Search Results

Search found 28672 results on 1147 pages for 'best practise'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 727/1147 | < Previous Page | 723 724 725 726 727 728 729 730 731 732 733 734  | Next Page >

  • Using a random string to authenticate HMAC?

    - by mrwooster
    I am designing a simple webservice and want to use HMAC for authentication to the service. For the purpose of this question we have: a web service at example.com a secret key shared between a user and the server [K] a consumer ID which is known to the user and the server (but is not necessarily secret) [D] a message which we wish to send to the server [M] The standard HMAC implementation would involve using the secret key [K] and the message [M] to create the hash [H], but I am running into issues with this. The message [M] can be quite long and tends to be read from a file. I have found its very difficult to produce a correct hash consistently across multiple operating systems and programming languages because of hidden characters which make it into various file formats. This is of course bad implementation on the client side (100%), but I would like this webservice to be easily accessible and not have trouble with different file formats. I was thinking of an alternative, which would allow the use a short (5-10 char) random string [R] rather than the message for autentication, e.g. H = HMAC(K,R) The user then passes the random string to the server and the server checks the HMAC server side (using random string + shared secret). As far as I can see, this produces the following issues: There is no message integrity - this is ok message integrity is not important for this service A user could re-use the hash with a different message - I can see 2 ways around this Combine the random string with a timestamp so the hash is only valid for a set period of time Only allow each random string to be used once Since the client is in control of the random string, it is easier to look for collisions I should point out that the principle reason for authentication is to implement rate limiting on the API service. There is zero need for message integrity, and its not a big deal if someone can forge a single request (but it is if they can forge a very large number very quickly). I know that the correct answer is to make sure the message [M] is the same on all platforms/languages before hashing it. But, taking that out of the equation, is the above proposal an acceptable 2nd best?

    Read the article

  • Globacom and mCentric Deploy BDA and NoSQL Database to analyze network traffic 40x faster

    - by Jean-Pierre Dijcks
    In a fast evolving market, speed is of the essence. mCentric and Globacom leveraged Big Data Appliance, Oracle NoSQL Database to save over 35,000 Call-Processing minutes daily and analyze network traffic 40x faster.  Here are some highlights from the profile: Why Oracle “Oracle Big Data Appliance works well for very large amounts of structured and unstructured data. It is the most agile events-storage system for our collect-it-now and analyze-it-later set of business requirements. Moreover, choosing a prebuilt solution drastically reduced implementation time. We got the big data benefits without needing to assemble and tune a custom-built system, and without the hidden costs required to maintain a large number of servers in our data center. A single support license covers both the hardware and the integrated software, and we have one central point of contact for support,” said Sanjib Roy, CTO, Globacom. Implementation Process It took only five days for Oracle partner mCentric to deploy Oracle Big Data Appliance, perform the software install and configuration, certification, and resiliency testing. The entire process—from site planning to phase-I, go-live—was executed in just over ten weeks, well ahead of the four months allocated to complete the project. Oracle partner mCentric leveraged Oracle Advanced Customer Support Services’ implementation methodology to ensure configurations are tailored for peak performance, all patches are applied, and software and communications are consistently tested using proven methodologies and best practices. Read the entire profile here.

    Read the article

  • How to prevent one account from unlocking products on other devices using Apple StoreKit?

    - by reapz
    We are currently wrapping up a free-to-play game on iOS in which you can purchase non-consumable products. We have been discussing this case internally and are not quite sure what the best practices are as this is our first title. For example, if a user downloads our app, and makes some purchases. These can be restored should the app ever be deleted and reinstalled as long as the user uses the same Apple ID. What is to stop him from making a fake Apple account, purchasing items and then posting this account on the web allowing everyone to get the items for free? That is obviously a worst case situation. But a smaller case would be a user unlocking items for his friends. We do not want this to be an always online game but have considered doing a check on startup if there is internet available. If the currently logged in account doesn't own the products do we lock them again? Probably not because people may simply sign into the device with different Game Center logins at which point we don't want to constantly lock and unlock items. At some point we will be adding multiplayer at which point we can definately do a check with the currently logged in account. This is because A, they will be online when attempting multiplayer, and B, they will want to use their own account for multiplayer. Unfortunately we aren't quite ready for this yet. Has anyone tackled this issue. Are we overthinking here?

