Search Results

Search found 8253 results on 331 pages for 'secure coding'.

Page 183/331 | < Previous Page | 179 180 181 182 183 184 185 186 187 188 189 190 | Next Page >

How to host my own cloud so that videos are viewable via desktop web browser?

- by jake9115

I want to host my own cloud storage solution, something like Dropbox but entirely dependent on my own central machine. This way things are more secure if setup correctly, and there are artificial storage limitations or pay-walls. Some thing similar to ownCloud: http://owncloud.org/ There is one important feature I want to have: the ability the stream movies in a web browser from my personal cloud to anywhere in the world. In the past I tried this with a NAS, and I mapped XBMC to the NAS via SFTP, and certain media types could stream in this manner. I've also used things like PLEX. In this case, I am looking for a single solution for personal cloud storage and movie streaming from that cloud into a web browser. Does anyone know if this can be accomplished? Thanks for the suggestions!

Read the article
Disabling certain JBoss ports

- by Rich

We are trying to configure JBoss 5.1.0 to be as lightweight and as secure as possible. One of the parts of this process is to identify and close any ports we do not need. Three ports that we have outstanding but don't believe we need are: 4457 - bisocket 4712 - JBossTS Recovery Manager 4713 - JBossTS Transaction Status Manager We don't think we need any of these features (but could be wrong). Bisocket seems to be a way for JMS clients behind a firewall to communicate with JBoss. We hardly use JMS now and when we do, it is very unlikely that we will need this firewall traversing ability. I am less sure about whether we need the two JBossTS ports - I am guessing these are used in a clustered environment - we aren't clustered. So my question is, how do we disable these ports (and associated processes where possible), or if we need these ports, why do we need to keep them open?

Read the article
SSL Certificate only works when session active in Server 2008

- by CodeMonkey1

I have a web app that uses an installed certificate to send a web request to a 3rd party web service. This has worked for a long time on Windows Server 2003, but just recently we found a problem with it on 2008 installations. When logged into the server as the same user the App Pool uses, either locally or via remote desktop, the web app and it's secure 3rd party request works fine. However, when there are no user sessions open, the 3rd party request fails, as if the certificate were not attached to the web request. Any ideas?

Read the article
Is disabling password login for SSH the same as deleting the password for all users?

- by Arsham Skrenes

I have a cloud server with only a root user. I SSH to it using RSA keys only. To make it more secure, I wanted to disable the password feature. I know that this can be done by editing the /etc/ssh/sshd_config file and changing PermitRootLogin yes to PermitRootLogin without-password. I was wondering if simply deleting the root password via passwd -d root would be the equivalent (assuming I do not create more users or new users have their passwords deleted too). Are there any security issues with one approach verses the other?

Read the article
For a particular domain, how can I cache its JSON responses locally?

- by Chris

I'm coding the frontend of a web app that uses XHR to grab JSON data from a 3rd party. The 3rd party service is slow and because of its API design, we need to make a LOT of API requests every time I refresh the page to test some new code. It's making the development loop painful. The requests are GETs, POSTs and PUTs even though I'm pretty sure none of the requests are changing state. I want to go to localhost for the JSON rather than to this 3rd party API - simply to make my development process faster.

Read the article
How can I prevent Apache from exposing a user's password?

- by Marius Marais

When using basic authentication (specifically via LDAP, but htpasswd also) with Apache, it makes the REMOTE_USER variable available to the PHP / Ruby / Python code underneath -- this is very useful for offloading authentication to the webserver. In our office environment we have lots of internal applications working like this over SSL, all quite secure. BUT: Apache exposes the PHP_AUTH_USER (=REMOTE_USER) and PHP_AUTH_PW variables to any application inside PHP. (PHP_AUTH_PW contains the plaintext password the user entered.) This means it's possible for the app to harvest usernames and passwords. Presumably the same information is available to Python and Ruby (all three are currently in use; PHP is being phased out). So how can I prevent Apache from doing this? One idea is to use Kerberos Negotiate authentication (which does not expose the password and has the benefit of being SSO), but that automatically falls back to Basic for some browsers (Chrome and in some cases Firefox), causing the password to be exposed again.

