Search Results

Search found 120608 results on 4825 pages for 'code access security'.

Page 301/4825 | < Previous Page | 297 298 299 300 301 302 303 304 305 306 307 308  | Next Page >

• Personally identifiable information (PII) on shared web hosting

  - by S. Cobbs

  Hey folks, I am providing web hosting services (shared and dedicated) and have had one of my shared hosting clients mention needing an SSL cert for their site where they are collecting insurance quotes in a form, including names and social security numbers. My privacy sense is tingling, and I'm pretty sure it's not legal (in the US) to do this on a shared system, but can't find anything to support my thoughts outside of PCI-DSS, but the customer isn't processing payments through the site so I'm not sure if that applies. I'm reading lots of policy documents where people advise to minimize and manage the PII footprint internally, but as the host I don't want to put all of my customer's clients at possible risk. I'm not looking here for legal advice necessarily, but perhaps someone in a similar position to mine can provide some rule of thumb or point me in the right direction.

  Read the article

• Does Windows 8 include the Windows Help program (WinHlp32.exe)?

  - by amiregelz

  In 2011, Symantec reported on the use of the Windows Help File (.hlp) extension as an attack vector in targeted attacks. The functionality of the help file permits a call to the Windows API which, in turn, permits shell code execution and the installation of malicious payload files. This functionality is not an exploit, but there by design. Here's the malicious WinHelp files (Bloodhound.HLP.1 & Bloodhound.HLP.2) detection heat map: I would like to know if the Windows Help program exists on my Windows 8 machine by default, because if it does I might need to remove it for security reasons. Does Windows 8 include the Windows Help program (WinHlp32.exe)?

  Read the article

• Cannot access internal network on OSX 10.6.6

  - by cabuki

  Last week, I began having trouble connecting to our internal web servers. Usually, a refresh would take care of it or switching to a different wireless network, but as of yesterday, this wasn't enough. We have an internal DNS server using dnsmasq and a private internal host name (us.lcl). Once I started having more issues with the names not resolving, I tried pinging the server. Using the internal host name (s1.us.lcl), it failed. I tried using the IP address, but that also failed. I have no problems accessing external sites with the exception of it being a bit slower than normal. A reboot yesterday at lunch time after following the instructions here seemed to fix the issue, but when I came into the office this morning, it had stopped working. As of this posting, I cannot ping, ssh or access the web server using the internal host name or ip address. I'm the only one running 10.6 in my office and none of my colleagues has this issue.

  Read the article

• How to secure a new server OS installation

  - by Pat R Ellery

  I bought (and just received) a new 1u dell poweredge 860 (got it on ebay for $35). I finished installing Ubuntu Server (Ubuntu Server 12.04.3 LTS), install apache/mariadb/memcache/php5 works great but I am scared about security. so far I am the only one using the server but eventually more people (friends, friends of friends) will use this server, use ssh etc... I want to know what can I do to secure all the information and not get hacked, both from the web or ssh or ddos and any other attack possible. Does Ubuntu Server does it for you right away? or I have to fix it my self? Thank you EDIT: I installed (so far): All dev tools ssh server LAMP I didn't install: Graphical interface

  Read the article

• USING JSON SERIALIZATION FOR CODE BEHIND-JAVASCRIPT DATA COMMUNICATION

  Many of us went through a scenario like, can us pass a full of C# type/class to the javascript? Modify from there and again return back to C#? The difficulty is that JavaScript only knows string format comared to C# which has many data types. So how we can pass an entires class to JavaScript? Here we need to handle with JSON serialization techniques.

  Read the article

• What is wrong with this HTML5 <address> element? [closed]

  - by binaryorganic

  <div id="header-container"> <address> <ul> <li>lorem ipsum</li> <li>(xxx) xxx-xxxx</li> </ul> </address> </div> And the CSS looks like this: #header-container address {float: right; margin-top: 25px;} When I load the page, it looks fine in Chrome & IE, but in Firefox it's ignoring the styling completely. When I view source in firefox it looks like above, but in Firebug it looks like this: <div id="header-container"> <address> </address> <ul> <li>lorem ipsum</li> <li>(xxx) xxx-xxxx</li> </ul> </div>

  Read the article

• A friend told me Python is garbage, I'm taking web design classes in the Spring and I have a textbook on C++. What should I do? [on hold]

  - by user107165

  I dont know if I should start digging into Python beforehand just to get acquanited with programming and "whet my appetite" or if I should work on the C++ book... Python definitely has more resources around town and I like the beginner friendly approach that seems to go along with every site that appeals to it. Or should I just wait for my assignments that start in 4 months? Any tips for an aspiring programmer?