    Read the article

  • Extracting httpdocs from Plesk Panel 9.5.4 Webserver backup file

    - by Paddington
    Good day, I am having problems manually extracting domains from Plesk 9.5 backup that was FTPed onto my back up server. I have followed the article http://kb.parallels.com/en/1757 using method 2. The problem is here: zcat DUMP_FILE.gz DUMP_FILE My backup file CP_1204131759.tar is a tar archive and zcat does not work with it. So I proceed to run the command: cat CP_1204131759.tar CP_1204131759. But when I try # cat CP_1204131759 | munpack I get an error that munpack did not find anything to read from standard input. I went on to extract the tar backup file using the xvf flags and got a lot of files (20) similar to these ones: CP_sapp-distrib.7686-0_1204131759.tgz CP_sapp-distrib.7686-35_1204131759.tgz CP_sapp-distrib.7686-6_1204131759.tgz How best can I extract the httpdocs of a domain from this server wide Plesk 9.5.4 backup?

    Read the article

  • ideal memory configuration 4 bank, ddr3, AM3+ FX - 1 vs 2 vs 4 dimms?

    - by TardisGuy
    Ok, so ive been looking around, trying to learn and understand the way that ram works. Ive gotten one answer that said "The addressing is best for 2 sticks, and when you use 4; it slows down" Another answer said something like: Theres bank/channel interleave that makes the memory read like one stick Also I read something about the memory density also being a factor. I dug further and found out that theres a higher speed limit on my board for 2 sticks vs 4, so now im trying to put an image in my head of how and why, and... pfft. Can anyone explain, or recommend a resource that would answer these questions?

    Read the article

  • nagios ldap-group based front end login permission issues

    - by Eleven-Two
    I want to grant users access to the nagios 3 core frontend by using an active directory group ("NagiosWebfrontend" in the code below). The login works fine like this: AuthType Basic AuthName "Nagios Access" AuthBasicProvider ldap AuthzLDAPAuthoritative on AuthLDAPURL "ldap://ip-address:389/OU=user-ou,DC=domain,DC=tld?sAMAccountName?sub?(objectClass=*)" AuthLDAPBindDN CN=LDAP-USER,OU=some-ou,DC=domain,DC=tld AuthLDAPBindPassword the_pass Require ldap-group CN=NagiosWebfrontend,OU=some-ou,DC=domain,DC=tld Unfortunately, every nagios page just shows "It appears as though you do not have permission to view information for any of the services you requested...". I got the hint, that I am missing a contact in nagios configuration which is equal to my login, but creating one with the same name as the domain user had no effect on this issue. However, it would be great to find a solution without manually editing nagios.conf for every new user, so the admins could grant access to nagios by just putting the user to "NagiosWebfrontend" group. What would be the best way to solve it?

    Read the article

  • Design practice for securing data inside Azure SQL

    - by Sid
    Update: I'm looking for a specific design practice as we try to build-our-own database encryption. Azure SQL doesn't support many of the encryption features found in SQL Server (Table and Column encryption). We need to store some sensitive information that needs to be encrypted and we've rolled our own using AesCryptoServiceProvider to encrypt/decrypt data to/from the database. This solves the immediate issue (no cleartext in db) but poses other problems like Key rotation (we have to roll our own code for this, walking through the db converting old cipher text into new cipher text) metadata mapping of which tables and which columns are encrypted. This is simple when it's just couple of columns (send an email to all devs/document) but that quickly gets out of hand ... So, what is the best practice for doing application level encryption into a database that doesn't support encryption? In particular, what is a good design to solve the above two bullet points? If you had specific schema additions would love it if you could give details ("Have a NVARCHAR(max) column to store the cipher metadata as JSON" or a SQL script/commands). If someone would like to recommend a library, I'd be happy to stay away from "DIY" too. Before going too deep - I assume there isn't any way I can add encryption support to Azure by creating a stored procedure, right?

