Search Results

Search found 25324 results on 1013 pages for 'folder security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 65/1013 | < Previous Page | 61 62 63 64 65 66 67 68 69 70 71 72  | Next Page >

  • Cisco adaptive security appliance is dropping packets where SYN flag is not set

    - by Brett Ryan
    We have an apache instance sitting inside our DMZ which is configured to proxy requests to an internal NATed tomcat instance inside our network. It works fine, but then all of a sudden requests from apache to the tomcat instance stop getting through with the following in the apache logs: [error] (70007)The timeout specified has expired: ajp_ilink_receive() can't receive header Investigating into the Cisco log viewer reveals the following: Error Message %ASA-6-106015: Deny TCP (no connection) from IP_address/port to IP_address/port flags tcp_flags on interface interface_name. Explanation The adaptive security appliance discarded a TCP packet that has no associated connection in the adaptive security appliance connection table. The adaptive security appliance looks for a SYN flag in the packet, which indicates a request to establish a new connection. If the SYN flag is not set, and there is not an existing connection, the adaptive security appliance discards the packet. Recommended Action None required unless the adaptive security appliance receives a large volume of these invalid TCP packets. If this is the case, trace the packets to the source and determine the reason these packets were sent. All are machines are virtualised using VMware, and by default machines have been using the Intel E1000 emulated NIC. Our network administrator has changed this to a VMXNET3 driver in an attempt to correct the problem, we just have to wait and see if the problem persists as it's an intermittent problem. Is there something else that could be causing this problem? This isn't the first service where we have had similar issues. Our apache host is running Ubuntu 11.10 with a kernel version of 3.0.0-17-server. We have also had this issue on RHEL5 (5.8) running kernel 2.6.18-308.16.1.el5, this machine also has the E1000 NIC. NOTE: I am not a network administrator and am a software architect and analyst programmer responsible for these systems.

    Read the article

  • "Checksum failed" during Kerberos SSO

    - by Buddy Casino
    This is an error that occurs when a mod_auth_kerb protected webapp is being accessed, and I have no idea what the cause might be. Can anyone give hints as into which direction I should look? Thankful for any help! Search Subject for Kerberos V5 ACCEPT cred (HTTP/[email protected], sun.security.jgss.krb5.Krb5AcceptCredential) Found key for HTTP/[email protected](23) Entered Krb5Context.acceptSecContext with state=STATE_NEW >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType Checksum failed ! 16:36:30,248 TP-Processor31 WARN [site.servlet.KerberosSessionSetupPrivilegedAction] Caught GSS Error GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed) at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:741) at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:323) at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:267) at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:741) at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:323) at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:267) at org.alfresco.web.site.servlet.KerberosSessionSetupPrivilegedAction.run(KerberosSessionSetupPrivilegedAction.java:95) at org.alfresco.web.site.servlet.KerberosSessionSetupPrivilegedAction.run(KerberosSessionSetupPrivilegedAction.java:44) at org.alfresco.web.site.servlet.KerberosSessionSetupPrivilegedAction.run(KerberosSessionSetupPrivilegedAction.java:44) at java.security.AccessController.doPrivileged(Native Method) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:337) at org.alfresco.web.site.servlet.SSOAuthenticationFilter.doKerberosLogon(SSOAuthenticationFilter.java:994) at org.alfresco.web.site.servlet.SSOAuthenticationFilter.doKerberosLogon(SSOAuthenticationFilter.java:994) at org.alfresco.web.site.servlet.SSOAuthenticationFilter.doFilter(SSOAuthenticationFilter.java:438) at org.alfresco.web.site.servlet.SSOAuthenticationFilter.doFilter(SSOAuthenticationFilter.java:438) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:555) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298) at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190) at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:291) at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:774) at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:703) at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:896) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690) at java.lang.Thread.run(Thread.java:662) Caused by: KrbException: Checksum failed at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:85) at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:77) at sun.security.krb5.EncryptedData.decrypt(EncryptedData.java:168) at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:268) at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:134) at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:79) at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:724) ... 24 more Caused by: java.security.GeneralSecurityException: Checksum failed at sun.security.krb5.internal.crypto.dk.ArcFourCrypto.decrypt(ArcFourCrypto.java:388) at sun.security.krb5.internal.crypto.ArcFourHmac.decrypt(ArcFourHmac.java:74) at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:83) ... 30 more

    Read the article

  • How to give a user NTFS rights to a folder, via Powershell

    - by Don
    I'm trying to build a script that will create a folder for a new user on our file server. Then take the inherited rights away from that folder and add specific rights back in. I have it successfully adding the folder (if i give it a static entry in the script), giving domain admin rights, removing inheritance, etc...but i'm having trouble getting it to use a variable I set as the user. I don't want there to be a static user each time, I want to be able to run this script, have it ask me for a username, it then goes out and creates the folder, then gives that same user full rights to that folder based on the username i've supplied it. I can use Smithd as a user, like this: New-Item \\fileserver\home$\Smithd –Type Directory But can't get it to reference the user like this: New-Item \\fileserver\home$\$username –Type Directory Here's what i have: Creating a new folder and setting NTFS permissions. $username = read-host -prompt "Enter User Name" New-Item \\\fileserver\home$\$username –Type Directory Get-Acl \\\fileserver\home$\$username $acl = Get-Acl \\\fileserver\home$\$username $acl.SetAccessRuleProtection($True, $False) $rule = New-Object System.Security.AccessControl.FileSystemAccessRule("Administrators","FullControl", "ContainerInherit, ObjectInherit", "None", "Allow") $acl.AddAccessRule($rule) $rule = New-Object System.Security.AccessControl.FileSystemAccessRule("Domain\Domain Admins","FullControl", "ContainerInherit, ObjectInherit", "None", "Allow") $acl.AddAccessRule($rule) $rule = New-Object System.Security.AccessControl.FileSystemAccessRule("Domain\"+$username,"FullControl", "ContainerInherit, ObjectInherit", "None", "Allow") $acl.AddAccessRule($rule) Set-Acl \\\fileserver\home$\$username $acl I've tried several ways to get it to work, but no luck. Any ideas or suggestions would be welcome, thanks.

