PL/SQL Practices: "On Privacy and Function"
Use Oracle Virtual Private Database and Function Result Cache—securely.
Search Results
Search found 41147 results on 1646 pages for 'database security'.
Page 704/1646 | < Previous Page | 700 701 702 703 704 705 706 707 708 709 710 711 | Next Page >
-
-
Workflow Activity Extensions, Activity Packs and Unit Testing Framework
- by JoshReuben
http://wf.codeplex.com/ contains a plethora of infrastructure code and new activities for extending Workflow Foundation 4. These are also available as Nuget packages. These include: Activity Extensions Security Activity Pack ADO.NET Activity Pack Azure Activity Pack Activity Unit Testing Framework view my PowerPoint presentation on these and more here: http://www.slideshare.net/joshuareuben9/workflow-foundation-activity-packs-extensions-and-unit-testingRead the article
-
Is it possible to determine whether my web site is being accessed as a trusted site?
- by Sameer
I am working on site which have a lot of configuration and security settings and I have to check either clients browser is on trusted zone or not using JavaScript. Is it possible to determine whether my web site is being accessed as a trusted site? The reason I'd like to do this is that some functions won't work unless the site is being accessed as a trusted site, and I'd like to be able to warn users. Is there any solution ?Read the article
-
"Restrictions Apply"
Protect sensitive information and achieve regulatory compliance with Oracle Database.Read the article
-
At what size of data does it become beneficial to move from SQL to NoSQL?
- by wobbily_col
As a relational database programmer (most of the time), I read articles about how relational databases don't scale, and NoSQL solutions such as MongoDB do. As most of the databases I have developed so far have been small to mid scale, I have never had a problem that hasn't been solved by some indexing, query optimization or schema redesign. What sort of size would I expect to see MySQL struggling with. How many rows? (I know this is going to depend on the application, and type of data stored. the one that got me thing was basically a genetics database, so would have one main table, with 3 or 4 lookup tables. The main table will contain amongst other things, a chromosome reference, and a position coordinate. It will likely get queried for a number of entries between two potions on a chromosome, to see what is stored there).Read the article
-
Enabling EUS support in OUD 11gR2 using command line interface
- by Sylvain Duloutre
Enterprise User Security (EUS) allows Oracle Database to use users & roles stored in LDAP for authentication and authorization.Since the 11gR2 release, OUD natively supports EUS. EUS can be easily configured during OUD setup. ODSM (the graphical admin console) can also be used to enable EUS for a new suffix. However, enabling EUS for a new suffix using command line interface is currently not documented, so here is the procedure: Let's assume that EUS support was enabled during initial setup.Let's o=example be the new suffix I want to use to store Enterprise users. The following sequence of command must be applied for each new suffix: // Create a local database holding EUS context infodsconfig create-workflow-element --set base-dn:cn=OracleContext,o=example --set enabled:true --type db-local-backend --element-name exampleContext -n // Add a workflow element in the call path to generate on the fly attributes required by EUSdsconfig create-workflow-element --set enabled:true --type eus-context --element-name eusContext --set next-workflow-element:exampleContext -n // Add the context to a workflow for routingdsconfig create-workflow --set base-dn:cn=OracleContext,o=example --set enabled:true --set workflow-element:eusContext --workflow-name exampleContext_workflow -n //Add the new workflow to the appropriate network groupdsconfig set-network-group-prop --group-name network-group --add workflow:exampleContext_workflow -n // Create the local database for o=exampledsconfig create-workflow-element --set base-dn:o=example --set enabled:true --type db-local-backend --element-name example -n // Create a workflow element in the call path to the user data to generate on the fly attributes expected by EUS dsconfig create-workflow-element --set enabled:true --set eus-realm:o=example --set next-workflow-element:example --type eus --element-name eusWfe// Add the db to a workflow for routingdsconfig create-workflow --set base-dn:o=example --set enabled:true --set workflow-element:eusWfe --workflow-name example_workflow -n //Add the new workflow to the appropriate network groupdsconfig set-network-group-prop --group-name network-group --add workflow:example_workflow -n // Add the appropriate acis for EUSdsconfig set-access-control-handler-prop \ --add global-aci:'(target="ldap:///o=example")(targetattr="authpassword")(version 3.0; acl "EUS reads authpassword"; allow (read,search,compare) userdn="ldap:///??sub?(&(objectclass=orclservice)(objectclass=orcldbserver))";)' dsconfig set-access-control-handler-prop \ --add global-aci:'(target="ldap:///o=example")(targetattr="orclaccountstatusevent")(version 3.0; acl "EUS writes orclaccountstatusenabled"; allow (write) userdn="ldap:///??sub?(&(objectclass=orclservice)(objectclass=orcldbserver))";)' Last but not least you must adapt the content of the ${OUD}/config/EUS/eusData.ldif file with your suffix value then inport it into OUD.Read the article
