Search Results

Search found 22139 results on 886 pages for 'security testing'.

Page 456/886 | < Previous Page | 452 453 454 455 456 457 458 459 460 461 462 463 | Next Page >

Java Cryptography Extension

- by Adam Tannon

I was told that in order to support AES256 encryption inside my Java app that I would need the JCE with Unlimited Strength Jurisdiction Policy Files. I downloaded this from Oracle and unzipped it and I'm only seeing 2 JARs: local_policy.jar; and US_export_polic.jar I just want to confirm I'm not missing anything here! My understanding (after reading the README.txt) is that I just drop these two into my <JAVA_HOME>/lib/security/ directory and they should be installed. By the names of these JARs I have to assume that its not the Java Crypto API that cannot handle AES256, but it's in fact a legal issue, perhaps? And that these two JARs basically tell the JRE "yes, it's legally-acceptable to run this level of crypto (AES256)." Am I correct or off-base?

Read the article
Multiple vulnerabilities in Mozilla Firefox

- by chandan

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2011-2372 Permissions, Privileges, and Access Controls vulnerability 3.5 Firefox web browser Solaris 11 11/11 SRU 3 Solaris 10 Contact Support CVE-2011-2995 Denial of Service (DoS) vulnerability 10.0 CVE-2011-2997 Denial of Service (DoS) vulnerability 10.0 CVE-2011-3000 Improper Control of Generation of Code ('Code Injection') vulnerability 4.3 CVE-2011-3001 Permissions, Privileges, and Access Controls vulnerability 4.3 CVE-2011-3002 Denial of Service (DoS) vulnerability 9.3 CVE-2011-3003 Denial of Service (DoS) vulnerability 10.0 CVE-2011-3004 Improper Input Validation vulnerability 4.3 CVE-2011-3005 Denial of Service (DoS) vulnerability 9.3 CVE-2011-3232 Improper Control of Generation of Code ('Code Injection') vulnerability 9.3 CVE-2011-3648 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3 CVE-2011-3650 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2011-3651 Denial of Service (DoS) vulnerability 10.0 CVE-2011-3652 Denial of Service (DoS) vulnerability 10.0 CVE-2011-3654 Denial of Service (DoS) vulnerability 10.0 CVE-2011-3655 Improper Control of Generation of Code ('Code Injection') vulnerability 9.3 This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

Read the article
Very good book for learning ADF

- by kishore.kondepudi(at)oracle.com

Am back!!!Its been a long time i have penned in here.Past month i got a bit Androided ;) with my new Captivate and experiments with Android.I promise to give looots of things coming weeks.Before that i have been getting many comments and mails from people interested in learning ADF to suggest a god book.While there aren't many out in the market now,the one by Frank Nimphius is very very good.I have gone through the book and its very apt for learning and getting to know the horizon of ADF.It has almost everything from Model,UI,Skinning,Internationalization,Security,Reusing lots and lots of ADF stuff.I recommend the book for all beginners and learners for ADF.In case you are in India you can order it to your home from flipkart directly.Here is the listingThere are two versions of the same book one is an international edition and another one is indian print from TMH.The cost is 585/- rupees for the indian one.The book is titled Oracle Fusion Developer Guide: Building Rich Internet Applications With Oracle ADF Business Components & ADF FacesEconomical price and an excellent book.Grab yours now and plough ADF ;)

Read the article
Thoughts of Cloud Development/Google App Engine

- by jiewmeng

I use mainly PHP for web development, but recently, I started thinking about using Google App Engine. It doesn't use PHP which I am already familiar with, so there will be a steeper learning curve. Probably using Python/Django. But I think it maybe worthwhile. Some advantages I see: Focus on App/Development. No need to setup/maintain server ... no more server configs Scales automatically Pay for what you use. Free for low usage Reliable, it's Google after all Some concerns though: Does database with no joins pose a problem for those who used App Engine before? Do I have to upload to Google just to test? Will it be slow compared to testing locally? What are your thoughts and opinions? Why would you use or not use App Engine?

