Search Results

Search found 22238 results on 890 pages for 'db security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 158/890 | < Previous Page | 154 155 156 157 158 159 160 161 162 163 164 165  | Next Page >

  • Pros/cons to turning off cable modem

    - by Jay
    A little off the wall perhaps, but ... I have a cable modem and a router for a wireless home network. Is it a good or a bad idea to turn it off at night and during the day when we're all at work or school? Or should I leave it on 24/7. I was thinking that leaving it on constantly makes me more vulnerable to hackers, not to mention wasting electricity. (Though I'd guess the amount of electricity used by a cable modem and a router is probably pretty trivial. Still, every little bit helps.) When I have turned it off and turned it on again, it takes several minutes for it to go through its little dialog with the cable company and get me connected to the Internet again, which is annoying but not a big deal. Anyone know any good reasons one way or the other?

    Read the article

  • How to run a service as a user who can't delete or update or create a file

    - by neeraj
    Mongodb is a web based console to try out Mongodb. I have created something similar to try out nodejs. In nodejs I am accepting user input and then I am performing eval on that command. Given the power of nodejs , someone from web console can create a file, delete files on the system or could execute 'rm -rf '. I was thinking will it be okay if I run node as a user called node. This user node will not have any privilege to write anything, create anything or update anything. The only access this user will have is read access. Will that work or that is too much of risk. What is a good strategy to handle such a situation?

    Read the article

  • Web Application Vulnerability Scanner suggestions?

    - by Chris_K
    I'm looking for a new tool for the ol' admin toolkit and would value some suggestions. I would like to do some "automated" testing of handful of websites for XSS (cross site scripting) vulns, along with checking for SQL injection opportunities. I realize that an automated tool approach isn't necessarily the only or best solution, but I'm hoping it would give me a nice start. The sites I need to scan cover the range in stacks from PHP / MySQL to Coldfusion, with some classic ASP and ASP.NET mixed in for good measure. What tools would you use to scan for Web application vulns? (Please note I'm focusing on the web apps directly, not the servers themselves).

    Read the article

  • Strategy to allow emergency access to colocation crew

    - by itsadok
    I'm setting up a server at a new colocation center half way around the world. They installed the OS for me and sent me the root password, so there's obviously a great amount of trust in them. However, I'm pretty sure I don't want them to have my root password on a regular basis. And anyway, I intend to only allow key-based login. On some cases, though, it might be useful to let their technical support log in through a physical terminal. For example, if I somehow mess up the firewall settings. Should I even bother worrying about that? Should I set up a sudoer account with a one-time password that will change if I ever use it? Is there a common strategy for handling something like this?

    Read the article

  • How do I protect my company from my IT guy?

    - by Jesse
    I'm going to hire an IT guy to help manage my office's computers and network. We're a small shop, so he'll be the only one doing IT. Of course, I'll interview carefully, check references, and run a background check. But you never know how things will work out. How do I limit my company's exposure if the guy I hire turns out to be evil? How do I avoid making him the single most powerful person in the organization?

    Read the article

  • Accessing my Rails webrick behind proxy?

    - by Eki Eqbal
    In my mackbook, when I try to connect to my rails application in office I can't , in the office there are some http proxy , and when I run my rails like this : sudo rails s -p8080 => Booting WEBrick => Rails 3.0.5 application starting in development on http://0.0.0.0:8080 => Call with -d to detach => Ctrl-C to shutdown server [2012-03-20 12:49:34] INFO WEBrick 1.3.1 [2012-03-20 12:49:34] INFO ruby 1.8.7 (2010-01-10) [universal-darwin11.0] [2012-03-20 12:49:34] INFO WEBrick::HTTPServer#start: pid=17439 port=8080 The local IP is : en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 ether f8:1e:df:d8:8c:25 inet6 fe80::fa1e:dfff:fed8:8c25%en1 prefixlen 64 scopeid 0x5 inet 10.21.21.240 netmask 0xffffff00 broadcast 10.21.21.255 media: autoselect status: active so when I try in the browser to trigger localhost:8080 or 10.21.21.240:8080 , it seems that I can't trigger my application as for the proxy check out the following : Any Ideas ?

    Read the article

  • linux/unix filesystem permissions hack/feature

    - by selden
    Can linux or other unix create a file that no user, including root, can modify unless they have the secret key? By "have the secret key" I mean they are using some crypto scheme. Here's a scenario if you aren't already downvoting: Bob encrypts something about file /foo (maybe inode?) using secret key K Alice tries "sudo rm /foo" and gets permission denied, so she decrypts something about file /foo using secret key K and then "sudo rm /foo" succeeds.