    Read the article

  • GPO best practices : Security-Group Filtering Versus OU

    - by Olivier Rochaix
    Good afternoon everyone, I'm quite new to Active Directory stuff. After upgraded Functional level of our AD from 2003 to 2008 R2 (I need it to put fine-grained password policy), I then start to reorganized my OUs. I keep in mind that a good OU organization facilitate application of GPO (and maybe GPP).But in the end, it feels more natural for me to use Security-group filtering (from Scope tab) to apply my policies, instead of direct OU. Do you think it is a good practice or should I stick to OU ? We are a small organisation with 20 users and 30-35 computers. So, we got a simple OU tree, but more subtle split with security-groups. The OU tree doesn't contain any objects except at the bottom level. Each bottom level OU contains Computers,Users, and of course security groups. These security groups contains Users & Computers of the same OU. Thanks for your advices, Olivier

    Read the article

  • Security log overflowing with filtering blocks

    - by Jacob
    I have a Windows 7 workstation whose security log is overflowing with the following errors: Audit Failure 3/31/2010 2:00:50 PM Microsoft-Windows-Security-Auditing 5157 Filtering Platform Connection "The Windows Filtering Platform has blocked a connection." Audit Failure 3/31/2010 2:00:50 PM Microsoft-Windows-Security-Auditing 5152 Filtering Platform Packet Drop "The Windows Filtering Platform has blocked a packet." These are not unexpected events; the firewall is expected to drop unsolicited traffic. However, I can't figure out how to tell Windows to stop writing these events to the security log. I've seen this problem before and have been able to find an answer with the use of Google, but I wasn't able to locate on this this time. Thanks!

    Read the article

  • Create a special folder within an outlook PST file

    - by Tony Dallimore
    Original question I have two problems caused by missing special folders. I added a second email address for which Outlook created a new PST file with an Inbox to which emails are successfully imported. But there is no Deleted Items folder. If I attempt to delete an unwanted email it is struck out. If move an email to a different PST file it is copied. I created a new PST file using Data File Management. This PST file has no Drafts folder. This is not important but I fail to see why I cannot have Drafts folder if I want. Any suggestions for solving these problems, particularly the first, gratefully received. Update Thanks to Ramhound and Dave Rook for their helpful responses to my original question. I assumed the problem of not have a Drafts folder in an Archive PST file and not having a Deleted Items folder associated with an Inbox were part of the same problem or I would not have mentioned the Drafts folder issue since I have an easy work-around. Perhaps my question should have been: How to I load emails from an IMAP account and be able to delete the spam?

    Read the article

  • Windows SteadyState - system's security log is full

    - by Matt
    Quick version: New computer, attached to Windows domain, with SteadyState w/ Disk Protection turned on, cannot log on as domain user because Windows states 'system security log is full' Troubleshooting performed: disabled all 'restrictions' listed in SteadyState, cleared system security log, changed security log settings to overwrite entries when it becomes full, restarted computer to commit changes, verified changes were commited - still cannot log on as domain user, changed Documents and Settings folder to another partition, still cannot log on as domain user Let me know if you need a more detailed description of any steps performed. I appreciate any help you can give me.

    Read the article

  • Rsync: General file/folder synchronization

    - by Rey Leonard Amorato
    I have a file server, which is in-charge of pulling a folder tree from multiple workstations on a daily basis. My current method for this is by using rsync, (which works pretty well provided directory names and/or files remain the same) however, when files are renamed or moved about within subdir1, rsync will copy them over to the server, creating duplicates. I have to manually find and delete extraneous files/folders that had been left on the server during previous syncs. Note that I cannot use rsync's --delete flag because any sync from a workstation will then mirror that particular folder tree, instead of merging them to the server. Visual diagram: Server: Workstation1 Workstation2 Workstation(n) Folder* Folder* Folder* Folder* -subdir1 -subdir1 -subdir1 -subdir(n) -file1 -file1 -file2 -file(n) -file2 -file(n) Is there a simple script (preferably in bash, nothing fancy) that can accomplish the deletion of the extraneous files/folders in the event a file is renamed or moved to a different subdir? Is there a different program, much like rsync that can accomplish this task autonomously and in a much simpler manner? I have looked at unison, but I did not like the fact that it keeps a local database for the syncing info. Any tips at all as to how I am supposed to tackle this? Thank you in advanced for your help. EDIT: I have tried unison just recently and I can safely say it is out of the question now. unison is a bi-directional synchronization tool and from my testing, it mirrors the files existing on the server to all workstations. - This is unwanted. preferably, i would want files/folders to stay within their respective workstations and just merge to the server. AKA uni-directional sync; but with renames/moves propagated to the server. I might have to look into Git/Mercurial/Bazaar as mentioned by kyle, but still unsure if they are fit for the job.

