Search Results

Search found 120608 results on 4825 pages for 'code access security'.

Page 232/4825 | < Previous Page | 228 229 230 231 232 233 234 235 236 237 238 239  | Next Page >

• How can I protect files on my NGiNX server?

  - by Jean-Nicolas Boulay Desjardins

  I am trying to protect files on my server (multiple types), with NGiNX and PHP. Basically I want people to have to sign in to the website if they want to access those static files like images. DropBox does it very well. Where by they force you to sign in to access any static files you put on there server. I though about using NGiNX Perl Module. And I would write a perl script that would check the session to see if the user was sign in to give them access to a static file. I would prefer using PHP because all my code is running under PHP and I am not sure how to check a session created by PHP with PERL. So basically my question is: How can I protect static files of any types that would need the user to have sign in and have a valid session created with a PHP script?

  Read the article

• Can't start firewall or automatic updates in Windows XP

  - by Chris Porter

  On a friends laptop following some viruses infestations there is a problem in starting the Windows firewall. The error is: Could not start the Windows Firewall/Internet Connection Sharing(ICS) service on Local Computer. Error 2: The system cannot find the file specified When attempting to turn on automatic updates in the security centre, the message is: We're sorry. The Security Center could not change your Automatic Updates settings. To try changing these settings yourself, go to System in Control Panel. On the Automtic Updates tab, select Automatic (recommended), and then click OK. All the options under "Automatic Updates" are greyed out. I've tried the suggestions below and many others: http://windowsxp.mvps.org/sharedaccess.htm http://support.Microsoft.com/kb/892199 http://windowsxp.mvps.org/repairwmi.htm I can't do a repair install because the installer doesn't detect existing versions. It's XP pro service pack 3.

  Read the article

• Windows XP Pro 'Connect to' logon box greyed out with Guest

  - by HaydnWVN

  Have a machine i've just nuked and paved to be used in a public enviroment, yet still connected to a Workgroup. Would like it to prompt for a logon when accessing any of the network shares as different departments will be using it. It does prompt for a login but the username field is greyed out. Have disabled simple file sharing, disabled guest account, changed Local Security Policies (Network access Sharing and Security model to 'classic') all to no avail. A google around has lots of other people with the same issues, lots of 'fixes' with very few feedback. Of course none of these work for me! :)

  Read the article

• My server's been hacked EMERGENCY

  - by Grant unwin

  I'm on my way into work at 9.30 p.m. on a Sunday because our server has been compromised somehow and was resulting in a DOS attack on our provider. The servers access to the Internet has been shut down which means over 5-600 of our clients sites are now down. Now this could be an FTP hack, or some weakness in code somewhere. I'm not sure till I get there. How can I track this down quickly? We're in for a whole lot of litigation if I don't get the server back up ASAP. Any help is appreciated. UPDATE Thanks to everyone for your help. Luckily I WASN'T the only person responsible for this server, just the nearest. We managed to resolve this problem, although it may not apply to many others in a different situation. I'll detail what we did. We unplugged the server from the net. It was performing (attempting to perform) a Denial Of Service attack on another server in Indonesia, and the guilty party was also based there. We firstly tried to identify where on the server this was coming from, considering we have over 500 sites on the server, we expected to be moonlighting for some time. However, with SSH access still, we ran a command to find all files edited or created in the time the attacks started. Luckily, the offending file was created over the winter holidays which meant that not many other files were created on the server at that time. We were then able to identify the offending file which was inside the uploaded images folder within a ZenCart website. After a short cigarette break we concluded that, due to the files location, it must have been uploaded via a file upload facility that was inadequetly secured. After some googling, we found that there was a security vulnerability that allowed files to be uploaded, within the ZenCart admin panel, for a picture for a record company. (The section that it never really even used), posting this form just uploaded any file, it did not check the extension of the file, and didn't even check to see if the user was logged in. This meant that any files could be uploaded, including a PHP file for the attack. We secured the vulnerability with ZenCart on the infected site, and removed the offending files. The job was done, and I was home for 2 a.m. The Moral - Always apply security patches for ZenCart, or any other CMS system for that matter. As when security updates are released, the whole world is made aware of the vulnerability. - Always do backups, and backup your backups. - Employ or arrange for someone that will be there in times like these. To prevent anyone from relying on a panicy post on Server Fault. Happy servering!

