Search Results

Search found 120608 results on 4825 pages for 'code access security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 172/4825 | < Previous Page | 168 169 170 171 172 173 174 175 176 177 178 179  | Next Page >

  • Use Apache authentication + authorization to control access to Subversion subdirectories

    - by Stefan Lasiewski
    I have a single SVN repo at /var/svn/ with a few subdirectories. Staff must be able to access the top-level directory and all subdirectories within it, but I want to restrict access to subdirectories using alternate htpasswd files. This works for our Staff. <Location /> DAV svn SVNParentPath /var/svn AuthType Basic AuthBasicProvider ldap # mod_authnz_ldap AuthzLDAPAuthoritative off AuthLDAPURL "ldap.example.org:636/ou=people,ou=Unit,ou=Host,o=ldapsvc,dc=example,dc=org?uid?sub?(objectClass=PosixAccount)" AuthLDAPGroupAttribute memberUid AuthLDAPGroupAttributeIsDN off Require ldap-group cn=staff,ou=PosixGroup,ou=Unit,ou=Host,o=ldapsvc,dc=example,dc=org </Location> Now, I am trying to restrict access to a subdirectory with a separate htpasswd file, like this: <Location /customerA> DAV svn SVNParentPath /var/svn # mod_authn_file AuthType Basic AuthBasicProvider file AuthUserFile /usr/local/etc/apache22/htpasswd.customerA Require user customerA </Location> I can use Firefox and curl to browse to this folder fine: curl https://svn.example.org/customerA/ --user customerA:password But I cannot use check out this SVN repository: $ svn co https://svn.example.org/customerA/ svn: Repository moved permanently to 'https://svn.example.org/customerA/'; please relocate And on the server logs, I get this strange error: # httpd-access.log 192.168.19.13 - - [03/May/2010:16:40:00 -0700] "OPTIONS /customerA HTTP/1.1" 401 401 192.168.19.13 - customerA [03/May/2010:16:40:00 -0700] "OPTIONS /customerA HTTP/1.1" 301 244 # httpd-error.log [Mon May 03 16:40:00 2010] [error] [client 192.168.19.13] Could not fetch resource information. [301, #0] [Mon May 03 16:40:00 2010] [error] [client 192.168.19.13] Requests for a collection must have a trailing slash on the URI. [301, #0] My question: Can I restrict access to Subversion subdirectories using Apache access controls? DocumentRoot is commented out, so it's not clear that the FAQ at http://subversion.apache.org/faq.html#http-301-error applies.

    Read the article

  • How does one block unsupported web browsers?

    - by Sn3akyP3t3
    Web browsers with an end of life no longer receive security updates which not only makes them vulnerable to the end user, but I imagine its not safe for the server's which receive visits by them either. Is it practical to block or enforce and notify the end user that their browser is unsafe and unsupported? If so, how would one achieve that? I don't know of any official or crowd-sourced listing with that information to parse and keep up to date. I'm aware that the practice can be custom built with User Agent parsing and feature detection for HTML5 enabled browsers.

    Read the article

  • Warning about SSL ceritificate, am I under attack ?

    - by Bunny Rabbit
    Lately I've been getting a lot of warnings about SSL certifications on my pc, Empathy keeps telling me that Facebook's certificate is self-signed and can't be trusted, and also, there are occasional warnings in Google-Chrome about security. I remember the last one saying that that the page is secured but some of the resources that the page is using are not from a secure connection, something like that. Is my pc hacked / under attack? How can I check that, and if so, how can I safeguard myself? PS: One thing that comes to my mind is that I might be under an arp poisoning / spoofing attack.

    Read the article

  • Suggest-a-Session for Oracle Develop 2010: Last chance to get your paper submitted.

    - by olaf.heimburger
    While working with Oracle Technologies at customer projects we all come across solutions and ideas that are worth to share with a greater audience. When you missed the Call For Paper for Oracle OpenWorld and Oracle Develop you have the chance to get in. The Oracle Mix Community provides a tool called Suggest-a-Session for submitting and voting the sessions you would like to attend. My Suggestions When you pass by, do not forget to vote for my sessions. These are: Real-World Single Sign-On and ADF Security The Personal Newsletter Generator: Implement Cool Applications with ADF Faces Thank you for your support.

