Search Results

Search found 41147 results on 1646 pages for 'database security'.

Page 816/1646 | < Previous Page | 812 813 814 815 816 817 818 819 820 821 822 823 | Next Page >

Should extension scripts be run in a sandbox?

- by Cubic

In particular, this is about game extensions written in lua (luajit-2.0). I was contemplating whether I should restrict what these scripts can do, and arrived at the conclusion that I probably shouldn't: It's hard to get right. Sounds silly, but chances are my sandbox is gonna end up leaky anyways. The only benefit I could think of would be giving users some sense of security when running third party scripts. The disadvantages would be that it's just incredibly annoying for extension writers. That is, for now, myself (game content will be mostly scripted). The reason I'm asking this now before I actually have anything presentable is that adding a sandbox early on is easy, but would impose said annoying restrictions on myself too. However if I first go on with it and then later decide I do need a sandbox after all, I'm gonna run into problems (I'd either have to rewrite the scripts that are already there, or introduce some form of trust management system which seems to be more trouble than it's worth).

Read the article
Run a .sql script file in C#

- by SAMIR BHOGAYTA

using System.Data.SqlClient; using System.IO; using Microsoft.SqlServer.Management.Common; using Microsoft.SqlServer.Management.Smo; namespace ConsoleApplication1 { class Program { static void Main(string[] args) { string sqlConnectionString = "Data Source=(local);Initial Catalog=AdventureWorks;Integrated Security=True"; FileInfo file = new FileInfo("C:\\myscript.sql"); string script = file.OpenText().ReadToEnd(); SqlConnection conn = new SqlConnection(sqlConnectionString); Server server = new Server(new ServerConnection(conn)); server.ConnectionContext.ExecuteNonQuery(script); } } }

Read the article
How does session middleware generally verify browser sessions?

- by BBnyc

I've been using session middleware to build web apps for years: from PHP's built-in session handling layer to node's connect session middleware. However, I've never tried (or needed) to roll my own session handling layer. How would one go about it? What sort of checks are necessary to provide at least some modicum of security against HTTP session highjacking? I figure setting a cookie with a token to keep track of the session, and then perhaps some check to see that the originating IP address of the session doesn't change and that the client browser software remains consistent. Hoping to hear about current best-practices...

Read the article
Should a poll framework be closed sourced

- by samquo

I was having a chat with a coworker who is working on a polling app and framework. He was asking technical questions and I suggested he open source the application to get more quality opinions from developers who are interested in this problem and are willing to give it heavy though. He has a different point of view which I think is still valid so I want to open this question for discussion here. He says he believes something like a polling framework should not be open sourced because it will reduce its security and validity as people reveal loopholes through which they can cheat. Can't say I completely disagree. I see a somewhat valid point there, but I always believed that solutions by a group of people are almost always better than a solution thought by a single person asking a small number of coworkers, no matter how smart that person is. Again I'm willing to accept that maybe some types of applications are different. Does anyone have an argument in his favor? I'd really like to present your responses to him.

Read the article
Multiple vulnerabilities in Thunderbird

- by RitwikGhoshal

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2012-1948 Denial of service (DoS) vulnerability 9.3 Thunderbird Solaris 10 SPARC: 145200-12 X86: 145201-12 CVE-2012-1950 Address spoofing vulnerability 6.4 CVE-2012-1951 Resource Management Errors vulnerability 10.0 CVE-2012-1952 Resource Management Errors vulnerability 9.3 CVE-2012-1953 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2012-1954 Resource Management Errors vulnerability 10.0 CVE-2012-1955 Address spoofing vulnerability 6.8 CVE-2012-1957 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3 CVE-2012-1958 Resource Management Errors vulnerability 9.3 CVE-2012-1959 Permissions, Privileges, and Access Controls vulnerability 5.0 CVE-2012-1961 Improper Input Validation vulnerability 4.3 CVE-2012-1962 Resource Management Errors vulnerability 10.0 CVE-2012-1963 Permissions, Privileges, and Access Controls vulnerability 4.3 CVE-2012-1964 Clickjacking vulnerability 4.0 CVE-2012-1965 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3 CVE-2012-1966 Permissions, Privileges, and Access Controls vulnerability 4.3 CVE-2012-1967 Arbitrary code execution vulnerability 10.0 CVE-2012-1970 Denial of service (DoS) vulnerability 10.0 CVE-2012-1973 Resource Management Errors vulnerability 10.0 CVE-2012-3966 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 10.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Read the article
Force ntfs volumes to be treated like any other by default