  Read the article

• How to secure svn+ssh checkout users?

  - by vvanscherpenseel

  All our SVN repositories are hosted on a dedicated machine on which all the developers have access. Every now and then we need to checkout a repository on a machine we don't own or operate ourselves. Currently we all use our own system (SSH) account for this, but instead I would like to use some generic 'checkoutsvn' user that can be used for this. This user is only used for checking out from a repository, but should not be allowed to log in to the system (no shell access). I tried to do this by setting the default shell of that account to /sbin/nologin but then SVN fails, as apparently svn+ssh requires shell access. How do you do this? Is there a good solution for this?

  Read the article

• Problem accessing the remote working space on my new SBS 2008 box

  - by Dabblernl

  This supposedly easy to install OS is starting to drive me nuts... SYMPTOMS: When trying to connect to the remote workplace I get (and ignore) the security warning because I am currently testing with the self issued certificate. After loggin in the remote workplace's main screen displays but the images on it do not load. When I try to click the email link I am thrown back to the login screen. If I try the login to exchange directly by typing in the remote.mydomain.com/owa address I get a 403 error that I am denied access. The problem occurs on both a vista and a win 7 machine. It seems that some security setting is playing tricks with me. How can I troubleshoot this?

  Read the article

• File/folder Write/Delete wise, is my server secure?

  - by acidzombie24

  I wanted to know if someone got access to my server by using a nonroot account, how much damage can he do? After i su someuser I used this command to find all files and folders that are writeable. find / -writable >> list.txt Here is the result. Its most /dev/something and /proc/something and these /var/lock /var/run/mysqld/mysqld.sock /var/tmp /var/lib/php5 Is my system secure? /var/tmp makes sense but i am unsure why this user has write access to those folders. Should i change them? stat /var/lib/php5 gives me 1733 which is odd. Why write access? why no read? is this some kind of weird use of a temp file?

  Read the article

• Disable passwd history feature with remember=0

  - by user1915177

  PAM version - pam-0.79 Is setting 0 allowed on "remember" option in /etc/pam.d/common-passwd file of pam.d module to disable passwd history feature? With "remember=0" in /etc/pam.d/common-passwd file, I am observing a memfault when running the passwd command as a USER. When browsed the source, the function in _set_ctrl in support.c file of pam_unix module handles wrong values of remember, but currently its not robust enough to handle 0, which is a wrong value. So the valid and only option to disable history feature, is to not include the "remember" option in /etc/pam.d/common-passwd file and not to set-up /etc/security/opasswd file? Could see in the following link mention of setting "remember" to 0 has no effect to remember value in "/etc/security/opasswd" file. =https://lists.fedorahosted.org/pipermail/linux-pam-commits/2011-June/000060.html

  Read the article

• Number of malicious attacks defended/done on the average user daily [closed]

  - by DalexL

  As a web hoster, it is very easy to notice the large amounts of exploit/abuse attempts done on my servers. Out of curiosity, how often are these attempts done on the average user? I'm assuming almost all of them are prevented just by simple security protocols in place by their browsers, local network, etc. How many attempts, on average, are committed against a single user daily through any method? (email, internet, downloads, etc.)? If known, what percentage of these things are blocked by the average users security? I tried googling but I was having a hard time getting the right search terms together.

  Read the article

• What is the secure way to isolate ftp server users on unix?

  - by djs

  I've read documentation for various ftp daemons and various long threads about the security implications of using a chroot environment for an ftp server when giving users write access. If you read the vsftpd documentation, in particular, it implies that using chroot_local_user is a security hazard, while not using it is not. There seems to be no coverage of the implications of allowing the user access to the entire filesystem (as permitted by their user and group membership), nor to the confusion this can create. So, I'd like to understand what is the correct method to use in practice. Should an ftp server with authenticated write-access users provide a non-chroot environment, a chroot environment, or some other option? Given that Windows ftp daemons don't have the option to use chroot, they need to implement isolation otherwise. Do any unix ftp daemons do something similar?