    Read the article

  • tacacs+ integrated with LDAP or database. Which is better?

    - by chingupt
    We are setting up TACACS+ in our network which is a mix of Cisco AP's and other brands. However we have a centralized managemnet system which allows our customers to configure services. Hence we would like to setup a tacacs+ server integrated with some central system. We have two options: Integrate with a central Database server which stores the user configuration. OR Integrate with a LDAP Server. Which is a better solution? Can you please suggest the pros and cons of using LDAP or Database? TIA Sachin

    Read the article

  • Noob proftpd questions

    - by Camran
    I have setup my VPS pretty much now, and want to upload some basic files to the server. How is this done in Ubuntu 9.10? I have PuTTY and use the terminal there... Is there any ftp program, like in regular managed hostings, to just upload files with? I was thinking about proftpd, but don't have a clue how to get it to work. I am using my home-laptop with windows xp to command the VPS. Thanks

    Read the article

  • Noob proftpd questions

    - by Camran
    I have setup my VPS pretty much now, and want to upload some basic files to the server. How is this done in Ubuntu 9.10? I have PuTTY and use the terminal there... Is there any ftp program, like in regular managed hostings, to just upload files with? I was thinking about proftpd, but don't have a clue how to get it to work. I am using my home-laptop with windows xp to command the VPS. Thanks

    Read the article

  • What does this strange network/subnet mask mean?

    - by dunxd
    I'm configuring a new ASA 5505 for deployment as a VPN endpoint in a remote office. After configuring it and connecting the VPN, I get the following messages: WARNING: Pool (10.6.89.200) overlap with existing pool. ERROR: IP address,mask <10.10.0.0,93.137.70.9> doesn't pair 10.6.89.200 is the address I configured for the ASA. It has the subnet mask 255.255.255.0. The ip address 10.10.0.0 corresponds to one of our subnets, but it certainly wouldn't have a subnet mask of 93.137.70.9. That looks more like a public IP address (and resolves to an ADSL connection somewhere). I am sure if we had such a subnet configured, that it would indeed overlap with 10.6.89.200. There is no reference to 93.137.70.9 in the config of this ASA or our head office ASA. Can anyone shed light on what is going on here? The sudden appearance of a strange subnet mask is a bit alarming.

    Read the article

  • Securely executing system commands as sudo from PHP

    - by Aydin Hassan
    Is it possible? I have written a command line tool in PHP for creating new environments for our company. It creates system users, directories, databases, VHosts and restarts apache, amongst other things. These commands require sudo privileges. I thought it might be a nice idea to have a web-interface for it, to make it easier for other non-developers to use. The web app would be behind authentication. When running from the command line I just run sudo tool.php, obviously I can't do this from a web app. How could I do this securely? Giving the apache user sudo access seems silly, as this would means all sites hosted on the box (eg all our environments) would have sudo access. Is it possible to make this tool run under a different user? this user could have sudo privileges for only the commands I need? How do things like plesk and cPanel do this? Any thoughts?

    Read the article

  • Start multiple Firefoxes; Xephyr rootless mode

    - by Vi
    How to have multiple independent instances of Mozilla Firefox 3.5 on the same X server, but started from different user accounts (consequently, different profiles)? Limited success was only with Xephyr :1, DISPLAY=:1 /usr/local/bin/firefox, but Xephyr has no Cygwin/X's "rootless" mode so it not comfortable. The idea is to have one Firefox instance for various "Serious Business" things and the other for regular browsing with dozens of add-ons securely isolated. /* Requested tags: xephyr rootless */

    Read the article

  • Applocker custom extension (Java, CPL, MSC etc.)

    - by test1839
    We have a Terminal server and want to prevent users from running inappropriate software. Previously we used Software Restriction Policies for this purpose. Now, Microsoft seems to recommend Applocker instead. However we found no possibilities to add custom extensions like JAR, CPL, MSC etc. which was possible in Software Restriction Policies. Do you know how to add custom extensions to the Applocker policies in Windows 2008? Or how can we block custom script interpreters like Perl etc.?

    Read the article

  • about crusher in stone,building

    - by sbmxuancao1221
    SBM has formed a whole production chain with main products: crushing machinery, grinding machinery, and auxiliary products: vibrating screen, vibrating feeder and other associated equipments. Products cover more than 20 models of 3 major series: mill series, crushing series, and sand making series.