- by soandos

I have a 20 GB NTFS volume that I was planning on using for a variety of purposes, including being readable by windows with little effort. Unfortunately, for some reason, I cannot execute any files on the drive, even after following the answer here (I was able to mount the volume just fine, but the error persists). How can I fix this? Output from mount: /dev/sda1 on / type ext4 (rw,errors=remount-ro) proc on /proc type proc (rw,noexec,nosuid,nodev) sysfs on /sys type sysfs (rw,noexec,nosuid,nodev) none on /sys/fs/cgroup type tmpfs (rw) none on /sys/fs/fuse/connections type fusectl (rw) none on /sys/kernel/debug type debugfs (rw) none on /sys/kernel/security type securityfs (rw) udev on /dev type devtmpfs (rw,mode=0755) devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620) tmpfs on /run type tmpfs (rw,noexec,nosuid,size=10%,mode=0755) none on /run/lock type tmpfs (rw,noexec,nosuid,nodev,size=5242880) none on /run/shm type tmpfs (rw,nosuid,nodev) none on /run/user type tmpfs (rw,noexec,nosuid,nodev,size=104857600,mode=0755) none on /sys/fs/pstore type pstore (rw) systemd on /sys/fs/cgroup/systemd type cgroup (rw,noexec,nosuid,nodev,none,name=systemd) gvfsd-fuse on /run/user/1000/gvfs type fuse.gvfsd-fuse (rw,nosuid,nodev,user=daniel)

Read the article
How to Upgrade an existing Customer from OBI10g to 11g: Live Virtual Class

- by Mike.Hallett(at)Oracle-BI&EPM

This Live Virtual Class eSeminar on upgrading to Oracle Business Intelligence Enterprise Edition 11g, from OBI 10g, is FREE for Oracle Partners. When : Thursday, January 5, 2012 @ 14.00 CET / 13.00 UK (120 Minute eSeminar) Where : Goto REGISTER HERE During this session you will learn: OBIEE 11g Infrastructure – What Is Different From OBIEE 10g? Considerations During The Upgrade, Repository Metadata, Presentation Catalog, BI Publisher, BI Security Planning Your Upgrade Optimizing OBI 10g for an 11g Upgrade Copying OBI 10g to New Server Installing OBI 11g on New Server Running Upgrade Assistant & Running OBI 11g Post-Upgrade Steps Testing Upgrading Environment Capacity Planning Guide Q&A Who Should attend? Oracle partners with experience of OBIEE+ 10g BI and EPM developers, architects and implementers Oracle partners with Clients using OBI10g

Read the article
Creating an anonymous site in SharePoint 2010

- by shehan

Here’s how: Open up the Central Administration site and click on “Manage Web Applications” under the “Application Management” section From the ribbon click on “New” (Note: if its an existing web app, then click on “Extend”) Fill in the fields with appropriate values. Under “Security Configurations” make sure to select “Yes” for “Allow Anonymous” Click OK Once the web application has been created, a site collection would need to be created. Navigate to “Application Management” –> “Create Site Collection” Fill in the fields with the appropriate values and create the site collection Next sign into the newly created site collection as the Site Collection Administrator. From the “Site Actions” menu, select “Site Permissions” In the permissions page that loads, click on the Anonymous Access button appearing on the ribbon. A modal dialog would popup. Select the appropriate option and click OK. If you selected “Entire Web Site” its advisable to restart the browser to test anonymous access Technorati Tags: SharePoint 2010,anonymous,site collection,web application

Read the article
Oracle VDI Seminar - June-30

- by mprove

More from Andy Hall about Oracle VDI: Oracle Virtual Desktop Infrastructure allows you to bring your desktop environments under control by hosting and managing them centrally in the data center. Users then connect to their desktops over the network using their existing PCs and simple client software, or with Oracle's Sun Ray Clients. Virtual desktops provide a number of benefits, including: Cost reductions by allowing global or local changes and updates to the desktop environment from a centralized management location. Better security by keeping sensitive data off of individual computers and retaining it safely in the data center. Improved availability and business continuity because workers can access their desktops from nearly anywhere. Join us to get the latest updates on Oracle Virtual Desktop Infrastructure and learn how moving to a virtualized desktop environment can help your organization, today and into the future. Speaker: Andy Hall - Virtual Desktop Infrastructure Product Management, Oracle Event Date: 06/30/2011 09:00 AM Pacific Daylight Time Register here_

Read the article
Sortie d'une nouvelle version stable de Chrome et de Chrome OS, et premier "Elite Award" pour le fix d'un bogue dans Chromium

Sortie d'une nouvelle version stable de Chrome et de Chrome OS, et remise du premier "Elite Award" pour la correction d'un bogue dans Chromium Google vient de sortir très discrètement deux nouvelles versions de Chrome (8.0.552.237) et de Chrome OS (8.0.552.334), qui ne sont pas majeures mais néanmoins importantes. En effet, elles permettent de corriger plusieurs petites brèches, mais surtout un bogue "Elite" (critique), qui avait été découvert et signalé par Sergey Glazunov. Ce dernier devient de ce fait la première personne a être récompensée par la "Elite Security Reward" de Mountain View, qui se monte à 3.133,70 dollars. C'est la plus haute récompense à laquelle peut prétendre un indi...

Read the article
XAMPP: Deamon is already running, but it's NOT apache

- by TedvG

This one is giving me a headache... I have installed XAMPP for Linux 1.7.7 on Ubuntu 12.10. I haven't installed the latest version because of the new security "feature" which makes XAMPP so secure I can't get it running... But that's another story. After it installed and ran ok for a couple of months, I now get the famous "XAMPP: Another web server daemon is already running." error while starting XAMPP. Now I've googled extensively and can rule out the following: There is no other Apache installation, just XAMPP There are no apache or apache 2 services running There are no services running that use port 80 (checked with netstat -an grep -w 80) I have also done a fresh install of xampp 1.7.7, but that gives me the same result. I think I have tried every solution on the first two result-pages of google and am nowhere nearer to a solution. Can anyone give me pointers on how to find the mysterious "Webdeamon" that is already running?

