Search Results

Search found 38739 results on 1550 pages for 'sql security'.

Page 153/1550 | < Previous Page | 149 150 151 152 153 154 155 156 157 158 159 160  | Next Page >

• Chrome Saved Passwords security issue

  - by Nalaka526

  If I save a password in Google chrome someone else can easily see the password from Setting -> Advance Settings -> Manage saved passwords -> Show (in required password field) and use it from another computer. Isn't it causing a security issue? I guess it is much secure if it display only the entry and all dots or something for the password (not the actual password). Is there any acceptable idea of showing the password to anyone this easily? Note: Firefox is also showing the actual passwords, I Didn't check in IE.

  Read the article

• security issue of Linux sudo command?

  - by George2

  Hello everyone, 1. I am using Red Hat Enterprise 5 Linux box. I find if a user is in /etc/sudoers file, then if the user run command with sudo, the user will run this command with root privilege (without knowing root password, the user runs sudo only need to input the user's own password in order to run a command with sudo). Is that correct understanding? 2. If yes, then is it a security hole? Since users other than root could run with root privilege? thanks in advance, George

  Read the article

• Help Installing SQL Server 2008 Express Edition

  - by Jordan S

  Ok I am running Windows 7, 64 bit. I cleaned of SQL server 2005 completely off my system leaving only SQL Compact Edition. I went here http://www.microsoft.com/downloads/details.aspx?FamilyID=01af61e6-2f63-4291-bcad-fd500f6027ff&displaylang=en and installed SQL Server 2008 Express Edition Service Pack 1. After the install, under my start bar menu all i have for SQL configuration tools are the Configuration Manager, Error and Usage Reporting and the Install Center. I don't have the SQL Managment Studio. So I went here http://www.microsoft.com/downloads/details.aspx?FamilyID=08e52ac2-1d62-45f6-9a4a-4b76a8564a2b&displaylang=en and downloaded the SQL Server 2008 Management Studio Express but when I try to install it I get a warning says This program has known compatibility issues and that I need to Install SQL Server 2008 Service Pack 1. I thought that is what I installed. So, I tried to continue running the install but I then get an error message that says Invoke or BeginInvoke can not be called on a Form before it is opened... How can I check if Service pack 1 is installed or not? What should I do? Also I rebooted my system and checked for Windows Updates and it says that Windows it up to date.

  Read the article

• mod_proxy security

  - by brad

  I'm on Debian Lenny using apache2. in my proxy.conf I tried adding Allow from localhost as suggested in some other forums to get proxying to work. Didn't work. It only worked if I say Allow from all My question is this. Are there any security implications to this Allow from all directive? Most people were saying to make this as limited as possible, but "all" is the client right? I want anyone regardless of their IP to be forwarded properly. Is there a better way to configure this?

  Read the article

• modsecurity apache mod-security.conf missing

  - by TechMedicNYC

  Greetings Serverfaultians. I'm not a server guy as you can see from my noob score of 1 point. But maybe those more versed can help me. I'm using Ubuntu v13.10 32-bit Server and Apache2 v2.4.6 and I'm trying to set up and configure modsecurity and modevasive on an internet-exposed production/test server. I am trying to follow this tutorial: http://www.thefanclub.co.za/how-to/how-install-apache2-modsecurity-and-modevasive-ubuntu-1204-lts-server. But at step 3: Now add these rules to Apache2. Open a terminal window and enter: sudo vi /etc/apache2/mods-available/mod-security.conf This file does not exist. Any suggestions?