  Read the article

• Default document not working after installing SP1 on Windows 2008 R2 x64

  - by boredgeek

  We have a web site that should only be available for authorized users. So we deny anonymous access for the site. However we do allow anonymous access to the default page and the login page. When we installed SP1 the behavior of the server changed. Now if the user is trying to access the root of the site, say http://mysite.com, she is redirected to login page rather than the default page. Is there a hotfix to bring back the previous behavior?

  Read the article

• Why is it possible to change the password of an admin user on linux?

  - by enum

  A few days ago, a friend of mine, wanted to show me that he can use my linux even if I don't tell him my password. He entered in GRUB, selected the recovery mode option. My first problem is that he already had access to my files (read only). He tried to do passwd but failed. Then he did some kind of remount (I guess that gave him write rights) and after that he was able to change my password. Why is this possible? I personally see it a security issue. Where I work there are several people that use linux and neither of them have a BIOS password set or some other kind of security wall.

  Read the article

• Who should own /var/www? [closed]

  - by John

  Possible Duplicate: How should I structure my users/groups/permissions for a web server? I've seen a few answers to this on the internet, but I'm looking for a definitive answer. I have a new Ubuntu 12.04 LTS server with LAMP. Apache is set to run as "www-data" and /var/www is set as having "root" as the owner and "root" as the group. The permissions for /var/www are "drwxr-xr-x" which I believe translates to 755 numerically. I know that /var/www should not be owned by "www-data" because then buggy/malicious code could have a field day. However, should I keep it as root:root (inconvenient) or should I change it to ubuntu:ubuntu, the default user that Ubuntu preconfigures for you to log in with? Should the permissions remain at 755? I've been administrating systems for a while with no big security issues, but I'm trying to get really serious about security, double-check everything, and make sure that there are no gaps in my knowledge.

  Read the article

• CodeIt.Right Code File Header Template For StyleCop Rules

  - by Paulo Morgado

  I like to use both StyleCop and CodeIt.Right to validate my code – StyleCop because it’s free and CodeIt.Right because it’s really good. While StyleCop provides only validation, CodeIt.Righ provides both validation and correction of violations. Unfortunately, CodeIt.Right’s supplied template for code file headers does not conform to StyleCop rules. Fortunately, CodeIt.Right allows us to define our own template. Here’s the one I use: <#@ template language="C#" #> //----------------------------------------------------------------------- // <copyright file="<#= System.IO.Path.GetFileName(Context.DestinationFile) #>" // project="<#= Context.ProjectName #>" // assembly="<#= Context.AssemblyName #>" // solution="<#= Context.SolutionName #>" // company="<#= Context.GetGlobalProperty("CompanyName") #>"> // Copyright (c) <#= Context.GetGlobalProperty("CompanyName") #>. All rights reserved. // </copyright> // <author id="<#= Context.GetGlobalProperty("UserID") #>"><#= Context.GetGlobalProperty("UserName") #></author> // <summary></summary> //-----------------------------------------------------------------------

  Read the article

• AutoScroll panel working intermittently.

  - by Edward Boyle

  I spent hours last week trying to get AutoScroll to function properly on a derived/inherited panel control I have been writing. I found no answers on my own so I posted to several forums and move onto other code while I wait for a reply. Then out of nowhere, it started working properly. Now, Today (about a week later) I notice it is no longer working again!  I go back to those old posts with hopes I will find an answer – No such luck. I Google for about two hours reading everything I come across. I was just about to write a new custom control from the ground up, perhaps use a little unmanaged code to force things to function properly. All I knew was “options in front of me = dealys”.  Just before I gave up, my head in my hands,  Jordan Sirwin’s appropriately titled blog post: “C#: Windows Panel AutoScroll Bug / Intended Suckyness” saves the day! In order for scroll bars to display, there must be at least one control in the Panel with AutoSize set to true. This is absurd… I’m not sure if this is a bug or intended, but it’s stupid. –I feel your pain. How many others have spent hours on this, or worse,  just plain given up? I want those hours back Damnit!