-
Google's process for publishing/modifying pages [closed]
- by Glenn Dayton
I'm assuming that a group of people at Google have control of certain sections of google.com, but how does Google make sure that employees don't accidentally or intentionally sabotage the website? Does Google use Adobe Contribute or some similar product for sharing/publishing the website. Do employees use WebDAV, FTP, SFTP, or SSH to publish the site. Since Google has hundreds of thousands of servers it probably takes some time for its servers to update. Do they transmit the new copy of the website to all servers before publishing at once? This question does not apply to Google editing a database and having a page reflect the database's changes. It applies to employees editing the source code and/ or back end of the site.Read the article
-
ASP.NET C# - do you need a separate datasource for each gridview? [closed]
- by Brian McCarthy
Do you need a separate datasource for each gridview if each gridview is accessing the same database but different tables in the database? I'm getting an error on AppSettings that says non-invocable member. What is the problem with it? Here's the c# code-behind: protected void Search_Zip_Plan_Age_Button_Click(object sender, EventArgs e) { var _with1 = this.ZipPlan_SqlDataSource; _with1.SelectParameters.Clear(); _with1.ConnectionString = System.Configuration.ConfigurationManager.AppSettings("PriceFinderConnectionString").ToString; _with1.SelectCommand = "ssp_get_zipcode_plan"; _with1.SelectParameters.Add("ZipCode", this.ZipCode.Text); _with1.SelectParameters.Add("PlanCode", this.PlanCode.Text); _with1.SelectParameters.Add("Age", this.Age.Text); _with1.SelectCommandType = SqlDataSourceCommandType.StoredProcedure; _with1.CancelSelectOnNullParameter = false; Search_Results_GridView.DataBind(); } thanks!Read the article
-
What use is a Business Logic Layer (BLL)?
- by Andrew S. Arnold
In reading up on good practice for database applications I've frequently come across advocates of so-called "business logic layers" and I'm trying to decide if it's best for my project to use one (it's a small personal project). My issue lies in the fact that I can't think of anything for the BLL to do that the DAL can't already handle (executing queries and mapping results to objects), so my BLL just calls the DAL without doing anything itself. Maybe I'm wrong about exactly what the DAL should be doing too. But regardless, what sorts of functionality should be expected of a BLL in a database management application?Read the article
-
CVE-2011-1937 Cross-site scripting (XSS) vulnerability in Webmin
- by chandan
CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2011-1937 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3 Webmin Solaris 10 SPARC: 145006-03 X86: 145007-03 This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.Read the article
-
WIF, ADFS 2 and WCF–Part 2: The Service
- by Your DisplayName here!
OK – so let’s first start with a simple WCF service and connect that to ADFS 2 for authentication. The service itself simply echoes back the user’s claims – just so we can make sure it actually works and to see how the ADFS 2 issuance rules emit claims for the service: [ServiceContract(Namespace = "urn:leastprivilege:samples")] public interface IService { [OperationContract] List<ViewClaim> GetClaims(); } public class Service : IService { public List<ViewClaim> GetClaims() { var id = Thread.CurrentPrincipal.Identity as IClaimsIdentity; return (from c in id.Claims select new ViewClaim { ClaimType = c.ClaimType, Value = c.Value, Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer }).ToList(); } } The ViewClaim data contract is simply a DTO that holds the claim information. Next is the WCF configuration – let’s have a look step by step. First I mapped all my http based services to the federation binding. This is achieved by using .NET 4.0’s protocol mapping feature (this can be also done the 3.x way – but in that scenario all services will be federated): <protocolMapping> <add scheme="http" binding="ws2007FederationHttpBinding" /> </protocolMapping> Next, I provide a standard configuration for the federation binding: <bindings> <ws2007FederationHttpBinding> <binding> <security mode="TransportWithMessageCredential"> <message establishSecurityContext="false"> <issuerMetadata address="https://server/adfs/services/trust/mex" /> </message> </security> </binding> </ws2007FederationHttpBinding> </bindings> This binding points to our ADFS 2 installation metadata endpoint. This is all that is needed for svcutil (aka “Add Service Reference”) to generate the required client configuration. I also chose mixed mode security (SSL + basic message credential) for best performance. This