    Read the article

  • IIS7 - how to place application in a folder inside application web site

    - by Nir
    I have a static web site with a blog (an asp.net application), the blog is in a subdirectory of the web site so: example.com/, example.com/Something.htm, example.com/folder/somefile.htm, etc. - are all static files example.com/blog, example.com/blog/categories.aspx, example.com/blog/2011/11/09/post-name.aspx, etc. - all go to the blog app I'm upgrading the static part of the web site to a dynamic site (also an asp.net application) and the blog is incompatible with the new app (the app needs handlers and modules loaded in web.config that don't work with the blog) Also, I have to keep all the old URLs the same - so I can't move the blog to a subdomain or the new app to a folder and the blog generates links based on its folder so clever redirection tricks wouldn't work. Is there a way to place an asp.net application in a folder inside another application (either as a real or virtual folder) so that the root web.config settings don't apply to the application folder? Or some other trick I didn't think of? The system is running IIS7 on Windows Server 2008 64bit, I have full control over the server's configuration. I can't modify the blog's source code but I can edit its web.config and other configuration. I can modify the source of the new application but I can't make it compatible with the blog (most of its usefulness comes from a 3rd party library that is not compatible with the blog). The blog in an asp.net 3.5 webforms application The new root application is an asp.net 4.0 mvc application

    Read the article

  • Group policy not applying to security group

    - by ihavenoideawhatimdoing
    Preface: I have enough privileges to create GPOs in my OU, and have made a few of them for some simple tasks (like deploying a printer to certain users). Not actually a sysadmin...I'm a developer who is winging it. I wanted to create a GPO that would set a mapped folder for a certain security group (which I recently created and that contains only myself). Did the following: Created the GPO in MyOU - Users Removed the default Authenticted Users under Security Filtering Add the security group with my account to Security Filtering Set up the mapping via the User Configuration option Changed GPO Status to "Computer configuration settings disabled" Left WMI filtering to Closed the GPO at this point... Logged in as the target user; ran gpupdate /force Logged out, logged in, ran gpresult /r, no mention of my GPO Rebooted Logged in, re-ran gpupdate /force Logged out, logged in, ran gpresult /r, still no mention of my GPO If I log in with another completely different user, their RSOP information shows that the new GPO is being ignored due to a security restriction, so it appears to be "working" for other users. I just can't get it to actually show up in RSOP for the user it should be working. Is there anything else I can do short of rebooting endlessly and crossing my fingers?

    Read the article

  • Group Policy for IE Security Zones

    - by Doug Luxem
    We are currently using the following Group Policy to control the Internet Explorer security zones: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page Then setting the Site to Zone Assignment List with the various values using the following chart: Value Setting ------------------------------ 0 My Computer 1 Local Intranet Zone 2 Trusted sites Zone 3 Internet Zone 4 Restricted Sites Zone This works well; however, users are then unable to edit (or especially add) to their zone settings. Is there a way to lock in our custom zone settings while still giving users the ability to add their own sites to the security zones? Yes, I do realize the slight security risk in opening this up.

    Read the article

  • XCOPY access denied error on My Documents folder

    - by Ryan M.
    Here's the situation. We have a file server set up at \fileserver\ that has a folder for every user at \fileserver\users\first.last I'm running an xcopy command to backup the My Documents folder from their computer to their personal folder. The command I'm running is: xcopy "C:\Users\%username%\My Documents\*" "\\fileserver\users\%username%\My Documents" /D /E /O /Y /I I've been silently running this script at login without the users knowing, just so I can get it to work before telling them what it does. After I discovered it wasn't working, I manually ran the batch script that executes the xcopy command on one of their computers and get an access denied error. I then logged into a test account on my own computer and got the same error. I checked all the permissions for the share and security and they're set to how I want them. I can manually browse to that folder and create new files. I can drag and drop items into the \fileserver\users\first.last location and it works great. So I try something else to try and find the source of the access denied problem. I ran an xcopy command to copy the My Documents folder to a different location on the same machine and I still got the access denied error! So xcopy seems to be denied access when it tries to copy the My Documents folder. Any suggestions on how I can get this working? Anyone know the reason behind the access denied error?

    Read the article

  • Win7 System folder contains infinitely looping SYSTEM(!) directory

    - by Matt
    My Windows 7 Enterprise computer has been crashing fairly frequently recently, so I decided to boot up in safe mode and run the TrendMicro client I have installed. It froze about 10 minutes into the full system scan, so in the spirit of http://whathaveyoutried.com, I started scanning each folder individually. When I got to ProgramData, the AV failed with an uncaught exception. I then went down a level and tried scanning Application Data, which failed as well. Imagine my surprise when I open the folder just to see the same folder again! As far as I can tell, this folder loop continues indefinitely. (If you are trying to recreate this, keep in mind that ProgramData is a hidden folder.) I'm actually a bit concerned that these are system folders, as this is a brand-new computer with a clean installation. I guess I have three questions: Has anyone else seen/experienced this before? I'm running Win7 SP1. How do I fix this? I've run CHKDSK \F with no success (although it was incredibly slow). What are the ramifications of an infinitely recursive directory? Theoretically speaking, each link takes up memory, so shouldn't I have no space available on my hard drive? (I've got about 180GB left.) I noticed that the tree view on the left only shows the "linked folder" icon on the deeper folders--does this mean anything special? (I've circled the icons or lack thereof in red.) How can the OS even resolve this aberration? And above all, what would happen if I were to select "Expand all folders"??? :P Matt