    Read the article

  • fail2ban and denyhosts constantly ban me on Ubuntu

    - by Trey Parkman
    I just got an Ubuntu instance on Linode. To secure the SSH on it, I installed fail2ban (using apt-get), but then had a problem: fail2ban kept banning my IP (for limited durations, thankfully) even though I was entering the correct password. So I removed fail2ban and installed denyhosts instead. Same problem, but more severe: It seems like every time I SSH in, my IP gets banned. I remove it from /etc/hosts.deny, restart denyhosts and log in again, and my IP gets banned again. The only explanation I can think of is that I've been SSH-ing in as root (yes, yes, I know); maybe something is set somewhere that blocks anyone who SSH-es in as root, even if they log in successfully? This seems bizarre to me. Any ideas? (Whitelisting my IP is a temporary fix. I don't want to only be able to log on from one IP.)

    Read the article

  • Webserver logs: "Morfeus F***ing Scanner"

    - by Patrick
    I've just found these accesses in my web server log files: ::ffff:218.38.136.38 109.72.95.175 - [10/Jan/2011:02:54:12 +0100] "GET /user/soapCaller.bs HTTP/1.1" 404 345 "-" "Morfeus Fucking Scanner" ::ffff:218.38.136.38 109.72.95.174 - [10/Jan/2011:02:54:12 +0100] "GET /user/soapCaller.bs HTTP/1.1" 404 345 "-" "Morfeus Fucking Scanner" Should I start to worry ? Or is it just a normal attempt to hack my server ? thanks

    Read the article

  • shibboleth: tomcat failing to start IdP listener

    - by HorusKol
    I have installed a Shibboleth Identity Provider as per http://www.edugate.ie/workshop-guides/shibboleth-2-identity-provider-installation-linux-debian-or-ubuntu However, testing only gave me a 404 from Tomcat, and when I checked the Tomcat logs, I saw that the IdP listener was not starting: 10/01/2011 11:25:31 AM org.apache.catalina.startup.HostConfig deployDescriptor INFO: Deploying configuration descriptor idp.xml 10/01/2011 11:25:32 AM org.apache.catalina.core.StandardContext start SEVERE: Error listenerStart 10/01/2011 11:25:32 AM org.apache.catalina.core.StandardContext start SEVERE: Context [/idp] startup failed due to previous errors The IdP descriptor file has the following context: <Context docBase="/opt/shibboleth-idp/war/idp.war" privileged="true" antiResourceLocking="false" antiJARLocking="false" unpackWAR="true" /> I have confirmed that the WAR file is located as the Context above specifies - as I have found similar issues from other people where the WAR file was not found. However, the logs posted by those people indicate that the descriptor file was correctly read by Tomcat and their problem was with the WAR file itself. I'm assuming this is some kind of syntax error with the idp.xml, but cannot determine what it might be. Also - setting the Tomcat logging level to FINEST does not provide any additional information in the logs for this error.

    Read the article

  • Using a SD card as a smart card for two-step verification for Mac logon

    - by Greg Brown
    What I am trying to do is create two-step verification to logon to my mac, one being that you would need to input a SD card (formated with special format or something) and then also have a password. Is there any software out there that could do this or any way of programming it so that once it reads the SD Card it makes the password bar visible for logon. Would it be easier to do it with Linux since it is open source? Any help in the right direction is appreciated. Thanks

    Read the article

  • How is my password sent across when I check gmails/access bank site [closed]

    - by learnerforever
    What encryption is used when my password is sent across in gmails/when I do online banking? RSA? DSA? Public-private key encryption?. In key encryption, which entity is assigned a public/private key? Does each unique machine with unique MAC address has a unique public/private key? Does each instance of browser have unique key? Does each user have unique private/public key? How does session key come into picture? How do machines receive their keys?

    Read the article

  • Account sharing among Ubuntu machines

    - by muckabout
    I'd like a simple and secure system to have allow users in our network to have their account (e.g., 'myname') work on every machine in the network (e.g., such that they could ssh to any machine and have the same userid, mounted smb share). Any suggestions?

    Read the article

  • XP Suddenly asking for password

    - by ProfKaos
    Is there any sane explanation for a client's Acer Aspire 1 netbook, running XP Home SP 2, suddenly starting to ask for a login password at boot? He has a strict policy of not using passwords, and I removed his login password weeks ago. The story is that suddenly this morning, for the first time, it is asking for a login password.

    Read the article

  • XP Suddenly asking for password

    - by ProfKaos
    Is there any sane explanation for a client's Acer Aspire 1 netbook, running XP Home SP 2, suddenly starting to ask for a login password at boot? He has a strict policy of not using passwords, and I removed his login password weeks ago. The story is that suddenly this morning, for the first time, it is asking for a login password.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 154 155 156 157 158 159 160 161 162 163 164 165  | Next Page >