Search Results

Search found 8253 results on 331 pages for 'secure coding'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 175/331 | < Previous Page | 171 172 173 174 175 176 177 178 179 180 181 182  | Next Page >

  • CentOS PAM+LDAP login and host attribute

    - by pianisteg
    My system is CentOS 6.3, openldap is configured well, PAM authorization works fine. But after turning pam_check_host_attr to yes, all LDAP-auths fail with message "Access denied for this host". hostname on the server returns correct value, the same value is listed in user's profile. "pam_check_host_attr no" works fine and allows everyone with correct uid/password a piece of /var/log/secure: Sep 26 05:33:01 ldap sshd[1588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=my-host user=my-username Sep 26 05:33:01 ldap sshd[1588]: Failed password for my-username from 77.AA.BB.CC port 58528 ssh2 Sep 26 05:33:01 ldap sshd[1589]: fatal: Access denied for user my-username by PAM account configuration Another two servers (CentOS 5.7 Debian) authorizes on this LDAP server correctly. Even with pam_check_host_attr yes! I didn't edit /etc/security/access.conf, it is empty, only default comments. I don't know what to do! How to fix this?

    Read the article

  • Why does a browser dialog come up when an xmlhttprequest sends the wrong / no auth?

    - by Kyle
    How come the major browsers all bring up a login dialog when an xmlhttprequest does auth wrong or doesn't send it? I mean isn't this poor UI? Now a days it seems like a lot of people try http auth in jQuery, because theoretically it is quite easy - until the user fails to enter the correct data and is presented with the browsers dialog, which gets in their way, and they might have no idea what to do with it or why it's there? I don't know too much about these low level browser specifications but can someone bring this up with the RFC or webkit/gecko developers? jQuery digest auth could be powerful and user friendly if this was fixed. ** It seems like apache could also fix the problem on their side by not sending the header, but whichever one is the most secure way of doing this would be nice.

    Read the article

  • Why is autologon in Windows 7 a security risk

    - by Phenom
    If I set my Windows 7 account to automatically logon so I don't have to type a password, and I don't have to click my username on the logon screen, I heard it's a security risk. From Windows 7 Auto Login: Although I don’t personally recommend this, there are some people out there who don’t want to bother with using a password to protect their Windows user account. Of course, using a password in Windows isn’t required, only suggested. But even if you don’t fill one in, you still have to click your user icon to start the login process. An easier way - although again much less secure - is to enable auto-logins for your Windows PC. This is possible in Windows 7, as it was in prior versions, but it takes a little finagling to do so. (And for good reason, darn it.) What is risky about it besides people being able to logon locally? Does it make it easier for hackers to logon remoately?

    Read the article

  • Database/Web Server and SQL Server Setup - Security?

    - by Jess
    This seems really basic, but I couldn't find an answer already ... we are looking to deploy a website to an IIS server, and a database to a separate server. We aren't sure how to best secure this for access by internal users and internet. The IIS Server is not connected to the domain, and neither is the database at the moment. Should it be? Also, if we use SQL Server authentication instead of Windows Authentication, should we just hard-code the user/password into our internal apps?

    Read the article

  • Erase all traces of Windows 8

    - by user1032531
    Just bought a new HP pavilion desktop with Windows 8. I wish to totally remove Windows 8 and all data on the hard drive, remove any windows partitions, delete all data, and then install a fresh Linux. Problem is I can seem to get to boot from USB or boot from CD. It appears that Windows 8 added the following two "features": UEFI which substitutes what we have known as the BIOS Secure Boot which prevents anything but the installed operating system How do I completely and totally erase all traces of Windows 8? Is it still possible to reformat the hard drive? I don't want a duel boot, I don't want to go back to Windows 7, I just want anything Windows gone.

    Read the article

  • I'm receiving an SSL error in various browsers, but I can't find non-SSL content

    - by Scott Vercuski
    I'm receiving an error with my SSL connection. Using google chrome I see the following error: Your connection is encrypted with 128-bit encryption ... however this page includes other resources which are not secure I've scoured the source code, scripts and rendered code in the browser but cannot find where an http:// call is made. I've also used Fiddler2 to examine the traffic and everything is coming across via HTTPS. Has anyone run into this issue before and if so how did you go about finding the culprit. The website is running ASP.NET MVC3 in C#. The page in question is a simple payment page. The only external call is the google analytics tracking code. The page appears to load correctly, all images and scripts are in place.

