Search Results

Search found 22139 results on 886 pages for 'security testing'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 169/886 | < Previous Page | 165 166 167 168 169 170 171 172 173 174 175 176  | Next Page >

  • Apache trailing slash added to files problem

    - by Francisc
    Hello! I am having a problem with Apache. What it does is this: Take /index.php file containing an code with src set to relative path myimg.jpg, both in the root of my server. So, www.mysite.com would show the image as would www.mysite.com/index.php. However, if I access www.mysite.com/index.php/ (with a trailing slash) it does the odd thing of executing index.php code as it would be inside an index.php folder (e.g. /index.php/index.php), thus not showing the image anymore. This is a simple example that's easy to solve with absolte addressing etc, the problem I am getting from this a security one that's not so easily fixed. So, how can I get Apache to give a 403 or 404 when files are accessed "as folders"? Thank you.

    Read the article

  • Run application with other user

    - by user62367
    OS: Fedora 14 GUI: GNOME I need to run an application with another user then the "default" (normally used). Purpose: create a ".desktop" file on my desktop to run e.g.: Google Chrome with another user (NOT ROOT! - so beesu doesn't count.) There aren't any gksu, or kdesu packages in Fedora 14. Why? So i want to create a user with "adduser SOMEONE", and i want to run e.g.: Google Chrome with "SOMEONE" - then it will have minimum permissions, "more security". Thank you!

    Read the article

  • Preventing - Large Number of Failed Login Attempts from IP

    - by Silver89
    I'm running a CentOS 6.3 server and currently receive emails entitled "Large Number of Failed Login Attempts from IP" from my server every 15 minutes or so. Surely with the below configured it should mean only the person using the (my static ip) should be able to even try and log in? If that's the case where are these remote unknown users trying to log into which is generating these emails? Current Security Steps: root login is only allowed without-password StrictModes yes SSH password login is disabled - PasswordAuthentication no SSH public keys are used SSH port has been changed to a number greater than 40k cPHulk is configured and running Logins limited to specific ip address cPanel and WHM limited to my static ip only hosts.allow sshd: (my static ip) vsftpd: (my static ip) whostmgrd: (my static ip) hosts.deny ALL : ALL

    Read the article

  • Creating a test database with copied data *and* its own data

    - by Jordan Reiter
    I'd like to create a test database that each day is refreshed with data from the production database. BUT, I'd like to be able to create records in the test database and retain them rather than having them be overwritten. I'm wondering if there is a simple straightforward way to do this. Both databases run on the same server, so apparently that rules out replication? For clarification, here is what I would like to happen: Test database is created with production data I create some test records that I want to keep running on the test server (basically so I can have example records that I can play with) Next day, the database is completely refreshed, but the records I created that day are retained. Records that were untouched that day are replaced with records from the production database. The complication is if a record in the production database is deleted, I want it to be deleted on the test database too, so I do want to get rid of records in the test database that no longer exist in the production database, unless those records were created within the test database. Seems like the only way to do this would be to have some sort of table storing metadata about the records being created? So for example, something like this: CREATE TABLE MetaDataRecords ( id integer not null primary key auto_increment, tablename varchar(100), action char(1), pk varchar(100) ); DELETE FROM testdb.users WHERE NOT EXISTS (SELECT * from proddb.users WHERE proddb.users.id=testdb.users.id) AND NOT EXISTS (SELECT * from testdb.MetaDataRecords WHERE testdb.MetaDataRecords.pk=testdb.users.pk AND testdb.MetaDataRecords.action='C' AND testdb.MetaDataRecords.tablename='users' );

    Read the article

  • How to disable Utility Manager (Windows Key + U)

    - by Skizz
    How do I disable the Windows Key+U hotkey in Windows XP? Alternatively, how do I stop the utility manager from being active? The two are related. The utilty manager is currently providing a potential security hole and I need to remove it*. The system I'm developing uses a custom Gina to log in and start a custom shell. This removes most Windows Key hotkeys but the Win+U still pops up the manager app. Update: Things I've tried and don't work: NoWinKeys registry setting - this only affects explorer hotkeys; Renaming utilman.exe - program reappears next login; Third party software - not really an option, these machines are audited by the clients and additional, third party software would be unlikely to be accepted. Also, the proedure needs to be reasonably straightforward - this has to be done by field service engineers to existing machines (machines currently in Russia, Holland, France, Spain, Ireland and USA). * The hole is via the internet options in the help viewer the utility app links to.