Read the article
Activating ssl on tomcat

- by toom

I want to encrypt the http traffic on a tomcat instance via ssl. Therefore I followed the most simplistic approach described on various webpages. But anyway it simply does not work. Here is what I did: "keytool -genkey -alias tomcat -keyalg RSA" and I enterd "changeit" as the password (since this is the defaut chosen by tomcat) Altering $CATALINA_HOME/conf/servers.xml by uncommenting the following line Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS"/ Restarting tomcat Entering https://localhost:8443 does not work. However, I can still access the page via normal http like http://localhost:8080 The logfile does not contain any suspicious information. What is going wrong here?

Read the article
migration of physical server to a virtual solution, what i have to do?

- by bibarse

Hello I'm new in this forum, so i would like that you forgive me for my blissfully and my low English level. I'm a trainee in company one month ago, and my mission is to migrate 3 physicals servers to a virtualization technology. The company edit softwares for E-learning so there are lots of data like videos, flash and compressed (zip). This is some inventory of the servers: OS: Debian, 2 redhat, apache, php/mysql, sendMail/Dovecot, webmin with virtualmin template to create dynamically the web sites because there is no sysadmin ... The future provider will be responsible of to secure, update and create the virtual machines (outsourcing) and with a RedHat OS's. So i want that you help me to choose a virtualisation technologie (for the i prefer KVM of Redhat RHEV, VMWare is expensive), how evaluate the hardware needs (this for evolution of 4 or 5 years) and to elaborate a good planing to don't forget any think. Thank you for your responses.

Read the article
iptables to allow input and output traffic to and from web server only

- by Caedmon

I have an Elastic Search server which seems to have been exploited (it's being used for a DDoS attack having had NO firewall for about a month). As a temporary measure while I create a new one I was hoping to block all traffic to and from the server which wasn't coming from or going to our web server. Will these iptables rules achieve this: iptables -I INPUT \! --src 1.2.3.4 -m tcp -p tcp --dport 9200 -j DROP iptables -P FORWARD \! --src 1.2.3.4 DROP iptables -P OUTPUT \! --src 1.2.3.4 DROP The first rule is tried and tested but obviously wasn't preventing traffic coming from my server to other IP addresses so I was hoping I could add the second two rules to full secure it.

Read the article
Suggestions for hosted file sharing services

- by Jon

Before I pose my question, I will give some insight as per my scenario: I work for a small business (cost is an important factor) Our bandwidth is limited and would not support an in-house FTP server We need to share files (mostly pdf, inDesign, Illustrator documents) to our clients, and as we expand, we are finding that our current locally-hosted FTP solution is too slow and is becoming a detriment to our sales team. What we need is a remotely hosted solution to share files with our clients, specifically with the following features: Greater than 100gb of secure storage The Ability to distribute unique log in credentials to clients, granting access to a personalized directory or folder, while limiting access to other files on the server. A relatively simple web-based UI for clients with limited computer knowledge We have considered a dedicated remote server, and web-based services (box.net, yousendit.com, onehub.com, filesanywhere.com) but I am unsure as per the direction we should be taking - have I left another solution out? What would you suggest? Thanks in advance.

Read the article
Logins with only HTTP - are they as insecure as I'm thinking?

- by JoeCool1986

Recently I was thinking about how websites like gmail and amazon use HTTPS during the login process when accessing your account. This makes sense, obviously, since you're typing in your account username and password and you would want that to be secure. However, on Facebook, among countless other websites, their logins are done with simple HTTP. Doesn't that mean that my login name and password are completely unencrypted? Which, even worse, means that all those people who login to their facebooks (or similar sites) at a wifi hotspot in public are susceptible to anyone getting their credentials using a simple packet sniffer (or something similar)? Is it really that easy? Or am I misunderstanding internet security? I'm a software engineer working on some web related stuff, and although at the current time I'm not too involved with the security aspect of our software, I knew I should probably know the answer to this question, since it's extremely fundamental to website security. Thanks!

Read the article
Increase Volume of an MKV Video from Linux Terminal

- by The How-To Geek

I've got a large amount of .MKV video files which seem to all play at a very low volume - I end up having to turn the TV up all the way to hear them, which is really irritating when I switch to another channel and wake the dead because it's so loud. What I'm looking for is a command-line method to increase the volume (so I can run it on all of them quickly) that would hopefully work regardless of the audio codec in use in the particular file. (I don't mind hard-coding the output audio though). For reference, I'm using Ubuntu 9.04 on my server, and the files are being played back with Boxee on a Mac Mini, but the volume problem is the same on Windows too.