  Read the article

• Security question pertaining web application deployment

  - by orokusaki

  I am about to deploy a web application (in a couple months) with the following set-up (perhaps anyways): Ubuntu Lucid Lynx with: IP Tables firewall (white-list style with only 3 ports open) Custom SSH port (like 31847 or something) No "root" SSH access Long, random username (not just "admin" or something) with a long password (65 chars) PostgreSQL which only listens to localhost 256 bit SSL Cert Reverse proxy from NGINX to my application server (UWSGI) Assume that my colo is secure (Physical access isn't my concern for the time being) Application-level security (SQL injection, XSS, Directory Traversal, CSRF, etc) Perhaps IP masquerading (but I don't really understand this yet) Does this sound like a secure setup? I hear about people's web apps getting hacked all the time, and part of me thinks, "maybe they're just neglecting something", but the other part of me thinks, "maybe there's nothing you can do to protect your server, and those things are just measures to make it a little harder for script kiddies to get in". If I told you all of this, gave you my IP address, and told you what ports were available, would it be possible for you to get in (assuming you have a penetration testing tool), or is this really protected well.

  Read the article

• SQL 2005 Install completly broken on laptop.

  - by ProfKaos

  My problems started when I set up an exploratory domain controller at home. During that process, I changed the name of my laptop, from 'erisia' to 'erisia-laptop', and this resulted in me losing my admin account on SQL Server 2005 on my laptop. SQL Server seems to store the machine name as part of the user name, so now my local admin account is 'erisia-laptop\brady', which SQL server didn't recognise. I thought I'd cut my losses and just re-install SQL 2005, but the first install was aborted, so I tried a complete uninstall, followed by the new install. The latter didn't work while the former worked way too well. Now every attempt at installing SQL Server 2005 SP2 on my laptop running XP SP3 ends in sadness, with MSXML6 being the cause, because it won't install on this OS version. WTF? Does anyone know what I can do to get SQL 2005 installed? It's the only full admin DB tool I have. SQL 2008 Express that installed with VS 2010 Beta 2 doesn't allow much server admin.

  Read the article

• How do I keep a table in sync across multiple SQL Databases?

  - by Refracted Paladin

  I have a Win Form, Data Entry, application that uses 4 seperate Data Bases. This is an occasionally connected app that uses Merge Replication (SQL 2005) to stay in Sync. This is working just fine. The next hurdle I am trying to tackle is adding Filters to my Publications. Right now we are replicating 70mbs, compressed, to each of our 150 subscribers when, truthfully, they only need a tiny fraction of that. Using Filters I am able to accomplish this(see code below) but I had to make a mapping table in order to do so. This mapping table consists of 3 columns. A PrimaryID(Guid), WorkerName(varchar), and ClientID(int). The problem is I need this table present in all FOUR Databases in order to use it for the filter since, to my knowledge, views or cross-db query's are not allowed in a Filter Statement. What are my options? Seems like I would set it up to be maintained in 1 Database and then use Triggers to keep it updated in the other 3 Databases. In order to be a part of the Filter I have to include that table in the Replication Set so how do I flag it appropriately. Is there a better way, altogether? SELECT <published_columns> FROM [dbo].[tblPlan] WHERE [ClientID] IN (select ClientID from [dbo].[tblWorkerOwnership] where WorkerID = SUSER_SNAME()) Which allows you to chain together Filters, this next one is below the first one so it only pulls from the first's Filtered Set. SELECT <published_columns> FROM [dbo].[tblPlan] INNER JOIN [dbo].[tblHealthAssessmentReview] ON [tblPlan].[PlanID] = [tblHealthAssessmentReview].[PlanID] P.S. - I know how illogical the DB structure sounds. I didn't make it. I inherited it and was then told to make it a "disconnected app." Go figure!