    Read the article

  • What rights does an employer have to the employee's computer?

    - by Terrence Brannon
    What access rights should an employee grant an employer for a work computer? For instance, let's assume that the business people come to the IT lab late at night for discussions with the CIO and they use my computer for reading email and general web surfing. In a sense, this means that they are taking full or partial responsibility for any security issues that crop up that get traced back to the employee's machine. Perhaps the proper way to provide a computer to an employee is to give him full and exclusive use of it while employed. Only supervised access (such as hardware/software maintenance) should be acceptable.

    Read the article

  • sysbench memory test on ec2 small instance

    - by caribio
    I'm seeing a problem with sysbench memory test (the default version that's compiled in). This is on Ubuntu Maverick, sysbench installed via apt-get install sysbench. Running the same thing on Ubuntu @ Rackspace worked just as expected. While the CPU and I/O tests worked fine on EC2 servers, the memory test just runs without doing anything (notice the 0M in the test results). The instance used was the publicly available 'stock' Ubuntu image with no changes to it: ./ec2-run-instances ami-ccf405a5 --instance-type m1.small --region us-east-1 --key mykey Supplying more arguments (such as: --memory-block-size=1K --memory-total-size=102400M) didn't help. What am I doing wrong? Thanks. sysbench --num-threads=4 --test=memory run sysbench 0.4.12: multi-threaded system evaluation benchmark Running the test with following options: Number of threads: 4 Doing memory operations speed test Memory block size: 1K Memory transfer size: 0M Memory operations type: write Memory scope type: global Threads started! Done. Operations performed: 0 ( 0.00 ops/sec) 0.00 MB transferred (0.00 MB/sec) Test execution summary: total time: 0.0003s total number of events: 0 total time taken by event execution: 0.0000 per-request statistics: min: 18446744073709.55ms avg: 0.00ms max: 0.00ms Threads fairness: events (avg/stddev): 0.0000/0.00 execution time (avg/stddev): 0.0000/0.00

    Read the article

  • PHP Requests Being Blocked After Making About 25 in Ten Minutes

    - by Daniel Stern
    We have an administrative portal where we run PHP functions through a Javascript portal using ajax for administrative purposes. For example, we might have a function called updateAllDatabaseEntries() which would call AJAX functions in rapid succession, with those functions each executing numerous SQL queries. The problem is after making several successive requests from the same computer (not an excessive amount, maybe 30 in ten minutes) the system will stop responding to any PHP, HTTP requests ETC ONLY from my computer. From other computers in the office the panel can still be accessed, and access is restored to this computer after about 15 minutes. We believe this is not a glitch but some kind of security feature built into our server, possibly relating to Suhosin and likely well-intentioned but currently preventing us from running our system administration. Server Info: Linux 2.6.32-5-xen-amd64 #1 SMP Tue Mar 8 00:01:30 UTC 2011 x86_64 GNU/Linux Cheers - DS

    Read the article

  • Any problems with using a 301 redirect to force https traffic in IIS?

    - by Jess
    Is there any problem with using a 301 redirect to force all traffic to go to a secure-only site? We originally had redirect rules, but enforcing SSL-only seemed more secure. Here is how we set it up: Site 1: https://example.com/ Require SSL set Bound to 443 only Site 2: http://example.com Bound to 80 only Empty folder - no actual html or other data 301 Redirects to https://example.com This seems to work beautifully, but are there any issues with doing this? Would any browsers not recognize the 301 redirect, or could there be security warnings during the redirect?

    Read the article

  • Which modules can be disabled in apache2.4 on windows

    - by j0h
    I have an Apache 2.4 webserver running on Windows. I am looking into system hardening and the config file httpd.conf. There are numerous load modules and I am wondering which modules I can safely disable for performance and / or security improvements. Some examples of things I would think I can disable are: LoadModule cgi_module others like LoadModule rewrite_module LoadModule version_module LoadModule proxy_module LoadModule setenvif_module I am not so sure they can be disabled. I am running php5 as a scripting engine, with no databases, and that is it. My loaded modules are: core mod_win32 mpm_winnt http_core mod_so mod_access_compat mod_actions mod_alias mod_allowmethods mod_asis mod_auth_basic mod_authn_core mod_authn_file mod_authz_core mod_authz_groupfile mod_authz_host mod_authz_user mod_autoindex mod_dav_lock mod_dir mod_env mod_headers mod_include mod_info mod_isapi mod_log_config mod_cache_disk mod_mime mod_negotiation mod_proxy mod_proxy_ajp mod_rewrite mod_setenvif mod_socache_shmcb mod_ssl mod_status mod_version mod_php5