Read the article
Linux (Ubuntu) USB Auth

- by themicahmachine

I want to be able to authenticate with PAM using a USB drive with a file on it. I've read about how to do this with a PAM module that reads the specific USB hardware ID of a device, but if the device malfunctions or is lost, there would be no way to authenticate. I would prefer to use the method BitLocker uses, requiring a particular file to be found on the drive in order to authenticate. That way I can keep another drive in a secure location as a backup. Any other suggestions are welcome. I just want to require a higher level of security that just a password.

Read the article
a safer no password sudo?

- by Stacia

Ok, here's my problem - Please don't yell at me for being insecure! :) This is on my host machine. I'm the only one using it so it's fairly safe, but I have a very complex password that is hard to type over and over. I use the console for moving files around and executing arbitrary commands a LOT, and I switch terminals, so sudo remembering for the console isn't enough (AND I still have to type in my terrible password at least once!) In the past I have used the NOPASSWD trick in sudoers but I've decided to be more secure. Is there any sort of compromise besides allowing no password access to certain apps? (which can still be insecure) Something that will stop malware and remote logins from sudo rm -rf /-ing me, but in my terminals I can type happily away? Can I have this per terminal, perhaps, so just random commands won't make it through? I've tried running the terminal emulations as sudo, but that puts me as root.

Read the article
HTTPS load balancing based on some component of the URL

- by user38118

We have an existing application that we wish to split across multiple servers (for example: 1000 users total, 100 users split across 10 servers). Ideally, we'd like to be able relay the HTTPS requests to a particular server based on some component of the URL. For example: Users 1 through 100 go to http://server1.domain.com/ Users 2 through 200 go to http://server2.domain.com/ etc. etc. etc. Where the incoming requests look like this: https://secure.domain.com/user/{integer user # goes here}/path/to/file Does anyone know of an easy way to do this? Pound looks promising... but it doesn't look like it supports routing based on URL like this. Even better would be if it didn't need to be hard-coded- The load balancer could make a separate HTTP request to another server to ask "Hey, what server should I relay to for a request to URL {the URL that was requested goes here}?" and relay to the hostname returned in the HTTP response.

Read the article
Running a service as root

- by kovica

I have a java program that I use to automate the process of creating VPN settings for clients. The program calls couple of bash scripts, create and copies files around. I have to run it under root user because the whole VPN config is under /etc/openvpn. For this directory I need root privileges. On the same machine I have Glassfish application server and it will call the mentioned Java program. Glassfish is run under non-root user. What is the best, most secure way of running a program as a root user of course without entering a password if I run it via sudo?

Read the article
Increase Volume of an MKV Video from Linux Terminal

- by The How-To Geek

I've got a large amount of .MKV video files which seem to all play at a very low volume - I end up having to turn the TV up all the way to hear them, which is really irritating when I switch to another channel and wake the dead because it's so loud. What I'm looking for is a command-line method to increase the volume (so I can run it on all of them quickly) that would hopefully work regardless of the audio codec in use in the particular file. (I don't mind hard-coding the output audio though). For reference, I'm using Ubuntu 9.04 on my server, and the files are being played back with Boxee on a Mac Mini, but the volume problem is the same on Windows too.

Read the article
Searching for online database software/cms

- by ButterdBread

I am searching for a software or CMS that manages and displays large online databases, as some kind of frontend to MySQL or any other database. It should be accessible through the browser, be as secure as possible (offering login). The data I'd like to store would be personal information such as name, adress and birthday - also I'd need to be able to add custom fields as well. Also forms and the possibility to download the data in an excel? table would be great. PHPmyadmin is not an option, it should be similar to a CRM but more closely adapted to managing database tables, searching for entries and filtering data. It should be possible to have many user accounts with different rights, with each of them being able to acces certain parts of the data and entering own data. Is there something out there, that might get close to what I imagine? I appreciate any help!