Read the article
ASP.NET C# Session Variable

- by SAMIR BHOGAYTA

You can make changes in the web.config. You can give the location path i.e the pages to whom u want to apply the security. Ex. 1) In first case the page can be accessed by everyone. // Allow ALL users to visit the CreatingUserAccounts.aspx // location path="CreatingUserAccounts.aspx" system.web authorization allow users="*" / /authorization /system.web /location 2) in this case only admin can access the page // Allow ADMIN users to visit the hello.aspx location path="hello.aspx" system.web authorization allow roles="ADMIN' / deny users="*" / /authorization /system.web /location OR On the every page you need to check the authorization according to the page logic ex: On every page call this if (session[loggeduser] !=null) { DataSet dsUser=(DataSet)session[loggeduser]; if (dsUser !=null && dsUser.Tables.Count0 && dsUser.Tables[0] !=null && dsUser.Tables[0].Rows.Count0) { if (dsUser.Table[0].Rows[0]["UserType"]=="SuperAdmin") { //your page logic here } if (dsUser.Table[0].Rows[0]["UserType"]=="Admin") { //your page logic here } } }

Read the article
Should I reuse variables?

- by IAdapter

Should I reuse variables? I know that many best practice say you should not do it, however later when different developer is debugging the code and have 3 variables that look a like and only difference is that they are created in different places in the code he might be confused. unit-testing is a great example of this. However I do know that best practice are most of the time against it. For example they say not to "overide" method parameters. Best practice are even are against nulling the previous variables (in Java there is Sonar that has warning when you assign null to variable that you don't need to do it to call garbage collector since Java6. you cant always control what warnings are turned off, most of the time the default is on)

Read the article
How To Use Google Authenticator and Other Two-Factor Authentication Apps Without a Smartphone

- by Chris Hoffman

Google, Dropbox, LastPass, Battle.net, Guild Wars 2 – all these services and more offer two-factor authentication apps that work on smartphones. If you don’t have a supported device, you can run an alternative application on your computer. When you log in, you’ll need to enter a time-based code from the app. Two-factor authentication prevents people who know your password – but don’t have the app and its security key – from logging in. How To Delete, Move, or Rename Locked Files in Windows HTG Explains: Why Screen Savers Are No Longer Necessary 6 Ways Windows 8 Is More Secure Than Windows 7

Read the article
What I need to know if I want credit card payments in an ecommerce website

- by Andriane

I live in Costa Rica (central america). I want to build an ecommerce website with credit card payments, I know Asp.NET and SQL Server 2008. I know paypal and the express checkout solution, but many people (and clients) here doesnt like it or dont use it. Paypal and Authorize.Net dont support countries of Latin America, so if you can tell me one company who can or what can I do to setup my shopping cart, im studing right now security and how to implement SSL certificates and encrypt sensible data and PCI compliance in some way. I need this for my own framework in ASP.NET and provide ecommerce solutions here in my country.

Read the article
please help setup apache webserver and domain forwarding

- by bemonolit

Situation: I have Apache2 server with Linux Ubuntu OS 11.10. Then I install a PhP5, MyAdmin, DNS server, LAMP server, MY SQL server. This is what I have done: - check localhost 127.0.0.1 and it works! - edit index.html default webpage located in /var/www - change my IP address to static - restart /etc/init.d/apache2 restart {OK} - bought a domain name - turn off Firewall on my router Now I need Your HELP! Please tell me how and what needs to be done that other people around the world can type my domain name and connect to my server and default web page index.html located in /var/www? I do not care about security. I changed permission on /var/www/to 777 for the moment , because I want to host my simple website or webpage but only on my local server. THANK YOU this is my first server and I guess YOU got the point. And thanks for help.If possible step by step.

Read the article
Why is email HTML stuck in the 90's?

- by Sean Dunwoody

(disclaimer - I've already tried asking this on StackOverflow, but apparently it was off topic. If the same is true here please let me know and I'll close/delete this question.) I've spent about a day putting together a frustrating email newsletter, using tables, inline styles etc. It feels a lot harder than it should be. I was just wondering, is there any reason why email clients have such poor support of HTML and CSS (CSS in particular)? I would have imagined they'd be scrambling to outdo each other in this department ... Is is a security thing (I can't really imagine why)? Or are they just lazy?