  Read the article

• "Account locked out" security event at midnight

  - by Kev

  The last three midnights I've gotten an Event ID 539 in the log...about my own account: Event Type: Failure Audit Event Source: Security Event Category: Logon/Logoff Event ID: 539 Date: 2010-04-26 Time: 12:00:20 AM User: NT AUTHORITY\SYSTEM Computer: SERVERNAME Description: Logon Failure: Reason: Account locked out User Name: MyUser Domain: MYDOMAIN Logon Type: 3 Logon Process: NtLmSsp Authentication Package: NTLM Workstation Name: SERVERNAME Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: - Source Port: - It's always within a half minute of midnight. There are no login attempts before it. Right after it (in the same second) there's a success audit entry: Logon attempt using explicit credentials: Logged on user: User Name: SERVERNAME$ Domain: MYDOMAIN Logon ID: (0x0,0x3E7) Logon GUID: - User whose credentials were used: Target User Name: MyUser Target Domain: MYDOMAIN Target Logon GUID: - Target Server Name: servername.mydomain.lan Target Server Info: servername.mydomain.lan Caller Process ID: 2724 Source Network Address: - Source Port: - The process ID was the same on all three of them, so I looked it up, and right now at least it maps to TCP/IP Services (Microsoft). I don't believe I changed any policies or anything on Friday. How should I interpret this?

  Read the article

• Why is autologon in Windows 7 a security risk

  - by Phenom

  If I set my Windows 7 account to automatically logon so I don't have to type a password, and I don't have to click my username on the logon screen, I heard it's a security risk. From Windows 7 Auto Login: Although I don’t personally recommend this, there are some people out there who don’t want to bother with using a password to protect their Windows user account. Of course, using a password in Windows isn’t required, only suggested. But even if you don’t fill one in, you still have to click your user icon to start the login process. An easier way - although again much less secure - is to enable auto-logins for your Windows PC. This is possible in Windows 7, as it was in prior versions, but it takes a little finagling to do so. (And for good reason, darn it.) What is risky about it besides people being able to logon locally? Does it make it easier for hackers to logon remoately?

  Read the article

• Chrome - SSL Security issue on Windows platforms?

  - by al nik

  Fortify.net is a service that displays what's the currently encryption key used by your browser in a https connection. If I browse this site with Chrome 4.1.249.1042 in WinXp SP3 the key used is RC4 cipher, 128-bit key This encryption is weak, and it's the one used by old browsers like IE6. Chrome works fine on Fedora9 and it uses AES cipher, 256-bit key as more modern browsers do (i.e.Firefox) I consider this a security issue. I'm considering to switch back to Firefox in Windows. Do you know if it's possible to change the default encryption key in Chrome?

  Read the article

• Running PHP scripts as the owner of the PHP file: security issues

  - by thomasrutter

  I'm using suexec to ensure that PHP scripts (and other CGI/FastCGI apps) are run as the account holder associated with the relevant virtual host. This allows for securing each users' scripts from reading/writing by other users. However, it occurs to me that this opens up a different security hole. Previously, the web server ran as an unprivileged user, with read-only access to user's files (unless the user changed the file permissions for some reason). Now, the web user can also write to user's files. So while I've prevented different users taking advantage of each other's scripts, I've made it so that in the event that some application has a remote code injection vulnerability, it now has not only read access but also write access to all that user's scripts and website. How can I deal with this? One idea I've had is to create a second user account for each user account in the system, so that each user has their own user account, and all their scripts are run under another user account. But that seems cumbersome.

  Read the article

• Security issues of running PHP scripts as the owner of the PHP file with suexec

  - by thomasrutter

  I'm using suexec to ensure that PHP scripts (and other CGI/FastCGI apps) are run as the account holder associated with the relevant virtual host. This allows for securing each users' scripts from reading/writing by other users. However, it occurs to me that this opens up a different security hole. Previously, the web server ran as an unprivileged user, with read-only access to user's files (unless the user changed the file permissions for some reason). Now, the web server can also write to user's files. So while I've prevented different users taking advantage of each other's scripts, I've made it so that in the event that some application has a remote code injection vulnerability, it now has not only read access but also write access to all that user's scripts and website. How can I deal with this? One idea I've had is to create a second user account for each user account in the system, so that each user has their own user account, and all their scripts are run under another user account. But that seems cumbersome.