    Read the article

  • Identifying program attempting to install certificate on windows

    - by R..
    I'm trying to help a friend using Windows (which I'm not an expert on by any means) who's experiencing malware-like behavior: a dialog box is repeatedly popping up reading: You are about to install a certificate from a certification authority (CA) claiming to represent: CE_UmbrellaCert Warning: If you install this root certificate, Windows will automatically trust any certificate issued by this CA. Installing a certificate with an unconfirmed thumbprint is a security risk. If you click "yes" you acknowledge this risk. AV and anti-malware scanners don't detect anything. My friend hasn't accepted installing the certificate, but whatever program is trying to install it keeps retrying, making the system unusable (constant interruptions). Is there any way to track down which program is making the attempt to install it so this program can be uninstalled/deleted?

    Read the article

  • Best client and server antivirus for 5 user office?

    - by drpcken
    I'm setting up an Active Directory environment for 5 users (very small) and I'm wondering what is the best antivirus for clients (Windows 7) and servers (Server 2008 R2 x64)? I use Symantec Corp at my organization (50+ users) but I think that is overkill for this company. I wanted to use Microsoft Security Essentials for the clients (I use it for home machines and it's the best free AV in my opinion) but I don't think it will work on the Servers (3 servers, PDC, TS, and File). They are behind a Sonicwall TZ 200. What would be the best. Free would be even better. Thank you!

    Read the article

  • Ownership/permissions of uploaded files

    - by Cudos
    Hello. I want to find out if I am on the right track. My script uploads files to the directory "images". The directory has this setup: owner/group = www-data Permissions = 700 Questions: Is this a good way to secure the directory from a hacker uploading files? Will the hacker be able to upload the files directly to the directory? Note: I have a bunch of other security measures in my upload script + an .htaccess script in the directory that disables script Execution. I just what to know if the permissions on the directory is sensible. I run apache 2.2

    Read the article

  • Why would Remote Assistance work but not Remote Desktop?

    - by Craig Johnston
    I have managed to get Remote Assistance working between two XP-Pro machines, but as soon as I try Remote Desktop I can't even get to the login screen without an error which gives a list of possibilities and concludes with "See your network administrator", which isn't very helpful. I have ramped up the security level on Remote Desktop including turning on encryption etc. Could this be the problem? I will only get a few hours on the machine at a time so I need to be well-prepared before I attack this problem again. Any ideas?

    Read the article

  • Windows Xp, Svchost.exe connecting to different ips with remote port 445

    - by Coll911
    Im using Windows Xp professional Sp2 Whenever i start my windows, svchost.exe starts connecting to all the possible ips on lan like from 192.168.1.2 to 192.168.1.200 The local port ranges from 1000-1099 and the remote port being 445. After its done with the local ips, it starts connecting to other random ips. I tried blocking connections to the port 445 using the local security polices but it didn't work Is there any possible way i could prevent svchost from connecting to these ips without involving any firewall installed ? since my pc slows down due to the load I'd be thankful for any advices

    Read the article

  • I need a script to lockdown the system time to users via gpedit.msc

    - by Chester
    I need to lockdown the system time on a number of PCs via gpedit.msc and then removing administrators from the group and then adding 'administrator' and 'polling'. Can I do this via a script? Essentially I have to; Run gpedit.msc Computer Configuration Windows Settings Security Settings Local Policies User Rights Assignment Double Click Change the system time Select Administrators Click Remove Click Add User or Group Type Administrator Click Check Names Type polling Click Check Names OK Apply OK Logoff I have to do this for a huge number of computers so is there a batch file I could run on each PC to do this? Your help would be very much appreciated. Best Regards