  Read the article

• Html5 Input Validation Presentation

  - by srkirkland

  Last week I gave a presentations to the 2011 UC Davis IT Security Symposium that covered input validation features in HTML5.  I mostly discussed the following three topics: New Html5 Input Types (like <input type=”email” />) Html5 Constraints (like <input type=”text” required maxlength=”8” />) Polyfills The slides only cover part of the story since there are a few “live demos.”  You can find all of the demo code on my github repository https://github.com/srkirkland/ITSecuritySymposium.  You’ll need ASP.NET Mvc 3 installed to run them. The slides are also available in my GitHub repository, but I’ve also added them to slideshare as well because that’s what the cool kids do: http://www.slideshare.net/srkirkland/data-validation-in-web-applications. I believe the presentation was well received and most people learned something, so I just wanted to share.  When loading up the Html5 demo just click on the Html5 tab and go through each example. Enjoy!   [Examples from the Slides and Demos]  

  Read the article

• Twin Cities Code Camp 8 Retrospective

  - by Lee Brandt

  I just got back (a few hours ago) from Minneapolis, where I was speaking at the Twin Cities Code Camp 8. I’d never been to a Twin Cities Code Camp, and I have always heard such great things, so I submitted and got accepted to speak. The conference (what I got to see) was great. My talk was pretty short on people, but there are many reasons for that. First, I spoke opposite Donn Felker (speaking about developing for Android) and Keith Dahlby (speaking about Dynamic .NET). So of course, my talk is going to be empty. How could I compete with that? Plus, my talk was about software process improvement, specifically about how our process has evolved. Maybe not the smartest idea to submit to talk about software process at a developer’s conference. The people who DID attend however, seemed to really enjoy the talk. There was good interaction and good, thoughtful questions. So the attendees seemed engaged. I actually did get a chance to go to one session. I went and saw Javier Lozano talk about Open source tools for ASP.NET MVC. I am hip-deep in MVC stuff right now and getting up to speed on MVC 2 as well. I learned about MVC Turbine, Javier’s Open Source project. I will definitely be adding it to my MVC arsenal. Thanks Javier! I did forget my AC adapter for my laptop and got a little lost in Minneapolis on my way to get one from MicroCenter Saturday morning, but other than that, it was a great trip. It’s a long drive, but seeing all the guys and getting two Nut & Honey rolls from Roly Poly in Eden Prarie for lunch on Saturday made the trip totally worth it. I look forward to seeing what Jason & Chris come up with for next year! Thanks for having me guys!

  Read the article

• Java Road Trip: Code to Coast

  - by Tori Wieldt

  tweetmeme_url = 'http://blogs.oracle.com/javaone/2010/06/java_road_trip_code_to_coast.html'; Share .FBConnectButton_Small{background-position:-5px -232px !important;border-left:1px solid #1A356E;} .FBConnectButton_Text{margin-left:12px !important ;padding:2px 3px 3px !important;} The Java Road Trip: Code to CoastJava developers, architects, programmers, and enthusiasts: get ready for a real adrenaline rush! Follow the Java Road Trip: Code to Coast as this high-tech block party on wheels travels to 20 cities across the United States showcasing Oracle's commitment to everything Java. It's a chance to talk to Java leaders and engineers and get your hands on the latest Java technology. The Java Road Trip kicks off June 14 in New York City with Octavian Tanase, Vice President, Java Platform Group at Oracle, headlining the event. Don't miss    EJBs in Boston!    Governance in Washington, DC!    Swing(ing) in Memphis!    Mile-high UIs in Denver!    Java in Seattle! (too easy)     and more!Join or follow the tour here: http://java.com/roadtrip/Read the Oracle Magazine articleUse or follow the hash tag #javaroadtrip