Read the article
Mobile-SOA Integration by Oracle SOA Suite Customer Agilent

- by Bruce Tierney

I attended an excellent session by Oracle SOA Suite customer Rajesh Gathwala from Agilent. He said most mobile vendors have their own embedded toolsets but the problem arises when you have too many of these disparate toolsets in the organization..."How many toolsets do you want?". He highlighted his solution which standardizes on Oracle SOA Suite for integration including mobile. Here is a screenshot describing how the integration includes Oracle eBusiness Suite, Oracle Service Bus and the security solution from his presentation: You can see a video of Rajesh speaking about Agilent's Oracle SOA Suite implementation from last years OpenWorld (prior to his mobile integration).

Read the article
Dude, where is my list instance?

- by MOSSLover

I saw an MSDN Forum post today, so I looked for a ListInstance Hidden property in SharePoint 2007 features. There is none, but interestingly enough there is one in 2010. I wondered what would happen if you did this: <Elements xmlns="http://schemas.microsoft.com/sharepoint/"> <ListInstance FeatureId="00bfea71-de22-43b2-a848-c05709900100" Title="Hidden List Test" Description="Testing a hidden list." TemplateType="100" Hidden="TRUE" OnQuickLaunch="FALSE" Url="Lists/TestHidden" /> </Elements> It hides the entire list from SharePoint Designer and the browser, however you can hit the list by typing in the url in internet explorer. Pretty cool stuff. Enjoy guys. Technorati Tags: Feature,List Instance,SharePoint 2010

Read the article
Le programme de Mozilla récompensant les découvertes de failles de sécurité étendu aux applications web, 3000 $ offerts pour un bogue "extraordinaire"

Mozilla augmente les récompenses qu'elle offre aux chercheurs en sécurité informatique, 3000$ promis désormais pour la signalisation de vulnérabilités La Fondation Mozilla vient de faire une jolie promesse aux chercheurs en sécurité informatique. Elle leur promet désormais 3000 dollars au lieu de 500$, en échange d'informations concernant des failles et autres vulnérabilités dans ses produits. Ceci en l'honneur d'un "rafraîchissement du programme Security Bug Bounty" qu'elle avait lancé en 2004. L'éditeur du célèbre navigateur Firefox estime en effet qu'il est temps de proposer des récompenses "économiquement durable" aux experts en sécurité informatique afin de garantir la sécurité de ses utilisa...

Read the article
Ubuntu One Bookmark sync not working.

- by Rob

Everything in Ubuntu One sync works great except bookmark sync. I tried the wiki answer that said to run: killall beam.smp beam rm ~/.config/desktop-couch/desktop-couchdb.ini dbus-send --session --dest=org.desktopcouch.CouchDB --print-reply --type=method_call / org.desktopcouch.CouchDB.getPort This is what my terminal came back with: robin@robin-MIDWAY:~$ killall beam.smp beam beam: no process found robin@robin-MIDWAY:~$ rm ~/.config/desktop-couch/desktop-couchdb.ini rm: cannot remove `/home/robin/.config/desktop-couch/desktop-couchdb.ini': No such file or directory robin@robin-MIDWAY:~$ dbus-send --session --dest=org.desktopcouch.CouchDB --print-reply --type=method_call / org.desktopcouch.CouchDB.getPort Error org.freedesktop.DBus.Error.NoReply: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken. robin@robin-MIDWAY:~$ I'm a computer "newbie" so it's possible I'm doing something wrong, are there any tutorials out there on how to use the CouchDB? I have Bindwood installed.

Read the article
New JDeveloper/ADF book hits the bookshelves

- by Grant Ronald

I've just received a nice new copy of Sten Vesterli's book Oracle ADF Enterprise Application Development - Made Simple. I was one of the technical reviewers of the book but I'm looking forward to be able to read it end-to-end in good old fashioned book format this coming week. The book bridges the gap between those existing books that describe Oracle ADF features, and real world ADF development. So, source control, bug tracking, estimating, testing, security, packaging etc are all covered. Of course, every project and situation is different so the book could never supply a one-size-fits-all guide, but I think its a good addition to your ADF bookshelf. I'll hopefully post a full review in the coming weeks. Oh, and congratulations Sten, having gone through the pain of writing my own ADF book, I take my hat off to anyone who goes through the same journey!