    Read the article

  • Super slow opening my downloads folder

    - by Mark
    I have an exe file in my download folder that I half downloaded through utorrent (it's not piracy, a legit file from people who use bittorrent to distribute large files). I think I tried to open it while it was still sharing, that is, did not stop the upload. That actually froze my computer. When I restart in utorrent I set the file to be deleted. Unfortunately even though utorrent doesn't see that file anymore, it's still visible in my download folder. Whenever I try to open my download folder it literally takes 10 minutes or more. It opens, but is empty and the blue progress bar needs a long time to complete. After completion I can use the download folder normally, but opening and closing things in that folder takes a long time. I see the exe that I tried to download. I tried to delete it. But it was taking so long 30+ minutes that I eventually just hit cancel. That doesn't even work, and it was slowing down the computer. Couldn't figure out how to stop the delete so I just pulled the plug. Should I just forget about that dl folder and set a new one? Is there something I can do? Thanks.

    Read the article

  • How does Slackware handle security updates?

    - by Abtin Forouzandeh
    I use a distribution that uses apt for package management and am accustomed to letting apt grab a list of package changes. I generally let it install all the needed security updates. I've been considering migrating to slackware. However, it seems slackware does not have a package management system. How would I learn about new security updates? Is the only way to monitor http://www.slackware.com/security/?

    Read the article

  • Windows Server 2012 File Security Warning

    - by Technicolour
    I've mapped my domain users to a remote share, and I'm trying to get rid of the security warning that appears whenever a file is run from the remote share. I've tried adding the FQDN to the intranet list with no prevail and I'm starting to go crazy. I've also turned off IE Enhanced Security Configuration for both Admins and Users. The group policies are being applied, and I can see the FQDN in the intranet list in internet options. Relevant group policy: Relevant security warning:

    Read the article

  • IIS7.5 - about app pool ID's and folder read/write access

    - by merk
    I did some searching and it looks like for each app pool, there should be an account created called IIS APPPOOL\AppPoolName - however i can see no such account when i try to modify the permissions on a folder to give that app write access. The closest I have found is the IIS_IUSRS group. Now, if i go into that group and look at the members, i see several IIS APPPOOL\PoolName members. But where are these members coming from? Why don't they show up under the users? And why can't i add a specific one to a folder? It doesn't make sense to me to add the IIS_IUSRS group to a folder since they gives every site access to the folder. To be more specific, I'm setting up wordpress and it unfortunately wants write access to the root folder. So i want to restrict it as much a possible. I was trying to figure out how to set it so that the WP root folder has write access only for the ID that the blog's app pool is running under. When i drill down into the IIS_IUSRS group, i do not see the app pool for the blog listed there. The settings for the blog's app pool are: No managed code, Classic, ApplicationPoolIdentity, and it's named 'blog' So any explanations regarding these users that are created for the app pools, and why the blog doesn't seem to belong to the iusrs group? thanks

    Read the article

  • Folder Sharing NTFS permissions with Share Permission

    - by Muhammad Adly
    i have a problem on my domain, the history starting from when i had a server with WIN 2008 r2 installed with the following roles installed on it (AD, DNS, DHCP, File). From 1 month i decided to install a new server 2008 r2 server to get (AD, DNS, DHCP) and leave the file server on the old one. i did the following exactly: 1) robocopy all my data on external HDD 2) Install a new server with 2008 r2 3) transfer all 5 roles to transfer the domain to the new server (MainDC) 4) issue (NETLOGON, SYSVOL) not transferred but i decided to reinitialize them again an now they are operating (MainDC) 5) re-create and re-configure a new GPOs and link it to my OUs 6) reinstall Old server operating system with a fresh installation of WIN 2008 R2 (FileServer) 7) join my domain with my domain credentials. the issue when i tried to share folder on \fileserver the permissions that i had set in sharing permissions are applied on the main shared folder and subfolders. the security settings are not applied. i.e. Say i'm sharing \fileserver\MainFolder with sharing permission for Authenticated Users that can read, so every one can read this main shared folder, if i set security permission for \fileserver\MainFolder\User1 that User1 can Read\Write\Modify. User1 can not perform this processes when accessing it from Network Share, i tried alot of steps from topics online get ownership for folder, remove inheritance from parent folder, applying changes for child objects, i tried also to construct a new folder structure but also the same issue, i tried another host PC, also i get the same issue.

    Read the article

  • How to make a request from an android app that can enter a Spring Security secured webservice method

    - by johnrock
    I have a Spring Security (form based authentication) web app running CXF JAX-RS webservices and I am trying to connect to this webservice from an Android app that can be authenticated on a per user basis. Currently, when I add an @Secured annotation to my webservice method all requests to this method are denied. I have tried to pass in credentials of a valid user/password (that currently exists in the Spring Security based web app and can log in to the web app successfully) from the android call but the request still fails to enter this method when the @Secured annotation is present. The SecurityContext parameter returns null when calling getUserPrincipal(). How can I make a request from an android app that can enter a Spring Security secured webservice method? Here is the code I am working with at the moment: Android call: httpclient.getCredentialsProvider().setCredentials( //new AuthScope("192.168.1.101", 80), new AuthScope(null, -1), new UsernamePasswordCredentials("joeuser", "mypassword")); String userAgent = "Android/" + getVersion(); HttpGet httpget = new HttpGet(MY_URI); httpget.setHeader("User-Agent", userAgent); httpget.setHeader("Content-Type", "application/xml"); HttpResponse response; try { response = httpclient.execute(httpget); HttpEntity entity = response.getEntity(); ... parse xml Webservice Method: @GET @Path("/payload") @Produces("application/XML") @Secured({"ROLE_USER","ROLE_ADMIN","ROLE_GUEST"}) public Response makePayload(@Context Request request, @Context SecurityContext securityContext){ Payload payload = new Payload(); payload.setUsersOnline(new Long(200)); if (payload == null) { return Response.noContent().build(); } else{ return Response.ok().entity(payload).build(); } }