    Read the article

  • Host CPID, Geast CPUID and UserCPUID / what are they?

    - by amir.csco
    i found out that there are some IDs associated to the CPUIDs in vmx file of each virtual machine, these IDs are; hostCPUID.{Num} hostCPUID.80000001 guestCPUID.{Num} guestCPUID.80000001 userCPUID.{Num} userCPUID.80000001 i had some examination and search and i found out that guestCPUID and userCPUID are the same but hostCPUID always is different, Also i realized that these IDs are 32 hexadecimal characters that contains EDX, EAX, ECX and EDX i just want to know why hostCPUID is different from two other IDs?? and what is the different between these format of IDs and another format that explain in VMware documents ( cpuid.{Num}.edx or cpuid.{Num}.eax ) that written in binary codes not hexadecimal?? also i need to know why there are no CPUIDs in vmx file of some virtual appliance that often are available in OVF/OVA format and we can just deploy it?? Best Regards,

    Read the article

  • Preventing my postfix to send my local users spam

    - by Jack
    I have a postfix/dovecot mail server with 100 different users. When they send an email they need to be authenticated. I successfully use saslauth to achieve this. Few days ago I had a problem. One specific user, probably with a virus or a spam-bot installed in its computer, started to send out through my server thousands of emails in few hours. As result, my ip has been blocked by many isp provider (@aol, @yahoo, and others) and has been listed in many blacklist, making all my 100 users unable to send any email to anyone. What is the best practice to avoid this problem? It would be great if my server could recognize a spamming user and automatically block it. Also, have a limit of, say, 30 emails per hour could be a partial solution. Any idea how to face this problem? Thank you

    Read the article

  • Where to download MS SQL Server 2005 Developer Edition?

    - by Mark
    Just got put in charge of a big web project. All I know is the web server is running MS SQL 2005, so I need something comparable to test locally. I figure developer edition is my best bet because it offers everything that the enterprise edition does, but is for development purposes only. But this page is pretty worthless http://www.microsoft.com/sqlserver/2005/en/us/developer.aspx Where do I actually download it? What about SQL 2005 Express? Would that meet my needs? I can't figure out all the differences between these stupid MS products.

    Read the article

  • How to refactor to cleaner version of maintaing states of the widget

    - by George
    Backstory I inherited a bunch of code that I'd like to refactor. It is a UI application written in javascript. Current state: We have main application which consist of several UI components. And each component has entry fields, textboxes, menus, etc), like "ticket", "customer information", etc. Based on input, where the application was called from, who is the user, we enable/disable, hide, show, change titles. Unfortunately, the app grew to the point where it is really hard to scale, add new features. Main the driver (application code) calls set/unset functions of the respective components. So a lot of the stuff look like this Main app unit function1() { **call_function2()** component1.setX(true); component1.setY(true); component2.setX(false); } call_function2() { // it may repeat some of the code function1 called } and we have a lot of this in the main union. I am cleaning this mess. What is the best way to maintain the state of widgets? Please let me know if you need me to clarify.

    Read the article

  • Is there an easy way to disable this laptop's touchpad?

    - by sestocker
    Specifically, I'm on a Dell Inspiron 1525. I'd like to disable the touchpad so that I can re-enable if my mouse were to run out of batteries (so physically breaking the connection to the motherboard or uninstalling the driver will not be the best options). In the Control Panel, when I go to "Mouse" and find the touch pad, there is no disable option. Any ideas? Edit: I am on Windows 7. There is a driver on the Dell site that might allow an option to disable it, but I cannot install it on Windows 7.

    Read the article

  • How do I know if my disks are being hit with too many I/O reads or writes or both?

    - by Mark F
    I know a bit about disk I/O and bottlenecks relating to this especially when relating to databases. How do I really know what the max I/O numbers will be for my disks? What metric might be available to me for working out roughly (but needs to be a good approximation) of how much capacity (if you will) have I got left available in I/O. I've seen it before where things are bubbling along nicely and then all of a sudden, everything screams to a halt, and it ends up being an I/O bound problem. Is there a better way to predict when I/O is reaching its limits? This article was interesting but not giving the answer I desire. So, is my best bet surrounding just looking at 'CPU I/O WAIT'? There must be a more reactive method than this.