    Read the article

  • Reporting on common code smells : A POC

    - by Dave Ballantyne
    Over the past few blog entries, I’ve been looking at parsing TSQL scripts in a variety of ways for a variety of tasks.  In my last entry ‘How to prevent ‘Select *’ : The elegant way’, I looked at parsing SQL to report upon uses of SELECT *.  The obvious question leading on from this is, “Great, what about other code smells ?”  Well, using the language service parser to do that was turning out to be a bit of a hard job,  sure I was getting tokens but no real context.  I wasn't even being told when an end of statement had been reached. One of the other parsing options available from Microsoft is exposed in the assembly ‘Microsoft.SqlServer.TransactSql.ScriptDom’,  this is ,I believe, installed with the client development tools with SQLServer.  It is much more feature rich than the original parser I had used and breaks a TSQL script into intuitive classes for analysis. So, what sort of smells can I now find using it ?  Well, for an opening gambit quite a nice little list. Use of NOLOCK Set of READ UNCOMMITTED Use of SELECT * Insert without column references Explicit datatype conversion on Sargs Cross server selects Non use of two-part naming convention Table and Query hint usage Changes in set options Use of single line comments Use of ordinal column positions in ORDER BY clause Now, lets not argue the point that “It depends” as smells on some of these, but as an academic exercise it is quite interesting.  The code is available from this link :https://www.dropbox.com/s/rfk32sou4fzl2cw/TSQLDomTest.zip  All the usual disclaimers apply to this code, I cannot be held responsible for anything ranging from mild annoyance through to universe destruction due to the use of this code or examples. The zip file contains a powershell script and my test cases.  The assembly used requires .Net 4 to run, which means that you will need powershell 3 ( though im running through PowerGUI and all works ok ) .  The code searches for all .sql files in the folder hierarchy for the workingpath,  you can override this if you want by simply changing the $Folder variable, and processes each in turn for the smells.  Feedback is not great at the moment, all it does is output to an xml file (Smells.xml) the offset position and a description of the smell found. Right now, I am interested in your feedback.  What do you think ?  Is this (or should it be) more than an academic exercise ?  Can tooling such as this be used as some form of code quality measure ?  Does it Work ? Do you have a case listed above which is not being reported ? Do you have a case that you would love to be reported ? Let me know , please mailto: [email protected]. Thanks

    Read the article

  • Text limit on analytics event code

    - by Theo G
    I am just about to add the event code a button that downloads the pdf. Event code fields: _trackEvent(category, action, opt_label, opt_value, opt_noninteraction) Example of event code: onClick="_gaq.push(['_trackEvent', 'Videos', 'Play', 'Baby\'s First Birthday']);" I was just wondering if anyone knows if there is a text limit on the opt_value? Do you think the following would be too long 'Elmhurst School says IPC has made all the difference'?

    Read the article

  • How to Access Metro Apps from Windows Explorer in Windows 8

    - by Taylor Gibb
    Windows 8 comes with its new Metro Start Screen, which makes it easy to launch your Metro apps from that screen, but did you know you can access them from Windows Explorer too? Here’s how to do it. To get started you need to create a shortcut, so right-click on the desktop, and choose New –>  Shortcut. When you are asked for the location of the item, use the following: The HTG Guide to Hiding Your Data in a TrueCrypt Hidden Volume Make Your Own Windows 8 Start Button with Zero Memory Usage Reader Request: How To Repair Blurry Photos

    Read the article

  • Regular Expressions Cookbook Code Samples

    - by Jan Goyvaerts
    %COOKBOOKFRAME% One of the common criticisms against the first edition was that we didn’t have the regular expressions and code samples available for download. Since our book only has very short code snippets rather than complete programs, we (the authors) did not have these available as separate files either. But for the second edition we’re trying to do better. You can now download the code samples from the 2nd edition of Regular Expressions Cookbook. This HTML file contains all the blocks with regular expressions and source code from the book, along with the titles of the chapters, recipes, and sections that they are found in. If you have purchased the book, you can use this file to easily copy and paste the regular expressions and source code snippets. Even if you purchased the ebook, you may prefer to use this file. The regexes in the ebook are formatted with line breaks and gray dots for spaces to make them easier to read in print. The HTML file does not use such formatting, so you can copy and paste them directly. This means that some very regexes will run beyond the edge of your browser window.