    Read the article

  • Flash Player, security: If a URL starts with "http://" will the SWF always be loaded into REMOTE san

    - by Pavel
    Seems to be a question for a Flash security guru. Suppose we are loading an external SWF movie with MovieClipLoader.loadMovie(url:String) Is it safe to assume that if url starts with "http://", the movie will be loaded in REMOTE sandbox? We need to tell local SWFs from remote ones to close a security hole. If you need the context read on. We have developed a Projector, written in C++ embedding Flash Player ActiveX. Our Flash application runs inside the Projector. Soon we want to give our users a way to create plugins for the application. The plugins are obviously will be SWF movies. The case I'm afraid of is the following. A bad person creates a malicious evil.swf pretending it to be nice plugin for our app. In case evil.swf is loaded from the local file system it is granted an access to the whole MovieClip tree and Projector API, opening C++ file access operations. On the other hand if evil.swf is loaded from the internet, remotely, it will be locked in REMOTE sandbox by Flash security model. Because of this, we need a reliable way to tell local SWF from remote one before loading it. And we must not make a mistake. So again, is it safe to assume that if url begins with "http://", the clip will be loaded inside REMOTE sandbox?

    Read the article

  • Umbraco Permissions Script - Secure Version

    - by Vizioz Limited
    Back in May I blogged about how to set Permissions for Umbraco using SetACL to set the appropriate directory permissions based on the installation recommendations.Recently I have been working on a site for a client who wanted every security item to be locked down as tightly as possible. And so I modified the script based on the Umbraco security best practices, I thought I'd share it with everyone, if I have missed anything, or if anyone has any suggestions on how to improve this, please let me know :)Please refer to my previous post regarding the SetAcl command line application that you will need.I suggest you save the following into a batch file called: umbPermSecure.batecho offREM Script to setup the Security Permissions for an Umbraco siteREM This script will give your machine Network Service the minimum rights requiredREM for Umbraco to workREM I suggest you update this script to also remove any users who do not need REM access to the web foldersREM **** Pre-requisites ****REM You will need to download - http://setacl.sourceforge.net/REM It is assumed that you have stored SetACL in a directory called, C:\SetACL ifREM not, you will need to modify the script.REM **** Usage ****REM You need to pass in the path for the root of your Umbraco directoryREM E.g. umbPermSecure.bat C:\inetpub\umbracoroot@echo umbPermSecure.bat - Script to set Umbraco File and Directory Permissions@echo based on the Umbraco Security Best Practices Document (13th March 2009)@echo Published by Chris Houston - 19th October 2009@echo http://blog.vizioz.com@echo Adding READ only access SetACL.exe -on "%1" -ot file -actn ace -ace "n:%computername%\NETWORK SERVICE;p:read" -actn clear -clr "dacl,sacl" -log "c:\setacl\log.txt"SetACL.exe -on "%1\web.config" -ot file -actn ace -ace "n:%computername%\NETWORK SERVICE;p:read" -actn clear -clr "dacl,sacl" -log "c:\setacl\log.txt"SetACL.exe -on "%1\bin" -ot file -actn ace -ace "n:%computername%\NETWORK SERVICE;p:read" -actn clear -clr "dacl,sacl" -log "c:\setacl\log.txt"SetACL.exe -on "%1\umbraco" -ot file -actn ace -ace "n:%computername%\NETWORK SERVICE;p:read" -actn clear -clr "dacl,sacl" -log "c:\setacl\log.txt"@echo Adding READ and EXECUTE access SetACL.exe -on "%1\app_code" -ot file -actn ace -ace "n:%computername%\NETWORK SERVICE;p:read_ex" -actn clear -clr "dacl,sacl" -log "c:\setacl\log.txt"SetACL.exe -on "%1\usercontrols" -ot file -actn ace -ace "n:%computername%\NETWORK SERVICE;p:read_ex" -actn clear -clr "dacl,sacl" -log "c:\setacl\log.txt"@echo Adding READ, WRITE and MODIFY access SetACL.exe -on "%1\config" -ot file -actn ace -ace "n:%computername%\NETWORK SERVICE;p:read" -ace "n:%computername%\NETWORK SERVICE;p:change" -actn clear -clr "dacl,sacl" -log "c:\setacl\log.txt"SetACL.exe -on "%1\css" -ot file -actn ace -ace "n:%computername%\NETWORK SERVICE;p:read" -ace "n:%computername%\NETWORK SERVICE;p:change" -actn clear -clr "dacl,sacl" -log "c:\setacl\log.txt"SetACL.exe -on "%1\data" -ot file -actn ace -ace "n:%computername%\NETWORK SERVICE;p:read" -ace "n:%computername%\NETWORK SERVICE;p:change" -actn clear -clr "dacl,sacl" -log "c:\setacl\log.txt"SetACL.exe -on "%1\masterpages" -ot file -actn ace -ace "n:%computername%\NETWORK SERVICE;p:read" -ace "n:%computername%\NETWORK SERVICE;p:change" -actn clear -clr "dacl,sacl" -log "c:\setacl\log.txt"SetACL.exe -on "%1\media" -ot file -actn ace -ace "n:%computername%\NETWORK SERVICE;p:read" -ace "n:%computername%\NETWORK SERVICE;p:change" -actn clear -clr "dacl,sacl" -log "c:\setacl\log.txt"SetACL.exe -on "%1\python" -ot file -actn ace -ace "n:%computername%\NETWORK SERVICE;p:read" -ace "n:%computername%\NETWORK SERVICE;p:change" -actn clear -clr "dacl,sacl" -log "c:\setacl\log.txt"SetACL.exe -on "%1\scripts" -ot file -actn ace -ace "n:%computername%\NETWORK SERVICE;p:read" -ace "n:%computername%\NETWORK SERVICE;p:change" -actn clear -clr "dacl,sacl" -log "c:\setacl\log.txt"SetACL.exe -on "%1\xslt" -ot file -actn ace -ace "n:%computername%\NETWORK SERVICE;p:read" -ace "n:%computername%\NETWORK SERVICE;p:change" -actn clear -clr "dacl,sacl" -log "c:\setacl\log.txt"