  Read the article

• Can't Start SQL Server 2005 Agent - Start/Stop Are Not Enabled

  - by DaveB

  We have a brand new install of SQL Server 2005 on a Windows 2008 Server. When using the SQL Server Management Studio (2005 or 2008) from my Windows XP Professional workstation, if I right click on the SQL Server Agent, I get the context menu but the Start and Stop options are not enabled(grayed out). I am using Windows authentication, I am a member of the SysAdmin and Public SQL Server roles. Also, when right clicking on Maintenance Plans and selecting New Maintenance Plan, nothing happens. I was able to create a maintenance plan with the wizard but now am unable to execute it because SQL Server Agent isn't running? From what I was told by an admin who had access to the server, he was able to login to the box using the domain administrator account and start the SQL Server Agent service from the services applet or from the local instance of SQL Server 2005 Management Studio. Even after he started the service, it still didn't appear to be running from my workstation view through the management studio. What do I need to change to allow me to administer the agent and maintenance plans from my workstation? If I wasn't clear about anything, feel free to ask for clarification.

  Read the article

• SQL Server Offsite Backups

  - by Eric Maibach

  We have about !TB of SQL Server databases, and these databases generate about 200GB of data changes each day. Up to this point we have been doing Weekly full backups, daily diff backups, and hourly transaction log backups. The full and diff backups are backed up to tape and taken offsite each day. We have been trying to move away from tapes, and our IT department purchased a Barracuda Backup device that backups up data and then sends it offsite using our internet connection. I have been trying to get this to work for our SQL Server backups, and have ran into a number of problems. I normally like to just use SQL Server to perform backups instead of trying to use a agent, so that is what I tried first. However the Barracuda device was not able to dedup these files very well, so it ended up being to much data to try to send offsite and to archive. I then tried installing the Barracuda agent and using it to backup the SQL Server databases. However the problem I am having there is that on some of the database servers I also have files that need backed up, and I cannot find a way to create seperate backup schedules for the file backups and the SQL Server backups. Barracuda only does full or transaction log backups. So if I want to do hourly transaction log backups I end up doing a file system backup every hour (which is not good), or if I only schedule the backups to run once a night I either have to do a full backup every night, or only do a transaction backup once a day. None of these scenarios are good options. My question is, how is everyone else getting their large SQL Server database backups offsite. Are you just using tape, or have you found a offsite backup device that works well? Is anybody else using Barracuda to backup their SQL Server databases? If you do, then how do you have it setup?

  Read the article

• Apache security for multi-user development web server.

  - by mrmartinblue

  I've been searching and reading through documents all morning and understand that I need to use some combination of chown and probably 'jailing' to securely give programmers access to directories on my centos webserver. Here's the situation: I have an apache web server that has any number of virtual sites located in /var/www/site1 /var/www/site2 etc.. I have different developers that need full access both ssh and vsFTP to only the site they are working on. What is the best way to create and maintain security in this scenario. My thought would be to create a new user for each coder, jail that user to the website directory they are allowed to work in, add their user to a group and set the webroot's owner to that group. Any thoughts? Good, bad, ugly? Thanks!

  Read the article

• Set security on pattern of sub folders (Server 2003)

  - by Mark Major

  I have a folder structure similar to the one shown below these paragraphs. How do I change security on every 'Photos' folder without clicking through each individually in Windows Explorer? There are about 50 top level folders (Bob, Jim, Eva, etc, etc) which have the same layout of folders inside. I am keen for any suggestions, either scripting or GUI. I am on Windows Server 2003. Cheap/free method would be good, as the company is part of a registered charity. Ideally I would like to do this via DFS path. E.G. \\mycompany.local\Shared\Staff\Bob\ Thanks for reading. Thanks for any info. Mark Bob Review Profile Photos Jim Review Profile Photos Eva Review Profile Photos

  Read the article

• Editing the Microsoft Security Essentials context-menu

  - by GPX

  As all MSE users would know, the context-menu item that it adds to Explorer is really long, with one whole sentence "Scan with Microsoft Security Essentials...". Is there a way to edit this and shorten it? I figured out the the file shellext.dll is responsible for registering the context menu. I used ResEdit to edit the DLL and changed the string table entry from Scan with ($BrandName) to Scan with MSE. But it still won't change. I've also tried de-registering the DLL and then registering it again. No luck! Any ideas? Or am I doing something wrong?