    Read the article

  • DD-WRT login does not work on Linux in Virtualbox

    - by superuser
    I am running on Windows 8 and installed Lubuntu 13.04 in VirtualBox. I cannot login to DD-WRT in Virtualbox. I can login to DD-WRT on Windows 8. I have used the same credentials and tried many times, but to no avail. How can I login successfully to DD-WRT in VirtualBox? I have even tried searching on the Internet but I could not find any relevant solutions. Additional Information: Using Chromium ( I have tried it on Firefox and it does not work ) Enabled secure shell: but it still does not work. If you require more information, please kindly make a comment below.

    Read the article

  • CentOS / Redhat: Give file permission for apache and vsftp

    - by paskster
    I use CentOS 5.5 and Apache Webserver on my dedicated Server. My Folder "/var/www/myWebApp" is owned by apache, so that apache can read, write logs, etc.. But now I would like to use very secure FTP (vsftp) to upload my new files. I used to give every user rwx -Acess to "/var/www/myWebApp", but I guess this is way to insecure. On CentOS I created another user "ftpuser" for uploading files and that has "/var/www/myWebApp" as its home directory. How can I give him the permission to write into the "/var/www/myWebApp" without giving every user the same rights?

    Read the article

  • fail2ban and denyhosts constantly ban me on Ubuntu

    - by Trey Parkman
    I just got an Ubuntu instance on Linode. To secure the SSH on it, I installed fail2ban (using apt-get), but then had a problem: fail2ban kept banning my IP (for limited durations, thankfully) even though I was entering the correct password. So I removed fail2ban and installed denyhosts instead. Same problem, but more severe: It seems like every time I SSH in, my IP gets banned. I remove it from /etc/hosts.deny, restart denyhosts and log in again, and my IP gets banned again. The only explanation I can think of is that I've been SSH-ing in as root (yes, yes, I know); maybe something is set somewhere that blocks anyone who SSH-es in as root, even if they log in successfully? This seems bizarre to me. Any ideas? (Whitelisting my IP is a temporary fix. I don't want to only be able to log on from one IP.)

    Read the article

  • Does anybody wish to help a poor researcher publish a paper?

    - by Mihai Todor
    I don't know if this is a good place to beg for help, but here it goes: basically, I need to run a secure recommender system simulation (C++ console application) in order to meet tonight's deadline, and the faculty's server grid decided to go offline. I could really use something like 10+ (actually, about 16 would be required to meet the deadline) virtual instances of some Linux that has GMP installed... Ideally, they should all have the same specs, because a part of the simulation will represent performance benchmarks. If my question is inappropriate in any way, I kindly ask the administrators to remove it.

    Read the article

  • windows 7 file permission problem

    - by user20989
    i download one zip folder and extract it in windows 7. after extracting it shows file names with green color. now when i try to open any file, it give error access denied. even i set the permission on that file for full control, same error is coming. if i extract same folder in windows vista or xp no error. actually attribute of file is AE and when i right click on file and then select properties-- general-- advance -- encrypt contents to secure data is selected. if uncheck this option i can't apply it again gives error permission denied. Thanks

    Read the article

  • Looking for a reliable web provider that supports ASP.NET? Shared LAMP account a plus.

    - by Cory Charlton
    My title is probably not very clear but here's the deal. I'm a software engineer with experience in many languages but my current focus is Windows/Web applications using C# and .NET. I'm currently running a personal blog using WordPress and love it. I need to setup a website for my consulting company and, while I enjoy the canned benefits of a CMS like WordPress, would like to build a custom ASP.NET site. Either way my current LAMP host is not secure so I'm looking to switch and looking for a reliable alternative. My ultimate wish list of requirements would be a cost-effective (currently spending ~$120/yr for web+domain hosting) host that would allow me to deploy my own ASP.NET code and host a WordPress blog (IIS w/ PHP to external MySQL or separate LAMP site). Thanks in advance for your recommendations (Google is not good for this type of search :-D) Edit: I'm fine if I have to ditch WordPress. Really I'm just looking for a good ASP.NET host, the WordPress compatibility would be a plus.

    Read the article

  • Different file locations for http v https on IIS?

    - by Jeremy Morgan
    We have a server running IIS and have some folders running under https, but most are open. The problem I'm having is when someone is directed from a page in the secure section of the site, the relative link brings up https. For example: link to /pictures goes to http://www.mysite.com/pictures But if someone is on a secured part of the site https://www.mysite.com/shoppingcart And then clicks back to /pictures, they get https://www.mysite.com/pictures so the pictures directory is shown under https. My problem is, they get a 404 not found message when this happens. I could not find anything in the settings that would indicate that secured connections are pulling files from anywhere different than non-secured. If I type http or https on the main page of the site both come up fine. But if I try to add the https:// in a folder level, I get a 404. Any ideas why this might be happening?