    Read the article

  • This file does not have a program associated with it for performing

    - by Abu Hamzah
    update 2: HKEY_CLASSES_ROOT\folder ContentViewModeLayoutPatternForBrowse REG_SZ delta ContentViewModeForBrowse REG_SZ prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified ContentViewModeLayoutPatternForSearch REG_SZ alpha ContentViewModeForSearch REG_SZ prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay (Default) REG_SZ Folder EditFlags REG_BINARY D2030000 FullDetails REG_SZ prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size NoRecentDocs REG_SZ ThumbnailCutoff REG_DWORD 0x0 TileInfo REG_SZ prop:System.Title;System.ItemTypeText HKEY_CLASSES_ROOT\folder\DefaultIcon (Default) REG_EXPAND_SZ %SystemRoot%\System32\shell32.dll,3 HKEY_CLASSES_ROOT\folder\shell HKEY_CLASSES_ROOT\folder\shell\explore HKEY_CLASSES_ROOT\folder\shell\explore\command HKEY_CLASSES_ROOT\folder\shell\open MultiSelectModel REG_SZ Document HKEY_CLASSES_ROOT\folder\shell\open\command DelegateExecute REG_SZ {11dbb47c-a525-400b-9e80-a54615a090c0} (Default) REG_EXPAND_SZ %SystemRoot%\Explorer.exe HKEY_CLASSES_ROOT\folder\shell\opennewprocess MUIVerb REG_SZ @shell32.dll,-8518 MultiSelectModel REG_SZ Document Extended REG_SZ LaunchExplorerFlags REG_DWORD 0x3 ExplorerHost REG_SZ {ceff45ee-c862-41de-aee2-a022c81eda92} HKEY_CLASSES_ROOT\folder\shell\opennewprocess\command DelegateExecute REG_SZ {11dbb47c-a525-400b-9e80-a54615a090c0} HKEY_CLASSES_ROOT\folder\shell\opennewwindow MUIVerb REG_SZ @shell32.dll,-8517 MultiSelectModel REG_SZ Document OnlyInBrowserWindow REG_SZ LaunchExplorerFlags REG_DWORD 0x1 HKEY_CLASSES_ROOT\folder\shell\opennewwindow\command DelegateExecute REG_SZ {11dbb47c-a525-400b-9e80-a54615a090c0} HKEY_CLASSES_ROOT\folder\ShellEx HKEY_CLASSES_ROOT\folder\ShellEx\ColumnHandlers HKEY_CLASSES_ROOT\folder\ShellEx\ColumnHandlers\{0561EC90-CE54-4f0c-9C55-E226110A740C} (Default) REG_SZ Haali Column Provider HKEY_CLASSES_ROOT\folder\ShellEx\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627} (Default) REG_SZ PDF Column Info HKEY_CLASSES_ROOT\folder\ShellEx\ContextMenuHandlers HKEY_CLASSES_ROOT\folder\ShellEx\ContextMenuHandlers\Adobe.Acrobat.ContextMenu (Default) REG_SZ {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} HKEY_CLASSES_ROOT\folder\ShellEx\ContextMenuHandlers\BriefcaseMenu (Default) REG_SZ {85BBD920-42A0-1069-A2E4-08002B30309D} HKEY_CLASSES_ROOT\folder\ShellEx\ContextMenuHandlers\ESET Smart Security - Context Menu Shell Extension (Default) REG_SZ {B089FE88-FB52-11D3-BDF1-0050DA34150D} HKEY_CLASSES_ROOT\folder\ShellEx\ContextMenuHandlers\LavasoftShellExt (Default) REG_SZ {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} HKEY_CLASSES_ROOT\folder\ShellEx\ContextMenuHandlers\Library Location (Default) REG_SZ {3dad6c5d-2167-4cae-9914-f99e41c12cfa} HKEY_CLASSES_ROOT\folder\ShellEx\ContextMenuHandlers\MagicISO (Default) REG_SZ {DB85C504-C730-49DD-BEC1-7B39C6103B7A} HKEY_CLASSES_ROOT\folder\ShellEx\ContextMenuHandlers\MBAMShlExt (Default) REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\folder\ShellEx\ContextMenuHandlers\WinRAR (Default) REG_SZ {B41DB860-8EE4-11D2-9906-E49FADC173CA} HKEY_CLASSES_ROOT\folder\ShellEx\ContextMenuHandlers\WS_FTP (Default) REG_SZ {797F3885-5429-11D4-8823-0050DA59922B} HKEY_CLASSES_ROOT\folder\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX (Default) REG_SZ {6C467336-8281-4E60-8204-430CED96822D} HKEY_CLASSES_ROOT\folder\ShellEx\DragDropHandlers HKEY_CLASSES_ROOT\folder\ShellEx\DragDropHandlers\WinRAR (Default) REG_SZ {B41DB860-8EE4-11D2-9906-E49FADC173CA} HKEY_CLASSES_ROOT\folder\ShellEx\DragDropHandlers\{BD472F60-27FA-11cf-B8B4-444553540000} (Default) REG_SZ HKEY_CLASSES_ROOT\folder\ShellEx\PropertySheetHandlers HKEY_CLASSES_ROOT\folder\ShellEx\PropertySheetHandlers\BriefcasePage (Default) REG_SZ {85BBD920-42A0-1069-A2E4-08002B30309D} HKEY_CLASSES_ROOT\folder\ShellNew Directory REG_SZ IconPath REG_EXPAND_SZ %SystemRoot%\system32\shell32.dll,3 ItemName REG_SZ @shell32.dll,-30396 MenuText REG_SZ @shell32.dll,-30317 NonLFNFileSpec REG_SZ @shell32.dll,-30319 HKEY_CLASSES_ROOT\folder\ShellNew\Config AllDrives REG_SZ IsFolder REG_SZ NoExtension REG_SZ update: HKEY_CLASSES_ROOT\Directory AlwaysShowExt REG_SZ (Default) REG_SZ File Folder EditFlags REG_BINARY D2010000 FriendlyTypeName REG_SZ @shell32.dll,-10152 FullDetails REG_SZ prop:System.PropGroup.Description;System.DateCreated;System.FileCount;System.TotalFileSize InfoTip REG_SZ prop:System.Comment;System.DateCreated NoRecentDocs REG_SZ PreviewDetails REG_SZ prop:System.DateModified;*System.SharedWith;*System.OfflineAvailability;*System.OfflineStatus PreviewTitle REG_SZ prop:System.ItemNameDisplay;System.ItemTypeText HKEY_CLASSES_ROOT\Directory\Background HKEY_CLASSES_ROOT\Directory\Background\shell HKEY_CLASSES_ROOT\Directory\Background\shell\cmd (Default) REG_SZ @shell32.dll,-8506 Extended REG_SZ NoWorkingDirectory REG_SZ HKEY_CLASSES_ROOT\Directory\Background\shell\cmd\command (Default) REG_SZ cmd.exe /s /k pushd "%V" HKEY_CLASSES_ROOT\Directory\Background\shellex HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\Gadgets (Default) REG_SZ {6B9228DA-9C15-419e-856C-19E768A13BDC} HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\igfxcui (Default) REG_SZ {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\New (Default) REG_SZ {D969A300-E7FF-11d0-A93B-00A0C90F2719} HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\Sharing (Default) REG_SZ {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX (Default) REG_SZ {6C467336-8281-4E60-8204-430CED96822D} HKEY_CLASSES_ROOT\Directory\DefaultIcon (Default) REG_EWindows Windows XPAND_SZ %SystemRoot%\System32\shell32.dll,3 HKEY_CLASSES_ROOT\Directory\shell (Default) REG_SZ none HKEY_CLASSES_ROOT\Directory\shell\cmd (Default) REG_SZ @shell32.dll,-8506 Extended REG_SZ NoWorkingDirectory REG_SZ HKEY_CLASSES_ROOT\Directory\shell\cmd\command (Default) REG_SZ cmd.exe /s /k pushd "%V" HKEY_CLASSES_ROOT\Directory\shell\find LegacyDisable REG_SZ SuppressionPolicy REG_DWORD 0x80 HKEY_CLASSES_ROOT\Directory\shell\find\command (Default) REG_EWindows Windows XPAND_SZ %SystemRoot%\EWindows Windows XPlorer.exe DelegateExecute REG_SZ {a015411a-f97d-4ef3-8425-8a38d022aebc} HKEY_CLASSES_ROOT\Directory\shell\find\ddeexec (Default) REG_SZ [FindFolder("%l", %I)] NoActivateHandler REG_SZ HKEY_CLASSES_ROOT\Directory\shell\find\ddeexec\application (Default) REG_SZ Folders HKEY_CLASSES_ROOT\Directory\shell\find\ddeexec\topic (Default) REG_SZ AppProperties HKEY_CLASSES_ROOT\Directory\shell\OneNote.Open (Default) REG_SZ Open as Notebook in OneNote HKEY_CLASSES_ROOT\Directory\shell\OneNote.Open\Command (Default) REG_SZ C:\PROGRA~1\Microsoft Office\Office12\ONENOTE.EXE "%L" HKEY_CLASSES_ROOT\Directory\shellex HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\CuteFTP 8 Professional (Default) REG_SZ {8f7261d0-d2b9-11d2-9909-00605205b24c} HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\EncryptionMenu (Default) REG_SZ {A470F8CF-A1E8-4f65-8335-227475AA5C46} HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\MagicISO (Default) REG_SZ {DB85C504-C730-49DD-BEC1-7B39C6103B7A} HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\Sharing (Default) REG_SZ {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\ShellExtension HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\WinRAR (Default) REG_SZ {B41DB860-8EE4-11D2-9906-E49FADC173CA} HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX (Default) REG_SZ {6C467336-8281-4E60-8204-430CED96822D} HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153} HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem (Default) REG_SZ {217FC9C0-3AEA-1069-A2DB-08002B30309D} HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing (Default) REG_SZ {40dd6e20-7c17-11ce-a804-00aa003ca9f6} HKEY_CLASSES_ROOT\Directory\shellex\DragDropHandlers HKEY_CLASSES_ROOT\Directory\shellex\DragDropHandlers\WinRAR (Default) REG_SZ {B41DB860-8EE4-11D2-9906-E49FADC173CA} HKEY_CLASSES_ROOT\Directory\shellex\DragDropHandlers\WS_FTP (Default) REG_SZ {1D83C7B3-C931-4850-BED0-D3FE8B3F5808} HKEY_CLASSES_ROOT\Directory\shellex\PropertySheetHandlers HKEY_CLASSES_ROOT\Directory\shellex\PropertySheetHandlers\Sharing (Default) REG_SZ {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} HKEY_CLASSES_ROOT\Directory\shellex\PropertySheetHandlers\{1f2e5c40-9550-11ce-99d2-00aa006e086c} HKEY_CLASSES_ROOT\Directory\shellex\PropertySheetHandlers\{4a7ded0a-ad25-11d0-98a8-0800361b1103} HKEY_CLASSES_ROOT\Directory\shellex\PropertySheetHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153} HKEY_CLASSES_ROOT\Directory\shellex\PropertySheetHandlers\{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} HKEY_CLASSES_ROOT\Directory\shellex\PropertySheetHandlers\{ef43ecfe-2ab9-4632-bf21-58909dd177f0} (Default) REG_SZ I updated my IE9 from IE8 and after I reboot my machine and try to access my computer drive and I get this error message whenever I try to double click c:\ drive or other drives but other than that everything seems to be working fince except that I can not access my drives.... its very strange any help? <<<This file does not have a program associated with it for performing this action. Please install a program or, if one is already installed, create an association in the Default Programs control panel>>> using Windows 7 32 bit

