Search Results

Search found 9658 results on 387 pages for 'authentication provider'.

Page 242/387 | < Previous Page | 238 239 240 241 242 243 244 245 246 247 248 249 | Next Page >

subversion: enforce TLS

- by Daniel Marschall

Hello, I am running subversion on a Debian Squeeze system with Apache2 and mod_dav for viewing the contents with a webbrowser. I want to enforce the usage of TLS, so that the login data and the SVN contents cannot be read from the connection. I have tried following: <Location /svn> DAV svn SVNParentPath /daten/subversion/ # our access control policy AuthzSVNAccessFile /daten/subversion/access_control # try anonymous access first, resort to real # authentication if necessary. Satisfy Any Require valid-user # how to authenticate a user AuthType Basic AuthName "Subversion repository" AuthUserFile /daten/subversion/.htpasswd # Test SSLRequireSSL RewriteEngine On RewriteCond %{SERVER_PORT} !443 RewriteRule ^svn/(.)$ https://www.viathinksoft.de/svn/$1 [R,L] </Location> at file /etc/apache2/conf.d/subversion.conf Alas, this does not work. There is no redirect and there is still a HTTP request working at /svn/(projectname)/(somefolder) . This SSL-enforce-policy should work for - viewing the contents with webbrowser - retrieve contents with TurtoiseSVN client - committing contents with TurtoiseSVN client Can you please help me? Regards Daniel Marschall

Read the article
Intermediate SSL Certificates on Azure Websites

- by amhed

I have successfully configured an Extended-Validation Certificate on an Azure Website following this article: http://www.windowsazure.com/en-us/documentation/articles/web-sites-configure-ssl-certificate/ The main (non-technical) stakeholder of the web application went through great lengths to validate that our site is secure. He went to this site to check the validity of our SSL: http://www.whynopadlock.com/ The site throw the following error: `SSL verification issue (Possibly mis-matched URL or bad intermediate cert.). Details: ERROR: no certificate subject alternative name matches`` The certificate is installed using IP Based SSL instead of SNI. This is done this way because some site visitors still use Internet Explorer 8 on Windows XP, which has no support for SNI and throws a security warning. Is my certificate correclty installed? I received three .CRT files from my SSL provider: PrimaryIntermediate.crt SecondaryIntermediate.crt EndCertificate.crt This is how I exported our certificate as a .PFX file to Azure: openssl pkcs12 -export -out myserver.pfx -inkey myserver.key -in myserver.crt

Read the article
Windows authenticated users have lost access to master (default) database

- by Rob Nicholson

Something very strange has occurred on our production SQL database. Users connecting via Windows authentication appear to have lost all access to the master database. By default, all logins have the default database set to master. So when you connect using SQL Server management studio, they get the error: "Cannot open user default database. Login failed error 4064". What's also worrying is that we have a group called "COMPANY - SQL Administrator" which has sysadmin rights and users in this group also get the same error. Worse, they don't appear to be system administrators anymore... If they change their default database to something else, they can connect and then work on the database, it's just the master database that is problematic. I'm not even sure by what mechanism windows authenticated users get access to the master database. Is it something hard coded in or some property that's got changed? Any ideas? Cheers, Rob.

Read the article
Backup broken PostgreSQL 8.4 without pg_dump

- by Daniil

So. I have a problem. PostgreSQL 8.4 won't start or restart without any output given. But it worked for 3 monthes until hosting provider doesn't rebooted server. Now it is completly broken. It wan't start and doesn't give any output or log. pg_dump: [archiver (db)] connection to database "postgres" failed: No such file or directory Is the server running locally and accepting connections on Unix domain socket "/var/run/postgresql/.s.PGSQL.5432"? Now I want to backup (or just start pgsql socket) my database to reinstall postgesql. How?

Read the article
.htaccess redirect - Is it secure?

- by thecrandallster

This works; I'm not having trouble, but I want to be certain that this is bulletproof. I came up with a neat little .htaccess redirect, but I am not sure if it is secure; do you know? <IfModule mod_rewrite.c RewriteEngine On RewriteRule ^goto/([a-z]+)/?$ /$1/ [R] </IfModule I think as long as the server is configured correctly and the files handle authentication autonomously, then it shouldn't be a security issue. Also, being that the rewrite rule only works with characters a-z and one slash I doubt they could jump around directories by injecting stuff into the URL I think...

