is no AD relationship between my local Windows account, my Windows PC. In other words I (meaning my locally logged on user and my PC) are not in any way part of their AD domain. The site is running SSL on port 443 Why might Chrome be automatically authenticating me?

  Read the article

• Inexpensive degaussers or HDD shredders?

  - by Nicholas Knight

  I do a lot of work for a small cash-strapped business that has a lot of active hard drives, most are consumer-grade SATA of about five years of age, and predictably they are dying at an increasing rate, and a lot of the time they can't even be detected, let alone complete a zero-out cycle. Right now those drives are just being stored, but that can't continue forever. We've got a couple bad LTO tapes it'd be nice to deal with, too. There are very real security and legal issues that make dropping them off with someone who claims they'll be properly destroyed a gamble. I've looked around at degaussers and HDD shredders, and the ones that don't look like they come from some guy in his basement all seem to be $3000+, which is hard to swallow right now. Is there anything out there in the $500-1500 range that you would recommend? (Speed isn't a big issue, if it takes several minutes or even hours per drive, that's completely OK, we've only got 10 or so thus far.)

  Read the article

• What is the best policy for user account on a Windows 7 Media Center shared by the whole family

  - by Matt Spradley

  What is a good way to manage user accounts for a Windows 7 Media Center PC that is part of an entertainment center for a family? Each family member keeps most of their personal stuff on their own computer. I was thinking the simple approach would be to create an admin account for management and then just create a "Family" user account w/o a password that is the default account used by the media center. This account would be used for the PVR, playing blu rays, music, etc. I don't think it is practical for someone to have to log in every time they use the media center.

  Read the article

• General High-Level Assessment

  - by tcarper

  Guys and Gals, I've been tasked with a doozy of an assignment. The objective is something akin to "laying of hands" on several database servers which work in concert to provide data to various Web, Client-Server and Tablet-Sync'd distributed Client-Server programs. More specifically, I've been asked to come up with a "Maintenance Plan" which includes recommendations for future work to improve these machines' performance/reliability/security/etc. Might there be some good articles on teh interwebs ya'll could point me towards which would give me some good basis to start? Articles describing "These are the top 4 overarching categories and this is how you should proceed when drilling down on each of them" sort-of-thing would be fabulous. The Databases are all SQL 2005, however the compatibility level is 80 and they were originally created with ERwin based on SQL 6.5. The OSs are all Windows Server 2003. Thanks all! Tim

  Read the article

• How useful is mounting /tmp noexec?

  - by Novelocrat

  Many people (including the Securing Debian Manual) recommend mounting /tmp with the noexec,nodev,nosuid set of options. This is generally presented as one element of a 'defense-in-depth' strategy, by preventing the escalation of an attack that lets someone write a file, or an attack by a user with a legitimate account but no other writable space. Over time, however, I've encountered arguments (most prominently by Debian/Ubuntu Developer Colin Watson) that noexec is a useless measure, for a couple potential reasons: The user can run /lib/ld-linux.so <binary> in an attempt to get the same effect. The user can still run system-provided interpreters on scripts that can't be run directly Given these arguments, the potential need for more configuration (e.g. debconf likes an executable temporary directory), and the potential loss of convenience, is this a worthwhile security measure? What other holes do you know of that enable circumvention?

  Read the article

• ssh Prompts For Password After Account Unlocked - Despite ssh key?

  - by user1011471

  Here's what happened: I set up ssh key so that user could ssh from A to B without a password. I got user's password wrong in some other context too many times, and user's account got locked out. (IT uses Active Directory here) IT unlocked the account. Concurrent to the unlocking, a script was running, calling something like ssh user@B some-health-check-command every 5 seconds or so -- which seemed to work fine before I caused user to get locked out in step 2. IT reports user reliably gets locked out a short time after each unlock attempt. I thought the ssh key would allow ssh user@B some-command as long as the account is not locked. But it behaves as if, when user gets unlocked, B suddenly asks for a password and since my command repeatedly runs without supplying a password, the account gets locked out after 5 attempts. Account cannot be accessed at this time. Please contact your system administrator. My questions are... Is that what's happening? Or: what's happening? More importantly: How can I reconfigure things such that my script doesn't cause problems? Can I accomplish what I want without having to install Expect? (I don't know if I have permission to do so) Other notes: Not using ssh-agent currently. The ssh command is running on our Jenkins master, a linux box. A and B are Mac OS X. user is managed in Active Directory and normally can sign into all three machines. Other than these things and the ssh key I set up, everything else has the default configuration as far as I know.