  Read the article

• Printing problem in Silverlight 4.0 RC - loading images in code behind

  - by Jacek Ciereszko

  Few days ago I faced a problem with printing in new Silverlight 4 RC. When you try to dynamically load image (in code behind) and print it, it doesn't work. Paper sheet is blank. Problem XAML file: <Image x:Name="image" Stretch="None" /> XAML.cs: image.Source = new BitmapImage(new Uri(imageUri, UriKind.RelativeOrAbsolute));  Print: var pd = new PrintDocument();   pd.PrintPage += (s, args) =>     {       args.PageVisual = image;     };   pd.Print(); Result: Blank paper.   Solution What you need to do, is forced Silverlight engine to load that image before printing start. To accomplish that I proposed simply checking PixelWith value. Your code will ask about PixelWidth of image so it will have to be loaded. XAML.cs: BitmapImage bImage = new BitmapImage(new Uri(imageUri, UriKind.RelativeOrAbsolute)); image.Source = bImage; InitControl(imageUri, movieUri, isLeft); int w = bImage.PixelWidth; int h = bImage.PixelHeight;   DONE!   Jacek Ciereszko

  Read the article

• Clean URLs issue using .htaccess in PHP project

  - by x4ph4r

  I am working on a PHP laravel project. I am currently facing issues with .htaccess file. I have following .htaccess: <IfModule mod_rewrite.c> Options -MultiViews RewriteEngine On RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^ index.php [L] </IfModule> When I reload my page the it gave me following error: 404 Not Found The requested URL /contacts was not found on this server. Then I opened /etc/apache2/users/username.conf file which had following line of code: <Directory "/Users/username/Sites/"> Options Indexes MultiViews AllowOverride None Order allow,deny Allow from all </Directory> In above code I changed AllowOverride None to AllowOverride All. Then I reload page and got following error: 403 Forbidden You don't have permission to access /contacts on this server. When I add FollowSymLinks to .htaccess file Options such as like this Options -MultiViews FollowSymLinks. Then sometimes I get this 500 Internal Server Error error and sometime this *Error 324 (net::ERR_EMPTY_RESPONSE): The server closed the connection without sending any data*. Each time I reload my page one of these errors with FollowSymLinks option. I also uncomment following lines in /etc/apache2/httpd.conf: LoadModule rewrite_module libexec/apache2/mod_rewrite.so LoadModule php5_module libexec/apache2/libphp5.so and still I am getting same permission denied error. Please help me I am trying to solve this problem for past 3 days but it is till unresolved.

  Read the article

• CSO Summit @ Executive Edge

  - by Naresh Persaud

  If you are attending the Executive Edge at Open World be sure to check out the sessions at the Chief Security Officer Summit. Former Sr. Counsel for the National Security Agency, Joel Brenner ,  will be speaking about his new book "America the Vulnerable". In addition, PWC will present a panel discussion on "Crisis Management to Business Advantage: Security Leadership". See below for the complete agenda. TUESDAY, October 2, 2012 Chief Security Officer Summit Welcome Dave Profozich, Group Vice President, Oracle 10:00 a.m.–10:15 a.m. America the Vulnerable Joel Brenner, former Senior Counsel, National Security Agency 10:15 a.m.–11:00 a.m. The Threats are Outside, the Risks are Inside Sonny Singh, Senior Vice President, Oracle 11:00 a.m.–11:20 a.m. From Crisis Management to Business Advantage: Security Leadership Moderator: David Burg, Partner, Forensic Technology Solutions, PwC Panelists: Charles Beard, CIO and GM of Cyber Security, SAIC Jim Doggett, Chief Information Technology Risk Officer, Kaiser Permanente Chris Gavin, Vice President, Information Security, Oracle John Woods, Partner, Hunton & Williams 11:20 a.m.–12:20 p.m. Lunch Union Square Tent 12:20 p.m.–1:30 p.m. Securing the New Digital Experience Amit Jasuja, Senior Vice President, Identity Management and Security, Oracle 1:30 p.m.–2:00 p.m. Securing Data at the Source Vipin Samar, Vice President, Database Security, Oracle 2:00 p.m.–2:30 p.m. Security from the Chairman’s Perspective Jeff Henley, Chairman of the Board, Oracle Dave Profozich, Group Vice President, Oracle 2:30 p.m.–3:00 p.m.