Read the article
Web application design with distributed servers

- by Bonn

I want to build a web application/server with this structure: main-server sub-server transaction-server (create, update, delete) view-server (view, search) authentication-server documents-server reporting-server library-server e-learning-server The main-server acts as host server for sub-server. I can add many sub-servers and connect it to main-server (via plug-play interface maybe), then it can begin querying data from another sub-servers (which has been connected to the main-server). The sub-servers can be anywhere as long as connected to internet. The main-server can manage all sub-servers which are connected to it (query data, setting permission between sub-servers, etc). The purpose is simple, the web application will be huge as the company grows, so I want to distribute it into small connected plug-able servers. My question is, does the structure above already have a standardized method? or are there any different views? what are the technologies needed? I need a lot of researches before the execution plan begin. thanks a lot.

Read the article
Windows 8.1 killed my wifi

- by char1es

Was running Windows 8 on a Lenovo G780 and updated to windows 8.1 Wifi does not work anymore, i always receive a dns server not responding error. I have tried using public dns servers from Google but with still no results. I've restarted my router with no results. All other devices on my network are having no trouble at all. I've tried updating the wireless driver but the manufacturers website claims that the Win8.1 driver should be updated with the update from windows. So i cant find a wireless driver... Anyone else having this error and does anyone have any ideas on how to fix it?? EDIT: here are the driver details: Broadcom 802.11n Network Adapter Provider: Microsoft Driver Date: 2013-05-31 Driver Version: 6.30.223.102 Digital Signer: Microsoft Windows Thanks

Read the article
PHP + IIS Application Pool Identity Windows\Temp permissions

- by Matt Boothman

I am currently running PHP (5.3) on IIS 7.5 on a Win2k8 R2 Web Edition Server and would like to know what, if any, problems or security vulnerabilities I may introduct into a system by assigning Read, Write, Modify & Execute permissions to either IUSR account or the IIS_USERS group for %SystemRoot%\Temp? Should I be altering permissions to that folder at all (as Windows reminds me I probably shouldn't when i attempt to change them)? Should I create a temp folder somewhere else and set permissions accordingly? The problem is when i set Anonymous Authentication (I'm guessing is a more secure option???) to use the App Pool identity, when starting sessions PHP gets stuck in a loop because it's unable to create session files in the %SystemRoot%\Temp folder due to lack of permission on the application pool user or IIS_USERS group. Another problem being ImageMagick (PHP Extension) is being denied access to %SystemRoot%\Temp to write temporary files so is throwing exceptions. I have tried searching Google however have not found anything that touches upon this subject specifically. Any help greatly appreciated.

Read the article
How to tell httpd to preserve the proxied error message?

- by ZNK - M

I have an httpd server proxying the requests to 2 different tomcat servers. One of my server handles the authentication and returns a specific http error code 521 when the user already have a running session. My issue is httpd automatically maps this 521 error code to a 500 (internal server error) and then my client can not handle it properly. I have tried to disable ProxyErrorOverride, to remove the /error/HTTP_INTERNAL_SERVER_ERROR.html.var but it does not changes anything. How can I ask httpd to not change anything to the proxied message? <IfModule proxy_module> ProxyPass /context1 http://127.0.0.1:8001/context1 ProxyPass /context2 http://127.0.0.1:8002/context2 ProxyPreserveHost Off ProxyErrorOverride Off </IfModule> Thanks in advance httpd 2.2.22 (Win32) mod_ssl tomcat 7.25 windows 7 64-bits

Read the article
Thunderbird: Synchronize tags

- by fuenfundachtzig

When I check my mail (via IMAP) on my laptop I'd like to see the same tags that I set when I checked my mail on my office computer. So the question is: Is it possible to synchronize user-specified mail tags between Thunderbird running on different computers? I've read that tags could be stored via IMAP on the server, so maybe it's just that the server of my mail provider does not support this IMAP feature? (Whichever it is...) Has anybody any experience with this? Related, but not my primary concern: Will there ever be a more flexible tagging system in Thunderbird which allows for an easier definition of new tags? (I.e. that a don't have to define new tags in the preferences menu, but can just type them in when reading a mail?)