  Read the article

• Server 2008 Hyper-V User Accounts to access each other

  - by asn1981

  Hi, I have a windows server 2008 r2 with 3 hyper-v vm's IIS server Sql server 3 - Mail server I'm new to networking/server configuration. I have created a Virtual Network and can see each of the 3 VMs as well as the host on the network. I can connect from each VM to the host using the admin account. However, what would be the best (secure) way to create connections/accounts between the VMs, presumabely this shouldn't be done with an admin account but one with lesser priveledges. For example, to be able to access the SQL Server VM from the IIS server VM?

  Read the article

• FreeNAS plugins not able to access storage

  - by dave

  I've just setup a FreeNAS box and have a couple plugins (sick beard and SABnzbd) installed. Both of these have you select a directory where downloads should go. My storage is on /mnt/MediaVolume/ however when I navigate to mnt it's an empty directory. When I SSH to the box though, I can see it just fine. I'm thinking it may have something to do with permissions, but I'm not sure. Any suggestions how to allow these plugins to view/have access? Thank you!

  Read the article

• Allow access only to one website

  - by Alex

  Hey. I'd like to allow access on a computer connected directly to the internet to one website ONLY. The solution of IE's "Content advisor" or firefox's "FoxFilter" isn't good enough because it actually downloads the data and just don't display it. I want to block the traffic before the requests are sent. How is it possible? Thanks. Edit: OS is windows xp. The browser can be firefox, iexplorer, chrome... It doesn't matter. The computer is connected directly to the modem.

  Read the article

• Microsoft Updates Linux Code

  <b>eWeek:</b> "Microsoft has released enhancements to the Hyper-V Linux Integration Services that the company contributed to the Linux community in 2009."

  Read the article

• Cannot Access Server from External IP (Router)

  - by mindoftea

  We have an Ubuntu 10.04 LAMP server running on site (Apache is on port 80). It is running fine through the LAN, but I cannot access it using its external IP address through the Netopia 3000 Series modem by which it is connected to the internet. I have tried using what Netopia calls "Pinholes" (Port Forwarding) to make the server accessible, but a telnet to the external address just gives me "connect to address x.x.x.x: Operation timed out." I have also tried enabling "Services" and "IP Passthrough" on the router, but it gives the same result as above. How can I enable the server to be accessed through its external IP address? Because it connects fine locally, it would seem to be a problem with the Netopia router. Update: Booting the server in GUI mode instead of text mode solved the problem instantly. Any ideas why?

  Read the article

• Active Directoy GPO

  - by Phillip R.

  I am looking into some weird issues with active directory and group policy. This domain has been upgraded from windows NT and has a few different administrators over the years. I am looking through the Default Domain group policy and Default Domain Controller group policy. In the security areas and I will use the log on locally area as an example, it shows SIDes that begin with asterisks and are quite long they look sort of like the following *S-1-5-21-787626... Normally, when I see something like this I would think that the User account was no longer there and this was never cleaned up. Am I wrong in my assumption? Thanks in advance

  Read the article

• Remote access over VPN machine

  - by w_harry

  Here is my scenario. I have Comp1 which has VPN installed on it & working fine. I have made Comp1 as remote enabled as well. Now i want to log in to Comp1 ( remotely) from Comp2. Without starting the VPN, remote desktop works fine from Comp2 to Comp1. When i connect to VPN on Comp1 the remote desktop from Comp2 breaks. Is there a way i can run VPN on Comp1 and be able to access from Comp2 remotely. If there is change in settings, please advice. Regards

  Read the article

• How can I disallow a user's scripts from accessing anything above their user folder?

  - by Jaxo

  This is probably an extremely simple question to answer for anybody who knows what they're doing, but I can't find any answers myself. I'm trying to set up a subdirectory for my good friend to test his PHP scripts on my (Apache) hosting plan. I don't want to let him access anything else on my server, however, for obvious reasons. His FTP login already leads him to the proper directory, which does not allow navigating any higher than it's root (mydomain.com/friend/). I would like the same behavior to be applied to any scripts, so he cannot simply <?php print_r(glob("../*")); ?> and view all my files. I'm thinking this can be done with an .htaccess file setting the DocumentRoot somewhere, but I can't have the file available for modification inside the user directory. Is this possible without majorly rewiring the web server? I've tried Googling all sorts of things to describe my problem, but without the proper terminology, all I get is "shared hosting" websites and people trying to sell me security packages.

  Read the article

• Can't access unprotected .pst file in Outlook 2010

  - by KGraves

  My father has a Windows 7 x64 system with 32-bit Outlook 2010. He asked me to access his archived mail to get to some old mail. When going to open the file I'm asked for a password (he never applied one) and I get a message saying "password is incorrect. Re-Type password". Since he told me that he never set a password I tried opening the .pst with Nucleus, a tool that allows me to view the .pst's. Does anyone know what the deal is? With the free version of Nucleus we can't view the attachments.