Read the article
eSTEP TechCast - November 2013

- by Cinzia Mascanzoni

We are pleased to announce our next eSTEP TechCast on Thursday 7th of November and would be happy if you could join. Please see below the details for the next TechCast. Date and time: Thursday, 07. November 2013, 11:00 - 12:00 GMT (12:00 - 13:00 CET; 15:00 - 16:00 GST) Title: The Operational Management benefits of Engineered Systems Abstract: Oracle Engineered Systems require significantly less administration effort than traditional platforms. This presentation will explain why this is the case, how much can be saved and discusses the best practices recommended to maximise Engineered Systems operational efficiency. Target audience: Tech Presales Call Info: Call-in-toll-free number: 08006948154 (United Kingdom) Call-in-toll-free number: +44-2081181001 (United Kingdom) Show global numbers Conference Code: 803 594 3 Security Passcode: 9876 Webex Info (Oracle Web Conference) Meeting Number: 599 156 244 Meeting Password: tech2011 Playback / Recording / Archive: The webcasts will be recorded and will be available shortly after the event in the eSTEP portal under the Events tab, where you could find also material from already delivered eSTEP TechCasts. Use your email-adress and PIN: eSTEP_2011 to get access.

Read the article
Partner Spotlight: Deloitte

- by kellsey.ruppel

Deloitte is an Oracle Platinum level partner and has held the highest level of alliance relationship with Oracle for more than a decade. Deloitte has extensive experience implementing Oracle solutions across geographic and organizational boundaries. With more than 45,000 professionals worldwide, Deloitte has helped many Oracle WebCenter customers—including Land O’Lakes, Canadian Partnership Against Cancer, and Panda Security—deploy successful portal, collaboration, and composite application solutions. Deloitte was also the recipient of six Oracle North American Titan Awards for its deep industry experience and breadth of capabilities across Oracle’s stack of application, middleware, and hardware products. Learn more about the Deloitte/Oracle partnership in this brochure.

Read the article
New Exadata, Exalogic, Exalytics Public References

- by Javier Puerta

CUSTOMER SUCCESS STORIES & SPOTLIGHTS AmerisourceBergen (US) Oracle Exadata, Oracle Advanced Compression, Oracle Advanced Customer Support Services, Oracle Active Data Guard Published: July 31, 2014 Guangzhou Municipal Human Resources and Social Security Bureau (China) Exalogic, Enterprise Mgr Published: July 31, 2014 Norfolk Southern Corp. (US) Oracle Exadata, Oracle Exalytics, Oracle Business Intelligence Suite, Enterprise Edition Published: July 30, 2014 TDC (Denmark) Oracle Exadata, Oracle ZFS Storage Appliance, SPARC T4-4, SPARC T4-1, Oracle Solaris, Oracle Consulting, Oracle Advanced Customer Support Services Published: July 30, 2014 Chosun Ilbo (Korea) Oracle Exadata, Oracle GoldenGate Published: July 29, 2014 GIA (Gemological Institute of America) (US), Exalogic, Exadata Published: July 25, 2014 City of Lakeland (US) Oracle Exadata, Oracle Active Data Guard, Oracle Partitioning, Oracle Tuning Pack, Oracle Enterprise Manager, Oracle Diagnostics Pack, Oracle Enterprise Service Bus, Oracle Advanced Customer Support Services, Oracle Platinum Services Published: July 15, 2014 Tech Mahindra (India) Oracle Exadata, SPARC T5-4, Oracle Solaris 11, PeopleSoft Human Resources, Oracle Advanced Customer Support Services Published: July 01, 2014

Read the article
Oracle Database 11g Release 2 is SAP certified for Unix and Linux platforms.

- by jenny.gelhausen

SAP announces certification of Oracle Database 11g Release 2 on all available UNIX and Linux platforms. This certification comes along with the immediate availability of the following important options and features: * Advanced Compression Option (table, RMAN backup, expdp, DG Network) * Real Application Testing * Oracle Database 11g Release 2 Database Vault * Oracle Database 11g Release 2 RAC * Advanced Encryption for tablespaces, RMAN backups, expdp, DG Network * Direct NFS * Deferred Segments * Online Patching All above functionality has been fully integrated within the SAP products so they can be utilized and managed from within the SAP solution stack. All required migration steps can be done fully online. Learn why Oracle is the #1 Database for Deploying SAP Applications SAP Certification announcement var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); try { var pageTracker = _gat._getTracker("UA-13185312-1"); pageTracker._trackPageview(); } catch(err) {}