Read the article
X11 for apache user

- by fuenfundachtzig

We are using inkscape to convert SVG images uploaded to our server via a web form. For this inkscape offers a batch mode via the -z option, but this batch mode has a flaw: When inkscape is run by the apache user, it breaks saying $ inkscape -z -W drawing.svg X11 connection rejected because of wrong authentication. The application 'inkscape' lost its connection to the display localhost:11.0; most likely the X server was shut down or you killed/destroyed the application. If you do the same as a normal user you also get errors: Xlib: connection to "localhost:11.0" refused by server Xlib: PuTTY X11 proxy: MIT-MAGIC-COOKIE-1 data did not match (inkscape:24050): Gdk-CRITICAL **: gdk_display_list_devices: assertion `GDK_IS_DISPLAY (display)' failed 301.27942 But at least inkscape gives the correct answer (here the number stating the width of the image). Does somebody know how to make this also work for the apache user? Does it make sense to authorize apache to use X (if so how)? In any case it doesn't feel like the right solution...

Read the article
Replacing sick NTP server source and re-synching (with internal time currently 2 minutes late)

- by l0c0b0x

One of the external NTP servers (the primary one--currently) we're using as source seems to not be responding to NTP calls. Unfortunately, on our core router (Cisco 6509), the NTP functionality hasn't switched to the secondary NTP external server as it was expected. As a result, our core router which is pretty much our main internal NTP source is 2 minutes late. I'm planning to fix the external router issue by making the external NTP source be the one currently working. I'm wondering, how much will a 2 minute change affect my users and services? Specially since these days, we're heavily relying on certificate-based authentication. We're a Windows/Cisco shop. Internal NTP setup: [Core Router 1 / Cisco 6509]: looking out to two external NTP servers (in which the primary one is not responding to NTP calls) [Core Router 2]: Synching with Core router 1 (primary), working external router (secondary) [Other Cisco network devices]: Synching with Core router 1 (primary), core router 2 (secondary) [Domain controller(s)]: Synching with Core router 1 [All windows clients/servers]: Synching with domain controllers

Read the article
Connection string during installation

- by anon2009

Hi, I've been convinced to use windows setup files(msi) for the installation of my new windows forms application after I asked a question here and got some excellent answers (thank you all): http://serverfault.com/questions/97039/net-application-deployment Now i have a different question: My application will need to access a SQL Server to provide users with data, which means that the connection string must be stored in the client's app.config file. How should I handle this? During installation, the user enters the connection string to that database? How they get the connection string? In an email from the admin? What if the admin wants to use SQL authentication and need to put the user info at the connection string? So you know, the app will be sold via the internet, so I don't have any access to the admins or the network. Any suggestions? Thanks in advanced.

Read the article
How to analyse logs after the site was hacked

- by Vasiliy Toporov

One of our web-projects was hacked. Malefactor changed some template files in project and 1 core file of the web-framework (it's one of the famous php-frameworks). We found all corrupted files by git and reverted them. So now I need to find the weak point. With high probability we can say, that it's not the ftp or ssh password abduction. The support specialist of hosting provider (after logs analysis) said that it was the security hole in our code. My questions: 1) What tools should I use, to review access and error logs of Apache? (Our server distro is Debian). 2) Can you write tips of suspicious lines detection in logs? Maybe tutorials or primers of some useful regexps or techniques? 3) How to separate "normal user behavior" from suspicious in logs. 4) Is there any way to preventing attacks in Apache? Thanks for your help.