  Read the article

• ID Badge Access System for Building with Active Directory Integration [closed]

  - by Alex

  I hope this is the right place for this question. So, we're looking into setting up a building access that uses badges or cards of some kind. I wanted to ask the users on here if they've had to do such setups and/or if they have recommendations? Is there maybe a system that integrates with Active Directory? I know one of the things our managers want to do is to be able to run reports on when people are entering the buildings. I'd appreciate any suggestions and thanks in advance!

  Read the article

• ssh (openSSH) questions

  - by Camran

  I have ubuntu 9.10 server. Firstly, is OpenSSH the same as SSHD? Secondly, In the terminal when typing whereis sshd i get this: whereis sshd /usr/sbin/sshd Also when typing whereis openssh i get this: whereis openssh /usr/lib/openssh How do I know if I have openssh? Also, some tutorials online suggest opening sshd_config, so when typing this: whereis sshd_config /usr/share/man/man5/sshd_config.5.gz // I get this... What should I do, because as you have answered my other Q about security, you have pointed out that it is the way you configure your ssh and etc which is important. Is there any guide for this? How should I configure this? I will be the only user for this server btw... If you need more input let me know and I will update this Q. Thanks

  Read the article

• ssh (openSSH) questions

  - by Camran

  I have ubuntu 9.10 server. Firstly, is OpenSSH the same as SSHD? Secondly, In the terminal when typing whereis sshd i get this: whereis sshd /usr/sbin/sshd Also when typing whereis openssh i get this: whereis openssh /usr/lib/openssh How do I know if I have openssh? Also, some tutorials online suggest opening sshd_config, so when typing this: whereis sshd_config /usr/share/man/man5/sshd_config.5.gz // I get this... What should I do, because as you have answered my other Q about security, you have pointed out that it is the way you configure your ssh and etc which is important. Is there any guide for this? How should I configure this? I will be the only user for this server btw... If you need more input let me know and I will update this Q. Thanks

  Read the article

• Apache - Only allow certain domains access to a Restful service

  - by user18910

  For certain Restful URIs I want to block certain domains from executing the requests. How can i do this with Apache? Is it possible For example: www.nottrusted.com calls my Restful Api Apache identifies the request is coming from a non-authorized site Apache blocks the caller and returns a 401 Is this possible? Is it easy for someone one spoof the domain? If a request comes from server side code of nottrusted.com will Apache catch the request? Thanks

  Read the article

• iPhone can't access webserver on lan

  - by dieselJoe

  I have Apache serving on 192.168.1.4:8888 on a Windows 7 computer. I can't view the website with iPhone/iPad's Safari. I have another linux computer and it can access the webserver or ping the address. Is there a problem with the apple devices? I have an app on the iphone capable of pinging. I ping the webserver's address and I get nothing. But I can ping the iPhone from the linux or windows computer.

  Read the article

• Source code (Source repository) for Ubuntu 10.10 [on hold]

  - by user3241533

  I was trying to use the following command to install build-dep on Ubuntu 10.10: apt-get build-dep --no-install-recommends linux-image-$(uname -r) but I got the following error: E: You must put some 'source' URIs in your sources.list I have already changed archive.ubuntu.com to old-releases.ubuntu.com for all the repositories in my source list. After including the source repositories, I got a different error: E: Could not open file /var/lib/apt/lists/de.archive.ubuntu.com_ubuntu_dists_precise_main_source_Sources - open (2: No such file or directory) Any suggested solutions? Thanks!

  Read the article

• How to configure the roles in my tomcat application to work with JNDI(WIN AUTH)