  Read the article

• Security measures for CentOS

  - by cappuccinodrinker

  I have been tightening up my web server security and wanted to know what else I can do. I am running CentOS 5 with these measures: - All passwords to FTP, MySQL etc are generated from grc.com/passwords.htm and microsoft.com/protect/fraud/passwords/create.aspx (for the ones which cannot be too long). - Running iptables with all ports shut off except for http mail and smtp, the important ports like FTP SSH are blocked to all except my static office IP. There is also no response to pings. - Rootkit Hunter running daily - The server is PCI compliant according to Comodo - Not running any crappy made php apps, we use Zend Framework for our stuff and do have kayako installed and keep them up to date. Can't really think of anything else I can do... I could implement a brute force measure, but I think I already have by simply changing my SSH port to a number above 10000 and blocking it off with iptables.

  Read the article

• Linux Security/Sysadmin Courses in London?

  - by mister k

  Hi, My employer has offered to send me on a couple of training courses and I'm just looking for some recommendations. I'm mainly looking to improve my security and general sysadmin skills. I would like to do something focused on UNIX as I mainly work with Linux boxes (but also a couple of FreeBSD boxes). I don't want to do a study-from-home course, so I would need to find somewhere based in London. It would be great to hear from anyone who has some experience with this kind of course. The courses I've found so far are: www.learningtree.co.uk/courses/uk433.htm www.city.ac.uk/cae/cfa/computing/systems_it/linux.html www.city.ac.uk/cae/cfa/computing/systems_it/unix_tools_ss.html I'm not sure the City University courses are advanced enough as I already have experience... Thanks!

  Read the article

• Sql Server 2005 Connection Unstable When Sharing Connection

  - by intermension

  When connecting to a customers hosting service via Sql Server Management Studio on an internet connection that also has other activity on it, the Sql Server connection to the hosting service is often dropped. An obvious work around to this problem is to NOT have additional traffic on the connection but it still begs the question "Why the Sql Server connection is so unstable?". If there is, for arguments sake, 100kb of bandwidth and a couple of downloads running that are being serviced at 35kB each then there is 30kB bandwidth spare capacity. If a 3rd download is started, that can be serviced at 35kB by the server, it will top out at 30kB and leave zero spare capacity. This is fine and all downloads get along nicely. However it seems that with Sql Server connections it doesn't matter if there is spare bandwidth. Sql Server regularly times out if there is any additional activity on the connection even if i have 1024kB spare bandwidth capacity. This has been experienced across different customer hosting providers over the years and so the assumption is that it's Sql Server related. Why does Sql Server (apparently) require exclusive access to the internet connection in order to maintain a connection... even if that connection has plenty of spare capacity over and above any additional activity on the connection?

  Read the article

• How do I keep a table in Sync across 4 db's to be used in SQL Replication Filtering?

  - by Refracted Paladin

  I have a Win Form, Data Entry, application that uses 4 seperate Data Bases. This is an occasionally connected app that uses Merge Replication (SQL 2005) to stay in Sync. This is working just fine. The next hurdle I am trying to tackle is adding Filters to my Publications. Right now we are replicating 70mbs, compressed, to each of our 150 subscribers when, truthfully, they only need a tiny fraction of that. Using Filters I am able to accomplish this(see code below) but I had to make a mapping table in order to do so. This mapping table consists of 3 columns. A PrimaryID(Guid), WorkerName(varchar), and ClientID(int). The problem is I need this table present in all FOUR Databases in order to use it for the filter since, to my knowledge, views or cross-db query's are not allowed in a Filter Statement. What are my options? Seems like I would set it up to be maintained in 1 Database and then use Triggers to keep it updated in the other 3 Databases. In order to be a part of the Filter I have to include that table in the Replication Set so how do I flag it appropriately. Is there a better way, altogether? SELECT <published_columns> FROM [dbo].[tblPlan] WHERE [ClientID] IN (select ClientID from [dbo].[tblWorkerOwnership] where WorkerID = SUSER_SNAME()) Which allows you to chain together Filters, this next one is below the first one so it only pulls from the first's Filtered Set. SELECT <published_columns> FROM [dbo].[tblPlan] INNER JOIN [dbo].[tblHealthAssessmentReview] ON [tblPlan].[PlanID] = [tblHealthAssessmentReview].[PlanID] P.S. - I know how illogical the DB structure sounds. I didn't make it. I inherited it and was then told to make it a "disconnected app."