Read the article
Postfix/dovecot remove LDAP user

- by dove221

I have to remove or blacklist an LDAP/dovecot user. The authentication is setup from active directory what I cannot manage so I thought there should be a way at least to disable this specific user on the mailserver locally. # Virtual Accoutns - LDAP - MS AD virtual_mailbox_maps = ldap:/etc/postfix/ldap_mailbox_maps.cf virtual_alias_maps = ldap:/etc/postfix/ldap_alias_maps_redirect_true.cf ldap:/etc/postfix/ldap_alias_maps_redirect_false.cf ldap:/etc/postfix/ldap_mailbox _groups.cf virtual_mailbox_domains = domain.com virtual_uid_maps = static:1000 virtual_gid_maps = static:1000 virtual_transport = dovecot dovecot_destination_recipient_limit = 1 Anybody knows how to do it? I followed this guide for disabling 1 user through postfixes access file: http://www.cyberciti.biz/faq/howto-blacklist-reject-sender-email-address/ Unfortunately it doesn't work. It's like the settings stored in LDAP are overruling the access rule. Instead of postfix rejecting the mail it keeps accepting it. Thanks!

Read the article
Mac OS X: pushing all traffic through a VMWare VM

- by bj99

I want to set up an Astaro (Sophos) UTM in a Virtual Machine. The Setup should be at the end the following: Cable Modem (one IP adress) | [Ethernet] Sophos UTM (running as VM [VMWare Fusion 5] on the MacMini) | [WIFI] Airport Express v2 (for sharing Local Network to wireless and wired clients) 1)| [WIFI] 2)| [Ethernet over Thunderbolt Ethernet Adapter]* Clients MacMini (Local File Server) *To have the Mini also protected behind the UTM So the setup process for the UTM works fine, but then the problems start: I just have one external IP (from my cable modem provider)== So if I put the VM in briged mode my Internet connection drops, because the MacMini also has its IP adress. If I put the VM to NAT mode the Mini itself is not protected by the UTM So: is there a way to hide the en0 interface(Ethernet) and the en1 interface (Wifi) from the MacMini, so that they not even appear in System Preferences Network section but are available to the VM? That way the Mini must connect to the en2 interface (Thunderbolt adapter) to make any Internet/LAN connection and I just use the given single IP from the Cable Modem. Thaks for any suggestions... Sebastian

Read the article
What are the main differences between SRV records and TXT records?

- by Chris Adams

Hi there, I'm trying to consolidate domain names for the servers I look after to just use one panel instead of 3 or 4, and one thing stopping me is that the provider I originally wanted to move them to only lets me the following kinds of records: A MX NS CNAME TXT The first four I understand, but I'm not sure about the relationship (if any) between SRV records and TXT records. Can I use TXT records in the place of SRV records? They both seem to be general text records to just point at a particular server without needing to specify a particular protocol, so it doesn't sound like a totally unreasonable assumption, but I'd rather check here before I break something. If I can only set the above records, does that mean I'm essentially unable to so any SRC record redirecting? Thanks!

Read the article
IPSec on Domain Controllers and Trusted Domains

- by OneLogicalMyth

I am looking at configuring IPSec as follows: Isolation Request authentication for inbound and outbound connections Computer and user (Kerberos V5) I am looking to do a blanket deployment across all servers and domain controllers. Workstations I will leave as not set. What impact in terms of the domain controllers with the 2-way forest trust do think I would see? Should I exclude the IP addresses of the trusted domain controllers? I don't want to stop communication between the current and trusted forest, however I do want IPsec to be used within the current forest on all servers. The trusted forest is running 2008 R2 and the current forest is 2012 R2.

Read the article
Recommend an SFTP solution for Windows (Server & Client) that integrates well with Dreamweaver

- by aaandre

Could you please recommend a secure FTP solution for updating files on a remote windows server from windows workstations? We would like to replace the FTP-based workflow with a secure FTP one. Windows Server 2003 on the remotely hosted webserver, WinXP on the workstations. We manage the files via Dreamweaver's built-in FTP. My understanding is Dreamweaver supports sFTP out of the box so I guess I am looking for a good sFTP server for Windows Server 2003. Ideally, that would not require cygwin. Ideally, the solution would use authentication based on the existing windows accounts and permissions. Thank you!

Read the article
connect to a headless virtualbox instance in Linux?