    Read the article

  • Evolution has no access to couchdb

    - by berkes
    Evolution gives the error "Cannot open addressbook". "We were unable to open this addressbook. This either means you have entered an incorrect URI, or the server is unreachable". "Details: Operation not permitted". (rough translation from Dutch). Enabling verbose logging in (desktop)couchdb tells me roughly the same: [info] [<0.7875.1>] 127.0.0.1 - - 'PUT' /contacts/ 400 [debug] [<0.7875.1>] httpd 400 error response: {"error":"invalid_consumer","reason":"Invalid consumer (key or signature method)."} It seems that evolution tries to fetch the contacts, then couchdb denies access, and then evolution fails to do a proper oauth. This is on Ubuntu 10.10, with its default dektopcouch 1.0.1. Any hints on where to start would be most appreciated :)

    Read the article

  • How to setup passwordless SSH access for root user

    - by Cerin
    I need to configure a machine so software installation can be automated remotely via SSH. Following the wiki, I was able to setup SSH keys so my user can access the machine without a password, but I still need to manually enter my password when I use sudo, which obviously an automated process shouldn't have to do. Although my /etc/ssh/sshd_config has PermitRootLogin yes, I can't seem to be able to login as root, presumably because it's not a "real" account with a separate password. How do I configure SSH keys, so a process can remotely login as root on Ubuntu?

    Read the article

  • Ask the Readers: How Do You Browse Securely Away From Home?

    - by Jason Fitzpatrick
    When you’re browsing away from home, be it on your smartphone, tablet, or laptop, how do you keep your browsing sessions secure? This week we’re interested in hearing all about your mobile security tips and tricks. When you’re out and about you often, out of necessity or convenience, need to connect to open Wi-Fi hotspots and otherwise put your data out there in ways that you don’t when you’re at home. This week we want to hear about your tips, tricks, and applications for keeping your data secure and private when you’re away from your home network. Sound off in the comments with your tips and then check back on Friday for the What You Said roundup. HTG Explains: Why Linux Doesn’t Need Defragmenting How to Convert News Feeds to Ebooks with Calibre How To Customize Your Wallpaper with Google Image Searches, RSS Feeds, and More

    Read the article

  • How to access network folders from within windows 7 virtualbox

    - by musher
    At work we have fileshare storages accessible via the network. I'm not super familiar with this kind of networking, so I'm not 100% sure how to word this question/give enough details right away so please ask for any clarifications. That being said: Host: Xubuntu 14.04 Guest: Windows 7 enterprise Via thunar I can access these network drives fine by going to Browse Network > Windows Network > Server I want to use The name given in the address bar is: smb://SERVER-NAME So my question now, is how do I go about accessing these folders via my win 7 machine in virtualbox? I've searched but all I get is people who can't figure out shared folders between host/guest (which I've got working)

    Read the article

  • MODX based site has been compromised, and tagged by Google as malware

    - by JAG2007
    I'm the webmaster (inherited the site from the developer) for a site called kenbrook.org. The site is currently being tagged as malware infected by Google, and gives the following details: http://www.google.com/safebrowsing/diagnostic?site=kenbrook.org Sadly, this is the second time it has occurred. I posted the issue when it happened last year originally on Stackoverflow on this post, shortly after I inherited the site. At the time the fix was a simple removal of a few lines of code from a .js file, but I never did discover or resolve the vulnerability. The site is built on MODX, which neither I, nor the original builder, have any familiarity with. I've tried to check for security updates from MODX, but updating that software has been a real pain also. Sooo...what's my next step to getting this whole issue resolved? Or steps?