  Read the article

• Execute code every hour

  - by Linger

  I need to create a web service that executes every hour. It will be used to review data in a database and add alerts to a table in the same database if certain conditions are met/not met. What we currently have is: We have end devices that use Python to report to an Amazon Web Services (AWS) virtual server. The AWS server takes that information and stores it in a MySQL database. The AWS server is Linux running Django and Apache. I need to be able to have some python code run every hour that verifies the data that has been stored by the end devices. If certain conditions are not met then a record will be added to the alerts table in the database. We originally contracted to have the above setup created. I am new to Python, Django, and Apache. However, I have already made several changes to the Python code that sends and also receives the data from the end devices. I am a coder that is breaking into web programming. Does anyone have any recommendations on how I can do this?

  Read the article

• How best to handle ID3D11InputLayout in rendering code?

  - by JohnB

  I'm looking for an elegant way to handle input layouts in my directx11 code. The problem I have that I have an Effect class and a Element class. The effect class encapsulates shaders and similar settings, and the Element class contains something that can be drawn (3d model, lanscape etc) My drawing code sets the device shaders etc using the effect specified and then calls the draw function of the Element to draw the actual geometry contained in it. The problem is this - I need to create an D3D11InputLayout somewhere. This really belongs in the Element class as it's no business of the rest of the system how that element chooses to represent it's vertex layout. But in order to create the object the API requires the vertex shader bytecode for the vertex shader that will be used to draw the object. In directx9 it was easy, there was no dependency so my element could contain it's own input layout structures and set them without the effect being involved. But the Element shouldn't really have to know anything about the effect that it's being drawn with, that's just render settings, and the Element is there to provide geometry. So I don't really know where to store and how to select the InputLayout for each draw call. I mean, I've made something work but it seems very ugly. This makes me thing I've either missed something obvious, or else my design of having all the render settings in an Effect, the Geometry in an Element, and a 3rd party that draws it all is just flawed. Just wondering how anyone else handles their input layouts in directx11 in a elegant way?

  Read the article

• Is this kind of design - a class for Operations On Object - correct?

  - by Mithir

  In our system we have many complex operations which involve many validations and DB activities. One of the main Business functionality could have been designed better. In short, there were no separation of layers, and the code would only work from the scenario in which it was first designed at, and now there were more scenarios (like requests from an API or from other devices) So I had to redesign. I found myself moving all the DB code to objects which acts like Business to DB objects, and I've put all the business logic in an Operator kind of a class, which I've implemented like this: First, I created an object which will hold all the information needed for the operation let's call it InformationObject. Then I created an OperatorObject which will take the InformationObject as a parameter and act on it. The OperatorObject should activate different objects and validate or check for existence or any scenario in which the business logic is compromised and then make the operation according to the information on the InformationObject. So my question is - Is this kind of implementation correct? PS, this Operator only works on a single Business-wise Operation.

  Read the article

• Improving the speed of writing code in C#

  - by Robert Harvey

  Laugh if you want, but I used to develop substantial line-of-business applications in VB6, long before the .NET framework came along. Why, when I was your age, we used to walk two miles in the snow, uphill. Both ways... Love it or hate it, VB6 had a REPL-like feel, and a very rapid development cycle. I would like to know how to come closer to that process in C#. In VB6, I could write a function, execute it, debug it and have it fully functional in a few minutes. I am told this is how the Lisp crowd works. It's a very rapid-fire style of programming. In C# I write a function, then I write a unit test for that function (which is OK, I understand the value of that), then I right-click, run test, wait for the project to compile (takes about 10 seconds right now, which would be an eternity for a REPL loop), and get an exception. Honestly, this feels more like my junior college days, when I used to feed punch cards into a hopper and wait for a printout (exaggerating only slightly for effect). Additionally, my tendency nowadays is to make everything public while I'm testing it. Unit testing with private accessors works fine, but you can't trace through the code (unless, of course, I'm doing something wrong) while you're using them. So what I'd like to know is, what adjustments have you made to your development process in C# to streamline it, and make it possible to write and verify your code very rapidly?

  Read the article

< Previous Page | 228 229 230 231 232 233 234 235 236 237 238 239  | Next Page >