- by 130490868091234

I've started a headless virtualbox instance with this command: VBoxManage startvm "Ensembl67VirtualMachine" --type headless Waiting for VM "Ensembl67VirtualMachine" to power on... VM "Ensembl67VirtualMachine" has been successfully started. It is set up with Remote Desktop Server Port:5555 with Authentication Method: Null and Extended Features: Allow Multiple Connections and it's now running, but I don't know how to connect to it from the same laptop where it's running. I would like to be able to have it running on a terminal. I tried this but nothing happens: rdesktop localhost:5555 ERROR: localhost: unable to connect rdesktop 192.168.1.1:5555 Any ideas?

Read the article
Ubuntu terminal questions

- by Camran

I am wondering about my VPS providers ubuntu terminal. Are all these terminals the same? I think they are so user-UN-friendly. I can't copy-paste into the terminal, when I try opening textfiles, I can't scroll up and down easily. I cant save easily. Nothing is easy... Is it always like this with Ubuntu? Is there any way to make it easier? I use windows but I login to my vps provider with login details and then simply click "terminal" to open the terminal. Please help me out here

Read the article
How to access remotly to a mysql server?

- by ÉricP

Hi, I'm trying to access my remote mysql server from my own computer. I uncommented: bind-address = 80.10.65.45 I added 80.10.65.45 as a server in privilege root 80.10.65.45 yes ALL PRIVILEGES yes I'm using Sequel Pro on MacosX to connect via SSH here is the debug log: debug1: Authentication succeeded (password). debug1: Local connections to LOCALHOST:58517 forwarded to remote address 127.0.0.1:3306 debug1: Local forwarding listening on ::1 port 58517. debug1: channel 0: new [port listener] debug1: Local forwarding listening on 127.0.0.1 port 58517. debug1: channel 1: new [port listener] debug1: Entering interactive session. debug1: Connection to port 58517 forwarding to 127.0.0.1 port 3306 requested. debug1: channel 2: new [direct-tcpip] channel 2: open failed: connect failed: Connection refused debug1: channel 2: free: direct-tcpip: listening port 58517 for 127.0.0.1 port 3306, connect from 127.0.0.1 port 58519, nchannels 3

Read the article
My laptop was stolen. What do I need to do?

- by chris

My laptop was recently stolen. It was a corporate system running XP, which means it was part of a domain - I'm assuming that makes it impossible for someone to log into it, although I know there are ways to reset the local admin account. Is there any way to tell if someone boots it up? I was logged into gmail, using two factor authentication. I will change my password, but is there any chance of tracking any attempted accesses? Other than changing passwords on all my web accounts, is there anything else I need to do?

Read the article
apache, shibboleth, load balancing aliase, ssl

- by Nikolaidis Fotis

Good morning folks Could you give me a bit of help with the following problem ? I have a dns load balancing mechanism and an alias (hostAlias) which may point to host01, or host02 I want to configure apache and shibboleth to work with that alias. What happens is ... User types : https://hostAlias (it points to host01) apache host01 : redirect to shibboleth shibboleth host01 : redirect to **https://hostAlias.cern.ch/Shibboleth.sso/ADFS** Now, there are two cases. Either this time hostAlias will point again to host01 , or it will point to host02. If it points to host02, host01 will not get the anwser and the authentication fails. Also, about ssl certificates, I guess that each host will need its own certificate. right ? Should I need a certificate with DNS aliases ? Thanks in advance !

Read the article
Xen HVM guest has severe clock drift

- by ipartola

I am seeing a very severe clock drift on my Xen HVM VPS, rented from a hosting provider, so I don't have access to the dom0 system. I continuously run ntpd, but the clock drifts by as much as 30 seconds in 5 minutes and NTP cannot keep up. Has anyone experienced this? Here are some details: $ dmesg | grep clock [ 0.160000] Measured 347 cycles TSC warp between CPUs, turning off TSC clock. [ 0.396000] * this clock source is slow. Consider trying other clock sources [ 0.550448] Switching to clocksource acpi_pm [ 0.653135] rtc_cmos 00:05: setting system clock to 2011-03-09 02:45:40 UTC (1299638740) $ cat /sys/devices/system/clocksource/clocksource0/available_clocksource acpi_pm $ cat /sys/devices/system/clocksource/clocksource0/current_clocksource acpi_pm

Read the article

< Previous Page | 238 239 240 241 242 243 244 245 246 247 248 249 | Next Page >