    Read the article

  • Can't access Ubuntu's shared folders from Windows 7

    - by endolith
    In Ubuntu Maverick, I've shared some folders using the Nautilus "Sharing Options" GUI. I can see them from Windows 7, but when I try to access them (from Windows) it asks for a username and password. No matter what I enter, it won't let me in. How do I configure this to share normally? Update: I've found that some of the shared folders let me in, but others don't. Of the ones that do, some of their subfolders do, others don't, etc. How can I investigate what's causing this?

    Read the article

  • How to unit test image processing code?

    - by rold2007
    I'm working in image processing (mainly OCR) and I wonder how I should integrate unit tests in my development. I'm already using unit tests for more "common" type of code but when dealing with image processing code I'm not sure how to deal with it. This kind of code always need some image data input/output and mocking this is not obvious. For now I'm mostly doing integration tests but they take a while to run and I would like some ideas on how to break down this kind of code into unit tests so that I can run them more quickly.

    Read the article

  • Variables in static library are never initialized. Why?

    - by Coyote
    I have a bunch of variables that should be initialized then my game launches, but must of them are never initialized. Here is an example of the code: MyClass.h class MyClass : public BaseObject { DECLARE_CLASS_RTTI(MyClass, BaseObject); ... }; MyClass.cpp REGISTER_CLASS(MyClass) Where REGISTER_CLASS is a macro defined as follow #define REGISTER_CLASS(className)\ class __registryItem##className : public __registryItemBase {\ virtual className* Alloc(){ return NEW className(); }\ virtual BaseObject::RTTI& GetRTTI(){ return className::RTTI; }\ }\ \ const __registryItem##className __registeredItem##className(#className); and __registryItemBase looks like this: class __registryItemBase { __registryItemBase(const _string name):mName(name){ ClassRegistry::Register(this); } const _string mName; virtual BaseObject* Alloc() = 0; virtual BaseObject::RTTI& GetRTTI() = 0; } Now the code is similar to what I currently have and what I have works flawlessly, all the registered classes are registered to a ClassManager before main(...) is called. I'm able to instantiate and configure components from scripts and auto-register them to the right system etc... The problem arrises when I create a static library (currently for the iPhone, but I fear it will happen with android as well). In that case the code in the .cpp files is never registered. Why is the resulting code not executed when it is in the library while the same code in the program's binary is always executed? Bonus questions: For this to work in the static library, what should I do? Is there something I am missing? Do I need to pass a flag when building the lib? Should I create another structure and init all the __registeredItem##className using that structure?

    Read the article

  • Apt-get take long time to update\upgrade

    - by ShockwaveNN
    On my work network any apt-get (or aptitude) commands take a very long time, it's look's like admins blocked some port for it (for unknown reason). For example sudo apt-get update take like 2 days and all I get - a very long list of responses like Get: 36 http://security.ubuntu.com precise-security/universe amd64 Packages [11.6 kB] Get: 37 http://security.ubuntu.com precise-security/universe amd64 Packages [11.6 kB] Get: 38 http://security.ubuntu.com precise-security/universe amd64 Packages [11.6 kB] Get: 39 http://security.ubuntu.com precise-security/universe amd64 Packages [11.6 kB] Get: 40 http://security.ubuntu.com precise-security/universe amd64 Packages [11.6 kB] Same situation then I try to download software Get:1 http://archive.ubuntu.com/ubuntu/ precise/main dash i386 0.5.7-2ubuntu2 [85.8 kB] Get:2 http://archive.ubuntu.com/ubuntu/ precise/main dash i386 0.5.7-2ubuntu2 [85.8 kB] Get:3 http://archive.ubuntu.com/ubuntu/ precise/main dash i386 0.5.7-2ubuntu2 [85.8 kB] Get:4 http://archive.ubuntu.com/ubuntu/ precise/main dash i386 0.5.7-2ubuntu2 [85.8 kB] Get:5 http://archive.ubuntu.com/ubuntu/ precise/main dash i386 0.5.7-2ubuntu2 [85.8 kB] Is there something I can do to change port for apt-get or something else

    Read the article

  • How much code should I be responsible for?