binding also disables session – you can control that via the establishSecurityContext setting on the binding. This has its pros and cons. Something for a separate blog post, I guess. Next, the behavior section adds support for metadata and WIF: <behaviors> <serviceBehaviors> <behavior> <serviceMetadata httpsGetEnabled="true" /> <federatedServiceHostConfiguration /> </behavior> </serviceBehaviors> </behaviors> The next step is to add the WIF specific configuration (in <microsoft.identityModel />). First we need to specify the key material that we will use to decrypt the incoming tokens. This is optional for web applications but for web services you need to protect the proof key – so this is mandatory (at least for symmetric proof keys, which is the default): <serviceCertificate> <certificateReference storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectDistinguishedName" findValue="CN=Service" /> </serviceCertificate> You also have to specify which incoming tokens you trust. This is accomplished by registering the thumbprint of the signing keys you want to accept. You get this information from the signing certificate configured in ADFS 2: <issuerNameRegistry type="...ConfigurationBasedIssuerNameRegistry"> <trustedIssuers> <add thumbprint="d1 … db" name="ADFS" /> </trustedIssuers> </issuerNameRegistry> The last step (promised) is to add the allowed audience URIs to the configuration – WCF clients use (by default – and we’ll come back to this) the endpoint address of the service: <audienceUris> <add value="https://machine/soapadfs/service.svc" /> </audienceUris> OK – that’s it – now we have a basic WCF service that uses ADFS 2 for authentication. The next step will be to set-up ADFS to issue tokens for this service. Afterwards we can explore various options on how to use this service from a client. Stay tuned… (if you want to have a look at the full source code or peek at the upcoming parts – you can download the complete solution here)Read the article
-
At $20/month Windows Azure host my website with 99.97% uptime
- by Gopinath
Couple of years ago a reliable and decent performing Windows hosting was not affordable to many enthusiastic developers who want to try a startup idea or build a hobby site. I tried to start an ASP.NET website few years ago to provide services like – Mobile Tracing, Vehicle Tracing. But due to high cost of Windows hosting I developed those services using PHP (not an easy task for .NET developer) and hosted on them Linux servers. But with recent evolution of Windows Azure, hosting ASP.NET websites on highly reliable servers is affordable. Today anyone can host a high responsive and available ASP.NET website for just $20/month using Windows Azure. My website coziie.com is running on Windows Azure and serves close to quarter millions visitors a month with 99.97% of uptime and most of the page load times are less than 3 seconds. All I spend to run this website is just around $20, if you translate it to India rupees its roughly Rs.1000. The web sever of coziie.com is powered by a single Extra Small Web role instance and the backend is powered by a SQL Azure instance. Azure is quite impressive to provide 99.97% of uptime. Response times during peak are around 3 seconds and on nomarl loads it is around 1.5 seconds. Here is the report of uptime provided by Royal Pingdom over last one year For just $20/month Windows Azure takes care of the following apart from hosting Patches up Windows OS to the latest version Upgrades ASP.NET to the latest version – coziie.com is running on ASP.NET MVC 3 and soon I’ll upgrade it to ASP.NET MVC 4 Hosts data on latest and best version Sql Server database SQL Azure maintains 3 copies of database and automatically recovers in case of server failures and disasters. I never worry about database backups/restore. Provides staging environment for deploying applications for testing purpose and move them to production – I upgrade twice a month on average With Windows Azure I no longer focus on server maintenance or data backups. They are taken up by Microsoft team and I just focus on building my website. Wish there is a low cost Linux version of Windows Azure so that I can stop worrying about server maintenance of this blog!! If you are looking for a Windows hosting, look no further than Windows Azure. If you find $20/month is a bit expensive to start with you may explore Azure Website (sort of shared hosted environment) which is free to start with and as your traffic grows you can move to paid hosting.Read the article
-
At which architecture level are you running BDD tests (e.g. Cucumber)
- by Pete