    Read the article

  • Mail sent from local Postfix marked as "possible phishing" in Outlook

    - by leo grrr
    Hi folks, Sorry for the newbie question--this is not my area of expertise by a long shot. I work at a small development shop and we finally got around to doing code reviews. (Yay!) I set up an instance of Review Board -- an open-source code review tool -- on one of our local servers but it doesn't seem to like talking to our hosted Exchange server to send notification emails. I decided to just install Postfix on that same box and send mail from localhost, which is working much more reliably, but Outlook disables all links in the email announcements and marks it as possible phishing. What is making these emails look suspicious and what can I change? Would the best thing be to figure out how to relay to Exchange from Postfix? Thanks!

    Read the article

  • Windows 7 - XP Mode - Apache

    - by Howard
    I've setup Virtual PC and XP Mode on my Windows 7 Pro. Using Apache 2.0.52 I have no problems having my website up and running on the Windows 7 machine. But Under VPC/XP Mode the best I can do is Localhost mode. What do I need to do to enable http connections? I need the XP Mode as besides the website I also run a Web BBS and a Dos based (via telnet) BBS. Some of the apps in the Dos BBS just won't work under 64 bit, no matter what setting (capability) are used. Thanks in advance...

    Read the article

  • Find keyword values from PDF [closed]

    - by JukkaA
    I have a lot of PDF reports I'd need to index. They're mostly "text-based PDFs", not images. I know they all have account number in certain format, 123456AAAAA and some other keyword info like addresses, customer names etc. needed in indexing these files. Basically if the file is ab.pdf, I need to create ab.txt that contains: ACC=123456AAAA Customer=John Doe Date=20120808 What would be the best software/solution to generate indexing information for these? I know there's pdftotext, but piping it to different grep/awk commands is a hack... It would be nice to specify an area in PDF to search for the account number, and specify the format it is in.

    Read the article

  • Cached css/javascript files on Sun Java System Web Server

    - by Derp
    I'm doing front-end web development in a Solaris 10 / Sun Java System Web Server 7.0U2 environment. I have noticed that changes to static css or javascript files often do not take effect immediately, whereas changes to static html files always do. My best guess is that a default setting in the web server causes it to cache certain file types in order to provide reasonable performance out of the box. I don't have the admin server running--I'll need to edit the config files by hand. What change(s) can I make so that all of my css and javascript edits take effect immediately? Thanks!

    Read the article

  • What is the most reliable way to copy access front end files to client PCs

    - by Funky Si
    I have several in house databases which have access 2003 front ends, either adp or ade files. I need to copy these from my server to every client machine. In the past I have used a rollout scripts to copy the files to the all users desktop folder. I have since adapted this to also copy files to the public desktop folder since we started having windows 7 client machines as well as XP. The problem is that some of the time these scripts don't work for windows 7. Is there a better way of copying these files to a mix of windows 7 and XP clients or is using rollout scripts the best way?

    Read the article

  • nginx: URL rewrites and performance

    - by j0nes
    I have a website where I need to change the URL structure. The old URLs look like /olddir/part1_de.htm, the new ones will look like /newdir/sub/category/anotherpage.htm. There are a lot of URL rewrites I need to do, I assume about 500 distinct rewrites in the end. As my website gets quite a lot of traffic, my main concern is about performance at the moment. My questions are: I assume that for each request, the rewrites block will be parsed and the regex will be evaluated. Am I right? Will there be a performance penalty if I use these rewrites? Can nginx handle this? Are there any "best practices" to follow when doing a lot of rewrites?

    Read the article

  • Sync two external harddrives?

    - by acidzombie24
    A little mishap happened earlier today and i am thinking i should have a copy of my external harddrive since 10% of it is very valuable. What is the best solution to keep two external harddrive in sync? i'll probably use one as regular and maybe use the other only to copy data. The easiest way to keep it in sync is to clear one drive and copy the other but 1T of data will take a long time. Whats a good existing app that will keep them in sync? freeware preferred.