    Read the article

  • FTP in DMZ, TCP Ports for LDAP Auth

    - by sam
    szenario: (outside)---(ASA5510)---(inside) -Windows2008 DC .....................(dmz) ..........-Win2008 FTP Server Which Ports do I need to open from DMZ-Inside that FTP Users can authentificated on the Inside DC? I have allready opend 389 (Ldap), 636 (secure Ldap) and 53 (dns). But the ftp Client stucks allways after processing the credentials and the FTP Server gives you an eventlog "logon error". the error messages indicates that there could be an issue with closed ports. if I turn the ACL to "IP", that means all ports are open, everything is working fine.

    Read the article

  • Industry Standard DNS & Authentication?

    - by James Murphy
    I'm just curious as to what is considered industry standard when it comes to doing DNS and authentication on an environment with mainly linux machines? Do people use Windows DNS & Windows AD to do it all if they have at least one windows server (well - alot might, but should they)? Does ANYONE use hosts files or local only user accounts on each server? What would people like Facebook/Google use for their DNS and authentication on their servers? We have an environment where we have about 10-15 linux servers and 1-2 windows servers. We are currently using Windows AD and Windows DNS but it doesn't seem like it's the most secure/stable/scalable way to do it for a mainly linux environment? We use RHEL as our linux environment.

    Read the article

  • Remove LCD Stand for Wall Mounting - FSM-270YG

    - by Benjamin Chambers
    Based on Jeff Atwood's post on Coding Horror, I ordered one of these monitors, and I've been absolutely loving it. However, I recently (i.e. today) took the next step in monitor-y goodness and fastened the sucker to an articulated wall mount. Unfortunately, I can't figure out how to remove the stand. The flat portion comes off with a single screw, but the leg it fastens to has no apparent method of removing it. Has anyone figured out a trick for removing these, so they don't just stick out below the screen? Should I remove the screws from the backside of the screen, and look for an internal connection to remove? Or just give up and live with it? (After all, it's a great display, it's floating in the air in front of me, and the stand leg is only a minor annoyance).

    Read the article

  • Implementing a form of port knocking + Phone Factor = 2 Factor auth for RDP?

    - by jshin47
    I have been looking into how to secure a publicly-available RDP endpoint and want to implement our two-factor authentication RADIUS server, PhoneFactor. I would like to implement the following process: User opens up web app in browser In web app, user enters username + password, initiates RADIUS auth Phone factor calls user to complete auth Once user is authenticated, port 3389 is opened on user's IP on pfSense firewall. After some amount of time, firewall rule is removed for that IP I would like to know the following: Is this a typical setup? If it is a bad idea, please explain why. If it is possible, are there any packages that assist with this? Specifically, the third step, where the appropriate firewall rule would need to be added... Edit: I am aware of TS Web Gateway, but I want the users to be able to use the traditional RDP client...

    Read the article

  • Configuration of Sonicwall Load Balancing

    - by jacke672
    We installed a Sonicwall NSA 240 appliance and have configured it up for our SSL VPN connection and for load balancing with 2 ADSL lines. Over the past week, I have been testing the load balancing options to optimize the connection speeds for our users - but I've run into the following: Round Robin load balancing is the ideal load balancing setting and it's roughly doubling our throughput- but, when it's active users are unable to access any SSL enabled websites such as banking, web-mail, etc. For this reason, I have been using percentage based balancing as it allows me to enable source and destination IP binding, which doesn't 'break' any secure connections but were left with the slow connection speeds we had before adding the second line. I'm looking for a method in which we can take advantage of the round robin connection speeds while allowing users to access sites with SSL certificates, all while still allowing our remote (vpn) users to connect. Any help would be appreciated. Thanks

    Read the article

  • Google Chrome never renders fonts properly / no smoothing etc

    - by Christian Ivicevic
    A while ago I started using Chrome and no longer Firefox, however I found out something weird which maybe force me to return to Firefox if I can not fix this. I am coding a homepage and the output was in Chrome ugly, in Firefox not. I thought "ok this is maybe due to bad code"... however I found out that the same problems occurs on different sites like Facebook too. The font is not smoothed and it is not nice to read. Here is an example, although I have censored nearly everything... Bad Chrome Rendering Good Firefox Rendering You may need to open up in a new tab to see the errors in detail. Now I want to know, whether this is just Chrome trolling me or maybe something else. EDIT I tried it out under Ubuntu on my PC and it works well... seems to be an error on Windows/Chrome on Windows.