    Read the article

  • Siege - running a stress test benchmark

    - by morgoth84
    I need to do a benchmark test of a HTTPS server using Siege, to see how it behaves under massive load. I'm initiating tests from another machine which is quite powerful and it is connected to the same physical switch the server is connected on. But when I initiate a test, I can't get it to make more than 170 requests per second. With this load the server's CPU usage is at 15-20% and the average response time for a request is approx. 0.03 seconds. Load of the client machine is approx. at 10%. So, I gradually increase the number of users in Siege (the number of worker threads) and request rate linearly increases up to 170 reqs/sec, but it never gets over it. No matter how many more worker threads I start, the load on the server is never more than 20% (and the client's load also doesn't increase any more). How can I overcome this? I've googled a bit and found out that after a request is completed, a socket associated with one ephermal port remains in WAIT_TIME state for some time during which it can't be reused. I tried to overcome this by doing these things: sysctl -w net.ipv4.ip_local_port_range="1024 65535" echo 1 > /proc/sys/net/ipv4/tcp_tw_recycle Oh, and the client machine is a Linux (RedHat, I think, but I'm not sure). Any help would be appreciated.

    Read the article

  • Tool to launch a script driven by modem activity

    - by Will M
    Can anyone suggest a software tool (preferably under Windows XP or later) that would launch an application or script in response to a phone call being received on a landline phone line connected to a data modem on the same PC? or, better, in response to a sequence of touch-tones being played over such a phone line. This would allow, for example, using the telephone to manipulate firewall settings so as to create another layer of security in connection with remote internet access to that computer. I seem to recall seeing tools to do this sort of thing in the days before broadband internet access, when there was more attention to various tips and tricks for the dial-up modem, but a few attempts at Google hasn't turned anything up.

    Read the article

  • How to check the OS is running on bare metal and not in virtualized environment created by BIOS?

    - by Arkadi Shishlov
    Is there any software available as a Linux, *BSD, or Windows program or boot-image to check (or guess with good probability) the environment an operating system is loaded onto is genuine bare metal and not already virtualized? Given recent information from various sources, including supposed to be E.Snowden leaks, I'm curious about the security of my PC-s, even about those that don't have on-board BMC. How it could be possible and why? See for example Blue Pill, and a number of papers. With a little assistance from network card firmware, which is also loadable on popular card models, such hypervisor could easily spy on me resulting in PGP, Tor, etc. exercises futile.

    Read the article

  • How to merge several detached signatures from different people into one?

    - by Petr Pudlák
    A group of people wants to publish a file and they all want to digitally sign the file as different recipients of the file will have different chains of trust. For simplicity, it's desired that there is only one detached signature file with all the signatures, so that the recipients don't need to check them one by one: foo.tar.gz foo.tar.gz.sig However, for security reasons, every person needs to perform the signing on their computer, it's not possible to create the combined signature by having multiple private keys on one computer and performing the operation with one command. Is it possible with GPG to somehow merge detached signatures of a file from multiple participants?

    Read the article

  • What does the red x icon mean next to a user in folder permissions (Windows 7)

    - by Scott Szretter
    In trying to debug various strange issues on a machine, I found something strange - when I go to C:\Users\administrator and get properties, security tab, it lists the users (the local admin account, system, and 'administrator' which is the domain administrator account). It all looks fine in terms of permissions (full control, etc.) compared to other machines. The one difference is there is a small red circle with an X to the left of the user icon/name. Additionally, there are various folders where it says access denied under there - for example, my documents! Even logged in as the local machine administrator account (which is not named administrator), I am unable to change the permissions - it says access denied. Any ideas what this means and how to fix it? I even tried re-joining the machine to the domain.

    Read the article

  • Safety concerns on allowing connections to MySQL with no password on localhost?

    - by ÉricO
    In the case of a Linux system, is there any security concern to let MySQL users with standard privileges (that is, not the root users) connect to the database with no password from localhost? I think that enforcing a password even for localhost can add a layer of protection, since, with no password the database access would be compromised if the SSH access is itself compromised. Considering that, would it be less safe to allow no password connection to MySQL than having the same password for SSH and for MySQL? I don't know if that is to be taken into account, but we also use phpMyAdmin to let users administrate their own database. I am asking because I kinda dislike having to put our database passwords unencrypted in the source or configuration files of our applications, where they can easily be leaked unintentionally. Since our servers are configured to run our applications as the Linux user the application belongs to, I was considering allowing no password from localhost as a simple solution. So, would that be a very bad idea or not?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 165 166 167 168 169 170 171 172 173 174 175 176  | Next Page >