  - by Itay Levin

  Hi, I'm trying to change the authentication mode of my application from JDBC-REALM to JNDI-REALM. I configured the following section inside the Server.xml <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" connectionURL="ldap://****:389/DC=onsetinc,DC=com??sAMccountName?sub?(objectClass=*)" connectionName="[email protected]" connectionPassword="password" userBase="CN=Users" referrals="follow" userSearch="(sAMAccountName={0})" userSubtree="true" roleBase="CN=Users" roleName="name" roleSubtree="true" roleSearch="(member={1})"/> I have also configured the web.xml under my appfolder to contain the following: <security-role> <role-name>Admin</role-name> </security-role> <security-role> <role-name>WaterlooUsers</role-name> </security-role> <security-constraint> <web-resource-collection> <web-resource-name>Tube</web-resource-name> <url-pattern>/ComposeMessage.jsp</url-pattern> <url-pattern>/PageStatus.jsp</url-pattern> <url-pattern>/UserStatus.jsp</url-pattern> <url-pattern>/SearchEC.jsp</url-pattern> <url-pattern>/SearchEC2.jsp</url-pattern> <url-pattern>/SearchMessageStatisticsEC.jsp</url-pattern> <url-pattern>/SearchMessageStatus.jsp</url-pattern> <url-pattern>/SearchMessageStatisticsPager.jsp</url-pattern> <url-pattern>/SearchPageStatus.jsp</url-pattern> </web-resource-collection> <auth-constraint> <role-name>WaterlooUsers</role-name> </auth-constraint> </security-constraint> In my Active directory i have created a new group called WaterlooUsers It's distinguish name is : distinguishedName: CN=WaterlooUsers,CN=Users,DC=onsetinc,DC=com It has a property member which contains the following user: member: CN=Itay Levin,CN=Users,DC=onsetinc,DC=com (which is my user) My record on the active directory looks like that: sAMAccountName: itayL distinguishedName: CN=Itay Levin,CN=Users,DC=onsetinc,DC=com memberOf: CN=WaterlooUsers,CN=Users,DC=onsetinc,DC=com and when i get the popup for user/password i enter the username "ItayL" in the authentication message box (and my password) I have 2 questions: How do i configure correctly the roles parameters correctly in the Realm section in the server.xml to enable me to both authenticate and authorize both this group of users WaterlooUsers and also assign them to the appropriate role so that they can see all the relevant pages in my website. - currently it seems that all the Users in my domain are authenticated to the site but get the http-403 Error and can't access any of the pages in the site. I also want to be able to create 2 different set of roles in my site - which can both have access to the same pages - but will see different things on the page. (for instance adding some administrative ability to the admin) Hope it was clear enough and not too long. Thanks in advance, Itay

  Read the article

• cookieless sessions with ajax

  - by thezver

  ok, i know you get sick from this subject. me too :( I've been developing a quite "big application" with PHP & kohana framework past 2 years, somewhat-successfully using my framework's authentication mechanism. but within this time, and as the app grown, many concerning state-preservation issues arisen. main problems are that cookie-driven sessions: can't be used for web-service access ( at least it's really not nice to do so.. ) in many cases problematic with mobile access don't allow multiple simultaneous apps on same browser ( can be resolved by hard trickery, but still.. ) requires many configurations and mess to work 100% right, and that's without the --browser issues ( disabled cookies, old browsers bugs & vulnerabilities etc ) many other session flaws stated in this old thread : http://lists.nyphp.org/pipermail/talk/2006-December/020358.html After a really long research, and without any good library/on-hand-solution to feet my needs, i came up with a custom solution to majority of those problems . Basically, i'ts about emulating sessions with ajax calls, with additional security/performance measures: state preserved by interchanging SID(+hash) with client on ajax calls. state data saved in memcache(or equivalent), indexed by SID security achieved by: appending unpredictible hash to SID egenerating hash on each request & validating it validating fingerprint of client on each request ( referrer,os,browser etc) (*)condition: ajax calls are not simultaneous, to prevent race-condition with session token. (hopefully Ext-Direct solves that for me) From the first glance that supposed to be not-less-secure than equivalent cookie-driven implementation, and at the same time it's simple, maintainable, and resolves all the cookies flaws.. But i'm really concerned because i often hear the rule "don't try to implement custom security solutions". I will really appreciate any serious feedback about my method, and any alternatives. also, any tip about how to preserve state on page-refresh without cookies would be great :) but thats small technical prob. Sorry if i overlooked some similar post.. there are billions of them about sessions . Big thanks in advance ( and for reading until here ! ).

  Read the article

• How to write an iphone application to control a device that exposes a telnet api

  - by MAC

  Hi! I have to write an iphone application that controls a device. This device exposes a telnet based interface. The application should ideally have user access control and customizability for each user. I was thinking of writing C++ classes that would communicate with the device using sockets. This functionality can then be exposed through web-services that can be called by the iphone application. However as i looked into it deeper, the api allows you to register for events using telnet and then you can receive notification when those events occur. That kinda put a spanner in the works for me. I for one dont know a "push" scenario can work with webservices. First off i have never programmed for the iphone so far. So i am not really sure what can be done. So i was thinking if instead of having a webserver to go through, why not have the application independently running on the iphone, directly communicating with the device using sockets. The question though is, is that possible and second i am thinking it would raise a security aspect. First we could control security as everything was going through our central server. Is there a way to handle security (in the sense who has access to the device) without having a central server. I am sorry that this seems like an unorganized post, but iam trying to brainstorm here. Looking forward to hear your opinions.

  Read the article

< Previous Page | 297 298 299 300 301 302 303 304 305 306 307 308  | Next Page >