Read the article
New in 11gR2: Oracle Optimized System for Oracle Unified Directory (OOS4OUD) Podcast

- by Darin Pendergraft

There have been a lot of cool new features in the IDM 11gR2 related to new functionality: social log-in capability, mobile application security, and self service access requests, just to name a few. But what about performance? In the 11gR2 release we announced the availability of an Optimized System configuration for Unified Directory. Oracle is very focused on software with matching hardware that is configured and tuned to get the best performance possible. I caught up with Nick Kloski, Infrastructure Solutions Manager and asked him to talk me through the new Optimized System for OUD. Listen to the podcast interview here. Podcast Interview

Read the article
Methods to Manage/Document "one-off" Reports

- by Jason Holland

I'm a programmer that also does database stuff and I get a lot of so-called one-time report requests and recurring report requests. I work at a company that has a SQL Server database that we integrate third-party data with and we also have some third-party vendors that we have to use their proprietary reporting system to extract data in flat file format from that we don't integrate into SQL Server for security reasons. To generate many of these reports I have to query data from various systems, write small scripts to combine data from the separate systems, cry, pull my hair, curse the last guy's name that made the report before me, etc. My question is, what are some good methods for documenting the steps taken to generate these reports so the next poor soul that has to do them won't curse my name? As of now I just have a folder with subfolders per project with the selects and scripts that generated the last report but that seems like a "poor man's" solution. :)

Read the article
Creating a Successful Cloud Roadmap

- by stephen.g.bennett

No matter what type of cloud services or deployment models you are considering as part of your overall IT strategy, you must have a cloud services adoption roadmap to guide your journey. A cloud services adoption roadmap provides guidance that enables multiple projects to progress in parallel yet remain coordinated and ultimately result in a common end goal. The cloud services adoption roadmap consists of program-level efforts and a portfolio of cloud services. The program-level effort creates strategic assets such as the cloud architecture, cloud infrastructure, cloud governance, risk, and compliance (GRC) processes, and security policies that are leveraged across all the individual projects. A feature article on this topic can be found in the latest SOA and Cloud Magazine.

Read the article
Should the Joel Test be essential for every software company? [closed]

- by Mahbubur R Aaman

Joel Test has 12 steps for better code. They are: Do you use source control? Can you make a build in one step? Do you make daily builds? Do you have a bug database? Do you fix bugs before writing new code? Do you have an up-to-date schedule? Do you have a spec? Do programmers have quiet working conditions? Do you use the best tools money can buy? Do you have testers? Do new candidates write code during their interview? Do you do hallway usability testing? Should these steps mandatory for every software companies? While recruiting programmers, then programmers should ask the company, as they follow joel steps?

Read the article
Soda Cans Exploding Under the Stress of High Voltage [Video]

- by Jason Fitzpatrick

In an effort to start your Monday off in true Mad Scientist style, we bring you soda cans being decimated by thousands of volts in a “Thumper”. What is a thumper, you ask? During office hours, it’s a high-voltage testing unit most often used to stress test electric cables. In the off hours, however, the electrical engineering geeks over at The Geek Group like to shove anywhere from a few hundred to thousands of volts through unsuspecting objects to see what happens. In this installation they’re shooting high voltage through a variety of soft drink cans with an end result that sounds and looks like a cannon loaded with Mountain Dew. [via Hacked Gadgets] HTG Explains: What Is RSS and How Can I Benefit From Using It? HTG Explains: Why You Only Have to Wipe a Disk Once to Erase It HTG Explains: Learn How Websites Are Tracking You Online

Read the article
how to assign web server and domain a public ip adress

- by kdavis8

i have installed an ISO image of windows server 2008 r2 onto my VMware workstation, as a virtual server. I am trying to host my own web server for testing purposes.I have Internet service with sprint and i called them to obtain my public ip address. Now that i have my public ip address how to i assign it to my server? I also have a web domain name that i would like to point it at that web server. Do i give it the public ip address or do i give it the name of the server?

Read the article

< Previous Page | 452 453 454 455 456 457 458 459 460 461 462 463 | Next Page >