I have in the last year gotten quite fond of using SpecFlow (which is a .NET port of Cucumber) I have used it both to test a ASP.NET MVC application at the web layer, i.e. using browser automation, but also at the controller layer. The first gives me a higher confidence in the correctness of the application, because JavaScript is tested, and improper controller configuration is also caught. But those tests are slower to execute, and more complex to implement, than those just testing on the controller layer. My tests are full functional tests, i.e. they exercise all layers of the application, all the way down to the database. So the first thing before any scenario is that the database is cleared of data, allowing the test to assume that only data specified in the "Given" block exists. Then I see example on how to use it, where they test just exercise the model layer. So what are your experiences with these tools? Which layer of the application do you test?Read the article
-
Turnkey with LightSwitch
- by Laila
Microsoft has long wanted to find a replacement for Microsoft Access. The best attempt yet, which is due out in, or before, September is Visual Studio LightSwitch, with which it is said to be as 'easy as flipping a switch' to use Silverlight to create simple form-driven business applications. It is easy to get confused by the various initiatives from Microsoft. No, this isn't WebMatrix. There is no 'Razor', for this isn't meant for cute little ecommerce sites, but is designed to build simple database-applications of the card-box type. It is more clearly a .NET-based solution to the problem that every business seems to suffer from; the plethora of Access-based, and Excel-based 'private' and departmental database-applications. These are a nightmare for any IT department since they are often 'stealth' applications built by the business in the teeth of opposition from the IT Department zealots. As they are undocumented, it is scarily easy to bring a whole department into disarray by decommissioning a PC tucked under a desk somewhere. With LightSwitch, it is easy to re-write such applications in a standard, maintainable, way, using a SQL Server database, deployed somewhere reasonably safe such as Azure. Even Sharepoint or Windows Communication Foundation can be used as data sources. Oracle's ApEx has taken off remarkably well, and has shaken the perception that, for the business user, Oracle must remain a mystic force accessible only to the priests and acolytes. Microsoft, by comparison had only Access, which was first released in 1992, the year of the Madonna conical bustier. It looks just as dated. Microsoft badly needed an entirely new solution to the same business requirement that led to Access's and Foxpro's long-time popularity, but which had the same allure as ApEx. LightSwitch is sound in its ideas, and comfortingly conventional in its architecture. By giving an easy access to SQL Server databases, and providing a 'thumb and blanket' migration path to Access-heads, LightSwitch seems likely to offer a simple way of pulling more Microsoft users into the .NET community. If Microsoft puts its weight behind it, then it will give some glimmer of hope to the many Silverlight developers that Microsoft is capable of seeing through its .NET revolution.Read the article
-
Should I just always Convert.ToInt32 my integers to account for potential nullable integers?
- by Rowan Freeman
If my MSSQL database contains a data type that is NULL (i.e. null is allowed) then ORMs, such as EntityFramework in my case, create .NET objects that are nullable. This is great, and the way I use nullables is like this: C# int? someInt = 5; int newInt = someInt.Value; // woot VB.NET Dim someInt As Integer? Dim newInt As Integer = someInt.Value ' hooray However, recently I had to make a change to the database to make an Id field no longer NULL (nullable). This means that .Value is now broken. This is a nuisance if the Id property is used a lot. One solution that I thought of is to just use Convert.ToInt32 on Id fields so it doesn't matter if an int is nullable or not. C# int newInt = Convert.ToInt32(someInt); // always compiles VB.NET Dim newInt As Integer = Convert.ToInt32(someInt) ' always compiles Is this a bad approach and are there any alternatives?Read the article
-
C# WebForms and Ninject
- by ipohfly
I'm re-working on the design of an existing application which is build using WebForms. Currently the plan is to work it into a MVP pattern application while using Ninject as the IoC container. The reason for Ninject to be there is that the boss had wanted a certain flexibility within the system so that we can build in different flavor of business logic in the model and let the programmer to choose which to use based on the client request, either via XML configuration or database setting. I know that Ninject have no need for XML configuration, however I'm confused on how it can help to dynamically inject the dependency into the system? Imagine I have a interface IMember and I need to bind this interface to the class decided by a xml or database configuration at the launch of the application, how can I achieve that?Read the article
-
OpenVPN Is Too Slow? Time to Consider IPSEC
For smaller setups and times when you don't need server-to-server tunnels, OpenVPN may do the trick. But where do you turn when you need cross-platform security without any performance compromises?Read the article
-
Benchmarks Using Oracle Solaris 11
- by Brian