Read the article
Remote Destkop into Server 2008R2 with Firewall On

- by Eternal21

I've got a fresh install of Remove Server 2008 R2, 64 bit. The problem is I can't Remote Destkop into it. I clicked 'Enable Remote Desktop' inside 'Initial Configuration Tasks', and set it to: Allow connections only from computers running Remote Destkop with Network Level Authentication (more secure). The thing is, this used to work just fine, and then it stopped. The only way I can get it to work now is if I turn of Windows Firewall completely off (Public network location settings). Obviously I don't want to run the server with firewall off, so what specific settings in Firewall do I need to disable, or am I doing something wrong?

Read the article
Can I get some help on a javascript project?

- by HenryOrrin

I'm learning javascript and I thought it would be fun to build a "simple" calculator. I spent a few hours coding, and implementing the functions, but it only works partially. Can one of you look at my code and try and figure out what's wrong? The Calculator.zip Here's some explanation of the issues: the add(), subtract(), multiply(), and divide() methods work partially, not at all, or don't do as they're supposed to.. sometimes the 0 wont clear when the replaceDisplay() method evaluates the screen. If it helps, I'm also using jquery, so keep that in mind. Thank you!

Read the article
What does the NTFS encryption protect against?

- by Ray

I have encrypted a folder from the (PropertiesAdvancedEncrypt contents to secure data). However when I change my user profile to another one which is also an administrator the folder seems to be accessible as if nothing happened. What exactly does this encryption protect against. I'm looking to encrypt folders that no other user, or another OS or even if the HDD were to be removed and plugged to another device will be accessible. My OS is Windows 7 Ultimate. Any suggestions?

Read the article
Managing client passwords

- by HurkNburkS

I am just starting up a small website development business and one of the issues I am having is remembering passwords and account information for clients hosting, cpanel, ftp accounts etc. I was wondering what is the most suitable system / industry standard for controlling such information? Pretty marginal on the close there... I read the FAQ and I felt list this could be a common issue for webmasters, its defiantly not a coding questions so stackoverflow is out of the question and its not a broad question its focused on one particular aspect of being a webmaster.

Read the article
Does Microsoft offer a corporate IM/collaboration tool similar to Campfire? My googlefu skills appear to be failing me today.

- by user54266

I mentioned to my boss that we should look into a single unified IM client that we could use and secure on a corporate level, and then suggested Campfire. We're a primarily Microsoft house so he suggested we use something that would better integrate with SharePoint and the other tools our end users use in house. However, I'm not aware of any Microsoft tool that does something like this. Obviously there is MSN Messenger but I think/hope he wasn't referring to that. Other than a product from 2005 I haven't been able to locate a Microsoft corporate IM tool...does anybody know what he may have been talking about?

Read the article
Program for scanning, saving and restoring window position?

- by hellbell.myopenid.com

Is there some program for scanning, saving and restoring last window position? For example at this moment i have opened five window first is google chrome which is not opened at full screean but at half of display, second is notepad which is on right side, and third is cmd which is under notepad. So I want to use this combination of "layout" when primary using google chrome (surfing at internet), but if working primary at other program let's say word (writting text) i want to use other program and at different position (cause is effectivly). So the point is to easy switching from one "layout" to another. (Like in many program that support more modes, for example visual studio - debug layout, - coding layout, etc ...)

Read the article
How to prevent Windows 8 of erasing GRUB?

- by dirleyrls

I'm doing dualboot with Ubuntu and Windows 8 on my DELL Laptop. EFI is enabled, secure boot is not. My partitions are GPT. Everything seems to work for some time. After some normal use, GRUB stops working. The "ubuntu" EFI entry is still there on top of everything else. But the computer boots directly into the Windows Bootloader, skipping GRUB. Any clues on why is that happening or how can I prevent that? My current partiton setup is: - /dev/sda1 NTFS Windows recovery - /dev/sda2 FAT32 UEFI boot (with boot flag) - /dev/sda3 unknown (msftres flag) - /dev/sda4 NTFS Windows Drive C - /dev/sda5 ext4 /home - /dev/sda6 ext4 / I usually reinstall GRUB through chrooting from a Live Session and doing a apt-get install --reinstall grub-efi-amd64.

Read the article

< Previous Page | 179 180 181 182 183 184 185 186 187 188 189 190 | Next Page >