  Read the article

• How do I securely share / allow access to a drive?

  - by sleske

  To simplify backing up a laptop (Windows Vista), I'm planning on sharing its C: drive (with password protection) and using that to back it up from another computer. What are the security implications of this? If I share C: with a reasonable password, how big is the risk of compromise if the system is e.g. inadvertently used on a public WLAN or similar? Background: I'm planning to use [Areca Backup][1] to back up two systems (Windows XP and Vista). My current plan is to install Areca on the XP box, and share the Vista system's C: as a shared folder, so the XP system can read it. Then I can set up the drive as a network drive and have Areca read it like a local drive. Of course, if you can think of a more elegant way of doing this, I'm open to suggestions.

  Read the article

• Apache trailing slash added to files problem

  - by Francisc

  Hello! I am having a problem with Apache. What it does is this: Take /index.php file containing an code with src set to relative path myimg.jpg, both in the root of my server. So, www.mysite.com would show the image as would www.mysite.com/index.php. However, if I access www.mysite.com/index.php/ (with a trailing slash) it does the odd thing of executing index.php code as it would be inside an index.php folder (e.g. /index.php/index.php), thus not showing the image anymore. This is a simple example that's easy to solve with absolte addressing etc, the problem I am getting from this a security one that's not so easily fixed. So, how can I get Apache to give a 403 or 404 when files are accessed "as folders"? Thank you.

  Read the article

• What rights does an employer have to the employee's computer?

  - by Terrence Brannon

  What access rights should an employee grant an employer for a work computer? For instance, let's assume that the business people come to the IT lab late at night for discussions with the CIO and they use my computer for reading email and general web surfing. In a sense, this means that they are taking full or partial responsibility for any security issues that crop up that get traced back to the employee's machine. Perhaps the proper way to provide a computer to an employee is to give him full and exclusive use of it while employed. Only supervised access (such as hardware/software maintenance) should be acceptable.

  Read the article

• Enabling the Power State Change Beep

  - by digitxp

  I have a Thinkpad T430s. I found on other Thinkpads there's a beep when you plug or unplug the AC cord. While I hear a lot of people say it's annoying it seems like a very useful security feature. However, when I go into the Power Manager the option to beep on plugging/unplugging ("Power State Change Beep") isn't there, even though it's in the help file already. I know it would be easy to rig a software solution to this event, but it would kind of defeat the purpose if it doesn't beep when it's in sleep. Is there a way to get this beep on my laptop?

  Read the article

• Why does Windows Firewall show "Unidentified network" as one of my "Active public networks"?

  - by MousePad

  I have a machine that has wifi and ethernet. I have wifi active, and am not using ethernet. My Windows firewall shows two active networks, one is the wifi network I connect to, and the other is "Unidentified network". What is this unidentified network? I can't seem to be able to get rid of it because I can't find where it is even defined. How can you detect this and know whether this is just something appropriate or possibly a security problem? I am on Windows 7 64bit.

  Read the article

• Is there a limit of emails/pictures per Gravatar account?

  - by Steve Taylor

  I'm building a site to connect patients to doctors. Each doctor will have a profile picture. I'm quite happy to manually maintain the profile pictures as there won't be that many doctors nor will they have a need to change their picture very often, if at all. I thought of using Gravatar to host all these profile pictures. The idea is to create a single Gravatar account then keep adding email addresses to it in the form [email protected] and associating each one with a new image. Does anyone know, however, if I will run into any per-account limit? If so, it wouldn't be feasible because I would end up with a bunch of Gravatar accounts instead of just the one.

  Read the article

• Is it secure to store the cert/key on a private AMI?

  - by Phillip Oldham

  Are there any major security implications to bundling a private AMI which contains the private key/certificate & environment variables? For resiliency I'm creating an EC2 image which should be able to boot and configure itself without any intervention. After boot it will attempt to: Attach & mount specific EBS volume(s) Associate a specific Elastic IP Start issuing backups of the EBS volume(s) to S3 However, to do this it will need the private key/pem files and will need certain environment variables to be available on start-up. Since this is a private AMI I'm wondering if it will be "safe" to store these variables/files directly in the image so that I don't need to specify any user-data information and can therefore start a new instance remotely (from my iPhone, if needed) should the instance be terminated for any reason.

  Read the article

< Previous Page | 121 122 123 124 125 126 127 128 129 130 131 132  | Next Page >