The following is a list of links to recent benchmarks which used Oracle Solaris 11. Oracle TimesTen In-Memory Database Performance on SPARC T4-2 World Record Performance on PeopleSoft Enterprise Financials Benchmark on SPARC T4-2 SPARC T4 Servers Running Oracle Solaris 11 and Oracle RAC Deliver World Record on PeopleSoft HRMS 9.1 SPEC CPU2006 Results on Oracle's Sun x86 Servers SPARC T4-4 Beats 8-CPU IBM POWER7 on TPC-H @3000GB Benchmark SPARC T4-2 Delivers World Record SPECjvm2008 Result with Oracle Solaris 11 SPARC T4-2 Server Beats Intel (Westmere AES-NI) on ZFS Encryption Tests SPARC T4 Processor Beats Intel (Westmere AES-NI) on AES Encryption Tests SPARC T4 Processor Outperforms IBM POWER7 and Intel (Westmere AES-NI) on OpenSSL AES Encryption Test SPARC T4-1 Server Outperforms Intel (Westmere AES-NI) on IPsec Encryption Tests SPARC T4-2 Server Beats Intel (Westmere AES-NI) on SSL Network Tests SPARC T4-2 Server Beats Intel (Westmere AES-NI) on Oracle Database Tablespace Encryption QueriesRead the article
-
Windows 7 IIS 7 unable to receive incoming HTTP traffic
- by gregarobinson
I was trying to load a test html page from a LAN server that is running Windows 7. I could load the page from the server, but not from machines within the LAN. It took a while to figure out, but it turned ot to be the firewall in Windows 7. Here is what I had to do: Windows Firewall with Advanced Security ---> Inbound Rules ---> Enable World Wide receive incoming HTTP trafficWeb Services (HTTP Traffic-In)Read the article
-
CVE-2012-0444 Memory corruption vulnerability in Ogg Vorbis
- by chandan
CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2012-0444 Memory corruption vulnerability 10.0 libvorbis Solaris 11 11/11 SRU 8.5 Solaris 10 SPARC: 148006-01 X86: 148007-01 This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.Read the article
-
CVE-2012-6329 Code Injection vulnerability in Perl
- by Ritwik Ghoshal
CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2012-6329 Code Injection vulnerability 7.5 Perl 5.12 Solaris 11.1 11.1.7.5.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.Read the article
-
U of T sleuths track Internet espionage ring to China
<b>The Star:</b> "A massive cyber espionage network has infiltrated the Indian government and also hacked into a year's worth of the Dalai Lama's emails, according to a team of computer security experts co-led by University of Toronto researchers."Read the article
-
How to get client machine ip address in custom realm? [on hold]
- by Sumit
I want to get client machine ip address in my custom Realm when client attempt to login basically here is detail requirement of project User having role 'Admin' can add new users and assign multiple roles and permission ,and at the same time specify list of ip address and countries to restrict them to access website. All these information i am storing in database. So basically till now i am using shiro default 'authc' filter but now i want ip address of client machine and get country from where request is coming and check it against database and then and then only allow access to website. Any help..? Thanks and regardsRead the article
-
Adoption of Exadata - Gartner research note
- by Javier Puerta
Independent research note by Gartner acknowledges Oracle Exadata Database Machine has achieved significant early adoption and acceptance of its database appliance value proposition. Analyst Merv Adrian looks at some of the main issues that IT professionals have solved as they assess or deploy the Oracle Exadata solution, including: OLTP and DSS workload support workload consolidation increasing performance and scalability demands data compression improvements Gartner reports clients using Oracle Exadata experienced the following: report significant performance improvements substantial amounts of cache memory which greatly improves processing speed Oracle Advanced Compression providing 2-4X data compression delivering significant reductions in storage requirements and driving shorter times for backup operations Tables compressed with Oracle Advanced Compression automatically recompress as data is added/updated. One client specifically reported consolidating more than 400 applications onto the Oracle Exadata platform Read the full Gartner noteRead the article
-
'ia32-libs is not installed' while installing Skype on Ubuntu
- by Vit Kos
I downloaded skype from official site, but when installing I get this type of error (Reading database ... 100% (Reading database ... 150271 files and directories currently installed.) Unpacking skype (from .../skype-ubuntu_4.0.0.8-1_amd64.deb) ... dpkg: dependency problems prevent configuration of skype: skype depends on ia32-libs; however: Package ia32-libs is not installed. dpkg: error processing skype (--install): dependency problems - leaving unconfigured Processing triggers for desktop-file-utils ... Processing triggers for bamfdaemon ... Rebuilding /usr/share/applications/bamf.index... Processing triggers for gnome-menus ... Read about that I need to install ia32-libs. Tried to install them like this sudo apt-get install package-name:i386 But it doesn't find it. Any hint? Thx.Read the article