    Read the article

  • How can I measure TCP timeout limit on NAT firewall for setting keepalive interval?

    - by jmanning2k
    A new (NAT) firewall appliance was recently installed at $WORK. Since then, I'm getting many network timeouts and interruptions, especially for operations which would require the server to think for a bit without a response (svn update, rsync, etc.). Inbound SSH sessions over VPN also timeout frequently. That clearly suggests I need to adjust the TCP (and ssh) keepalive time on the servers in question in order to reduce these errors. But what is the appropriate value I should use? Assuming I have machines on both sides of the firewall between which I can make a connection, is there a way to measure what the time limit on TCP connections might be for this firewall? In theory, I would send a packet with gradually increasing intervals until the connection is lost. Any tools that might help (free or open source would be best, but I'm open to other suggestions)? The appliance is not under my control, so I can't just get the value, though I am attempting to ask what it currently is and if I can get it increased.

    Read the article

  • Single-developer GIT workflow (moving from straightforward FTP)

    - by melat0nin
    I'm trying to decide whether moving to VCS is sensible for me. I am a single web developer in a small organisation (5 people). I'm thinking of VCS (Git) for these reasons: version control, offsite backup, centralised code repository (can access from home). At the moment I work on a live server generally. I FTP in, make my edits and save them, then reupload and refresh. The edits are usually to theme/plugin files for CMSes (e.g. concrete5 or Wordpress). This works well but provides no backup and no version control. I'm wondering how best to integrate VCS into this procedure. I would envisage setting up a Git server on the company's web server, but I'm not clear how to push changes out to client accounts (usually VPSes on the same server) - at the moment I simply log into SFTP with their details and make the changes directly. I'm also not sure what would sensibly represent a repository - would each client's website get their own one? Any insights or experience would be really helpful. I don't think I need the full power of Git by any means, but basic version control and de facto cloud access would be really useful.

    Read the article

  • Automatically copy files out of directory

    - by wizard
    I had a user's laptop stolen recently during shipping and it was setup with windows live sync. The thief or buyer's kids took some photos of themselves and they were synced to the user's my documents. I had just finished moving the users files out of the synced my documents folder when I noticed this. Later they took some more photos and a video. I wrote up a batch script to copy files out synced directory every 5 minutes into a dated directory. In the end I ended up with a lot of copies of the same few files. Ignoring what windows livesync offers (at the time there was no way to undelete files - I've moved onto dropbox so this ins't really an issue for me) what's the best way to preserve changes and files from a directory? I'm interested in windows solutions but if you know of a good way on a *nix please go ahead and share.

    Read the article

  • Remove a known network from Windows 8

    - by Edward Brey
    When Windows 8 detects a network based on the assigned IP address, netmask, default gateway, etc., it remembers the network along with the setting you give it as a public or private network. If you change the configuration of a network (e.g. reconfigure your router), Windows may determine you are on a new network and assign it a name of Network 2 or YourAPN 2. This less-than-friendly name shows up in many places in the Windows 8 UI, but unlike the good old days of Windows 7, there doesn't appear to be any UI to merge or delete these networks. What's the best way to merge or delete networks you don't want?

    Read the article

  • How can I check myself when I'm the only one working on a project?

    - by Ricardo Altamirano
    I'm in between jobs in my field (unrelated to software development), and I recently picked up a temporary side contract writing a few applications for a firm. I'm the only person working on these specific applications. Are there ways I should be checking myself to make sure my applications are sound? I test my code, try to think of edge cases, generate sample data, use source control, etc. but since I'm the only person working on these applications, I'm worried I'll miss bugs that would easily be found in a team environment. Once I finish the application, either when I'm happy with it or when my deadline expires, the firm plans to use it in production. Any advice? Not to use a cliche, but as of now, I simply work "to the best of my ability" and hope that it's enough. Incidentally, I'm under both strict NDA's and laws about classified material, so I don't discuss the applications with friends who have actually worked in software development. (In case it's not obvious, I am not a software developer by trade, and even my experience with other aspects of information technology/computer science are limited and restrained to dabbling for the most part).

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 723 724 725 726 727 728 729 730 731 732 733 734  | Next Page >