    - by Mick
    Through colleagues and exit interviews, I have heard that at my small company I am "responsible" for anywhere from 3-10 times more code than I would be at another job. I'm trying to look for some sort of fuzzy metric that I can use to compare my workload with others in my field. By "code responsibility", I don't mean "I'm the only one who knows area X of the code base" (though sadly, it's often true in a startup environment), but rather am referring to a number like "code_base_size/number_of_developers". Are there any resources I can use to help me more accurately measure my work load than just counting lines of code?

    Read the article

  • How to learn PHP effectively?

    - by Goma
    A dozen of bad tutorials out there that teach you bad habits especially when we speak about PHP. I want to learn how to avoid the things that can lead me to develop inefficient web applications. I like to learn from videos but most videos I've found on the internet are provided by people who do not follow good practices. My second option is to learn from books but I did not find a good book for starters in PHP! It would be very helpful for me if you can tell me about your story in learning PHP, what are things that I should avoid? How to learn about PHP security from the beginning to avoid unlearn something later on?. Please provide links to books, websites that provide high quality video tutorials for PHP, and you tips for a good start!

    Read the article

  • What You Said: Your Favorite Remote Desktop Access Tools and Tips

    - by Jason Fitzpatrick
    Earlier this week we asked you to share your favorite remote desktop access tools and tips; now we’re back to highlight your favorite tools and how you use them. The two prevailing themes among all the tools suggested were pricing and ease of deployment. On that front, LogMeIn had a strong following. Mtech writes: I use Logmein and am amazed the free version can be used even for business purposes. I also felt so bad and wanted to pay for the Pro version just out of gratitude but they called me personally from the USA and said why pay when the free version does all you need! What a company. HTG Explains: Why Do Hard Drives Show the Wrong Capacity in Windows? Java is Insecure and Awful, It’s Time to Disable It, and Here’s How What Are the Windows A: and B: Drives Used For?

    Read the article

  • Where I missed boot.properties.?

    - by Dyade, Shailesh M
    Today one of my customer was trying to start the WebLogic Server ( Production Instance) , though he was trying to start the server in a standard way, but it was failing due to below error :   ####<Oct 22, 2012 12:14:43 PM BST> <Warning> <Security> <BanifB1> <> <main> <> <> <> <1350904483998> <BEA-090066> <Problem handling boot identity. The following exception was generated: weblogic.security.internal.encryption.EncryptionServiceException: weblogic.security.internal.encryption.EncryptionServiceException: [Security:090219]Error decrypting Secret Key java.security.ProviderException: setSeed() failed> And it started failing into below causes. ####<Oct 22, 2012 12:16:45 PM BST> <Critical> <WebLogicServer> <BanifB1> <AdminServer> <main> <<WLS Kernel>> <> <> <1350904605837> <BEA-000386> <Server subsystem failed. Reason: java.lang.AssertionError: java.lang.reflect.InvocationTargetException java.lang.AssertionError: java.lang.reflect.InvocationTargetException weblogic.security.internal.encryption.EncryptionServiceException: weblogic.security.internal.encryption.EncryptionServiceException: [Security:090219]Error decrypting Secret Key java.security.ProviderException: setSeed() failed weblogic.security.internal.encryption.EncryptionServiceException: [Security:090219]Error decrypting Secret Key java.security.ProviderException: setSeed() failed at weblogic.security.internal.encryption.JSafeSecretKeyEncryptor.decryptSecretKey(JSafeSecretKeyEncryptor.java:121) Customer was facing this issue without any changes in the system, it was stable suddenly started seeing this issue last night. When we checked, customer was manually entering the username and password, config.xml had the entries encrypted However when verified, customer had the boot.properties at the Servers/AdminServer/security folder and DomainName/security didn't have this file. Adding boot.properies fixed the issue. Regards Shailesh Dyade 

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 168 169 170 171 172 173 174 175 176 177 178 179  | Next Page >