    Read the article

  • SQL SERVER – guest User and MSDB Database – Enable guest User on MSDB Database

    - by pinaldave
    I have written a few articles recently on the subject of guest account. Here’s a quick list of these articles: SQL SERVER – Disable Guest Account – Serious Security Issue SQL SERVER – Force Removing User from Database – Fix: Error: Could not drop login ‘test’ as the user is currently logged in. SQL SERVER – Detecting guest User Permissions – guest User Access Status One of the advices which I gave in all the three blog posts was: Disable the guest user in the user-created database. Additionally, I have mentioned that one should let the user account become enabled in MSDB database. I got many questions asking if there is any specific reason why this should be kept enabled, questions like, “What is the reason that MSDB database needs guest user?” Honestly, I did not know that the concept of the guest user will create so much interest in the readers. So now let’s turn this blog post into questions and answers format. Q: What will happen if the guest user is disabled in MSDB database? A:  Lots of bad things will happen. Error 916 - Logins can connect to this instance of SQL Server but they do not have specific permissions in a database to receive the permissions of the guest user. Q: How can I determine if the guest user is enabled or disabled for any specific database? A: There are many ways to do this. Make sure that you run each of these methods with the context of the database. For an example for msdb database, you can run the following code: USE msdb; SELECT name, permission_name, state_desc FROM sys.database_principals dp INNER JOIN sys.server_permissions sp ON dp.principal_id = sp.grantee_principal_id WHERE name = 'guest' AND permission_name = 'CONNECT' There are many other methods to detect the guest user status. Read them here: Detecting guest User Permissions – guest User Access Status Q: What is the default status of the guest user account in database? A: Enabled in master, TempDb, and MSDB. Disabled in model database. Q: Why is the default status of the guest user disabled in model database? A: It is not recommended to enable the guest in user database as it can introduce serious security threat. It can seriously damage the database if configured incorrectly. Read more here: Disable Guest Account – Serious Security Issue Q: How to disable guest user? A: REVOKE CONNECT FROM guest Q: How to enable guest user? A: GRANT CONNECT TO guest Did I miss any critical question in the list? Please leave your question as a comment and I will add it to this list. Reference: Pinal Dave (http://blog.sqlauthority.com) Filed under: PostADay, SQL, SQL Authority, SQL Query, SQL Security, SQL Server, SQL Tips and Tricks, T SQL, Technology

    Read the article

  • Opinion on LastPass's security for the Average Joe [closed]

    - by Rook
    This is borderline on objective/subjective, but I'm posting it here since I'm more interested in objective facts, without going into too much technical details, than I am in user reviews of LastPass. I've always used offline ways for (password / sensitive data) storage, but lately I keep hearing good things about LastPass. Indeed, it is more practical having it always accessible from every computer you're using without syncing and related problems, but the security aspect still troubles me. How (in a nutshell for dummies) does LastPass keep your data secure / can their employees see your data, and what is your opinion for such storage of more than usual keeping of sensitive data (bank PIN codes, some financial / business related stuff and so on - you know, the things that would practically hurt if lost / phished)? What are your opinions of it, and do you trust it for such? Any bad experiences? If someone for example is sniffing your wifi network, would such data be easier than usual to sniff out?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 61 62 63 64 65 66 67 68 69 70 71 72  | Next Page >