    Read the article

  • Mouse button and keypress counter for Linux?

    - by rakete
    I would like to have some kind of statistic of my daily mouse/keyboard usage to help me make my keyboard layout a little bit more efficient. There is already an question about how to do this on windows, but I would like to know I anyone is aware if this is possible under linux. Another thing I already found is key-mon, a little program for screencasts that displays your mouse and keyboard presses on the screen, which would help me achieve what I want with a little bit of python coding by myself. But still, if there was an solution already, that would be easier of course. PS: obfuscated link to key-mon because of spam prevention: hxxp://code.google.com/p/key-mon/

    Read the article

  • Using mod_wsgi with mpm_itk: socket permission issue

    - by djechelon
    I'm using mod_itk as MPM for increased security in shared environment. I also have a Firefox Sync Server within one of the VHosts I host. That vhost is restricted to a certain user via AssignUserId user group. The problem is that the socket /var/run/wsgi...whatever.sock is chmodded srwx------ and owned by Apache's wwwrun. While I configured the vhost with WSGIProcessGroup sync WSGIDaemonProcess sync user=djechelon group=djechelon processes=1 threads=5 I still get the error that Apache wants to access a socket that is not accessible and because of this gets an error. Is it possible to configure mod_wsgi in order to create different sockets with different owners for different applications or to chmod its socket in a different way (less secure)? Currently, I'm running Firefox Sync as the only WSGI application. Moving it to a vhost that doesn't AssignUserId could solve this problem but will force me to change URL (and buy an additional SSL certificate), so I wouldn't consider this

    Read the article

  • How do I securely execute commands as root via a web control panel?

    - by Chris J
    I would like to build a very simple PHP based web based control panel to add and remove users to/from and add and remove sections to/from nginx config files on my linode vps (Ubuntu 8.04 LTS). What is the most secure way of executing commands as root based on input from a web based control panel? I am loathe to run PHP as root (even if behind an IP tables firewall) for the obvious reasons. Suggestions welcome. It must be possible as several commercial (and bloated, for my needs) control panels offer similar functionality. Thanks

    Read the article

  • Ubuntu Startup xsp4

    - by Chin Ye
    when i type in terminal command are working fine root@syscomp:/var/www/WebSite2# xsp4 xsp4 Listening on address: 0.0.0.0 Root directory: /var/www/WebSite2 Listening on port: 9000 (non-secure) Hit Return to stop the server. but i m using script in /etc/init/GPS_WebSite.conf when the script are running fine, but not running in background when the script run one time and then closed, that is why my mono server are not running all the time, this is my GPS_WebSite.conf script, what i need to change to be running forever in background? start on login-session-start script exec > /tmp/debug-my-script.txt 2>&1 sleep 10 cd /var/www/WebSite2 xsp4 end script

    Read the article

  • How can I use structured references to a column in an Excel macro?

    - by Eshwar
    Here's an example that will explain things: Sheets("Plot Data July").Select ActiveSheet.ListObjects("tPDJuly").Range.AutoFilter Field:=2 ActiveSheet.ListObjects("tPDJuly").Range.AutoFilter Field:=4 So as you can see above, Field:=2 is a relative reference to the second field in the table called "tPDJuly". So now if I add more columns, this number does not get updated. The field is actually called "Grade" in the table. So is there a way of coding this so that no matter which column it is in, "Grade" is always updated? I suppose one solution is that we add a line that find what is the column number for "Grade"?

    Read the article

  • What is the impact of Windows 8 with UEFI on normal users?

    - by Sam
    I am a normal man-in-the-street computer user and so do not really understand what this is about, but I want to. Can someone please explain to me if: The Windows 8/UEFI secure boot thing will make it impossible to run normal/legacy applications in Windows 8 (as they will be unsigned)? It will turn Windows into an Apple-like system where only Microsoft approved applications can be run? As I say, I'm a normal user, and that is the overall impression I have from reading all the blogs, etc about it. If, on the other hand, all it does is make sure the system is booting a signed OS, how does this prevent malware (which is what at least two Microsoft blogs that I read seemed to be saying), given that most malware is not part of the boot process? The only way I can see this making sense is if it is ensuring that all OS components are signed. Is that it? Like I say, I'm a mortal, so please don't get technical on me, but rather explain how it will affect me, the user.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 171 172 173 174 175 176 177 178 179 180 181 182  | Next Page >