  Read the article

• SQL Server 2000, large transaction log, almost empty, performance issue?

  - by Mafu Josh

  For a company that I have been helping troubleshoot their database. In SQL Server 2000, database is about 120 gig. Something caused the transaction log to grow MUCH larger than normal to over 100 gig, some hung transaction that didn't commit or roll back for a few days. That has been resolved and it now stays around 1% full or less, due to its hourly transaction log backups. It IS my understanding that a GROWING transaction log file size can cause performance issues. But what I am a little paranoid about is the size. Although mainly empty, MIGHT it be having a negative effect on performance? But I haven't found any documentation that suggests this is true. I did find this link: http://www.bigresource.com/MS_SQL-Large-Transaction-Log-dramatically-Slows-down-processing-any-idea-why--2ahzP5wK.html but in this post I can't tell if their log was full or empty, and there is not any replies to the post in this link. So I am guessing it is not a problem, anyone know for sure?

  Read the article

• Security considerations for my first eStore.

  - by Rohit

  I have a website through which I am going to sell few products. It is hosted on a simple shared-hosting and does not have SSL. On the products page, each product has a Buy Now button created from my PayPal Merchant account. PayPal recommends to use it's Button Factory to create secure buttons and save it inside PayPal itself. I have followed the same advice and the code of any button is secure and does not disclose any information on either a product or it's price. When the user clicks on a Buy Now button, he/she is taken to PayPal site where a page is opened in SSL for the user to fill in the credit card and shipping details. After a successful transaction, the control is passed back to my site. I want to know whether there is still any chance when security could be compromised.

  Read the article

• How do I connect remotely to SQL Server from Windows client?

  - by humble_coder

  Hi All, Having a bit of an issue connecting to SQL SERVER remotely from Windows. I've verified that all of my settings are correct via SQL SERVER MANAGEMENT STUDIO EXPRESS and SQL SERVER CONFIGURATION MANAGER. I can connect remotely using ODBC drivers from other OSes (e.g. OS X, Linux, etc). However, when I connect with the same credentials from a remote Windows machine using "SQL SERVER" as the driver I am told that the system cannot connect. I've tried creating an ODBC Data Source and I get the same error: Connection failed: SQLState: '01000' SQL Server Error: 14 [Microsoft][ODBC SQL Server Driver][TCP/IP Sockets]ConnectionOpen(InvalidInstance()). Connection failed: SQLState: '08001' SQL Server Error: 14 [Microsoft][ODBC SQL Server Driver][TCP/IP Sockets]Invalid Connection From the non-windows machines I can use the IP address of the SQL Server just fine. However, on the remote Windows machine, neither IP address nor named instance works. FYI, I can create an ODBC Data Source using the named instance on the machine actually running the SQL Server (but this is, of course, nothing special -- just proof that it isn't completely hosed). One interesting note: If I use SQL STUDIO 2005 from a Windows client machine, I can use the IP address to connect remotely. Still, the whole reason I bring this up is because I need to use a software package I've written to connect to SQL Server remotely from Windows machines as well. Previously the solution was only needed to xfer data from SQL Server into a PostGRES or MySQL database on non-Windows machines (due to DBA preference). However, now they also want to move the data from the legacy software to MySQL even on Windows. Any assistance would be most appreciated. Feel free to provide a full example connection string. Best

  Read the article

< Previous Page | 149 150 151 152 153 154 155 156 157 158 159 160  | Next Page >