Read the article
HTG Explains: How the SmartScreen Filter Works in Windows 8

- by Chris Hoffman

Windows 8 includes a SmartScreen filter that prevents unknown and malicious programs from running. SmartScreen is part of Internet Explorer 8 and 9 – with Windows 8, it’s now integrated into the operating system. SmartScreen is a useful security feature that will help prevent bad applications from running, but it may occasionally prevent a legitimate application from running. SmartScreen reports some information to Microsoft, so it may have some privacy implications. HTG Explains: Is ReadyBoost Worth Using? HTG Explains: What The Windows Event Viewer Is and How You Can Use It HTG Explains: How Windows Uses The Task Scheduler for System Tasks

Read the article
Reverse X11 forwarding

- by Oli

I was playing with my phone (that runs a Linux/X stack) last night and I managed to ssh into my desktop and run an application and have it show up on my phone. It was awesome. Today I'd like to sort of do the opposite. I want to view an application running on my phone on my PC. I could install a SSH server on my phone but I frankly don't fancy that purely for security reasons. I want this to be initiated from my phone. Is there a way to connect from my phone and tunnel the PC's X connection back to the phone and then run an application on the phone that show on the PC?

Read the article
Integrating Azure ServiceBus and SharePoint 2010

- by Sahil Malik

SharePoint 2010 Training: more information My new article is finally online. I had been waiting for this for a while. The thing is, AppFabric became .NET 4, and left SharePoint 2010 behind. But fear not, we have REST API. But that brings up interesting challenges of how we can integrate Azure Service Bus with SharePoint 2010 (yes 2010, not vNext – I’m not giving NDA information out you fool), the design patterns you can use, figuring out challenging issues like security, sessions, and just app design patterns instead. Well, I hope you like my next article, SharePoint Applied: Azure ServiceBus and SharePoint 2010 Enjoy! Read full article ....

Read the article
Is scanning the ports considered harmful?

- by Manoj R

If any application is scanning the ports of other machines, to find out whether any particular service/application is running, will it be considered harmful? Is this treated as hacking? How else can one find out on which port the desired application is running (without the user input)? Let's say I only know the port range in which the other application could be running, but not the exact port. In this case, my application ping each of the port in range to check whether the other application is listening on it, using already defined protocol. Is this a normal design? Or is this considered harmful for the security?

Read the article
Solaris Day in NY and Boston

- by unixman

Hey all, -- We're hosting yet another Solaris event in New York -- this one will be on November 29th and focused on some key in-depth technologies in Solaris 11, which had just been released earlier this month. Speakers include Dave Miner, Glenn Brunette and Jeff Victor. It starts in the morning and goes through lunch; check out the agenda from the below link. Topics include: new and improved installation and package management experience, virtualization, ZFS and security.Please check it out and come join us! The RSVP link is belowhttp://www.oracle.com/go/?&Src=7239490&Act=34&pcode=NAFM10128512MPP016 Additionally, if you are in the Boston area, an identical event will be held in Burlington the following day, on November 30th. The RSVP link for that is http://www.oracle.com/us/dm/h2fy11/21285-nafm10128512mpp013-oem-525338.html Hope to see you there!

Read the article
Building a Roadmap for an IAM Platform

- by B Shashikumar

Identity Management is no longer a departmental solution, it has become a strategic part of every organization's security posture. Enterprises require a forward thinking Identity Management strategy. In our previous blog post on "The Oracle Platform Approach", we discussed a recent study by Aberdeen which showed that organizations taking a platform approach can reduce cost by as much as 48% and have 35% fewer audit deficiencies. So how does an organization get started with an Identity Management (IAM) Platform? What are the components of such a platform and how can an organization continuously evolve it for better ROI and IT agility. What are some of the best practices to begin an IAM deployment? To find out the answers and to learn how ot build a comprehensive IAM roadmap, check out this presentation which discusses how Oracle can provide a quick start to your IAM program. Platform approach-series-building a-roadmap-finalv1 View more presentations from OracleIDM

Read the article
Extracting GPS Data from JPG files

- by Peter W. DeBetta

I have been very remiss in posting lately. Unfortunately, much of what I do now involves client work that I cannot post. Fortunately, someone asked me how he could get a formatted list (e.g. tab-delimited) of files with GPS data from those files. He also added the constraint that this could not be a new piece of software (company security) and had to be scriptable. I did some searching around, and found some techniques for extracting GPS data, but was unable to find a complete solution. So, I did...(read more)

Read the article
Spreadsheet or writing an application?

- by Lenny222

When would you keep simple to medium-complex personal calculations in a spread sheet (Excel etc) and when would you write a small program or script for it? For example when you want to calculate what size of mortgage you can afford to buy a house. I could create a spreadsheet and have a nice tabular representation. On the other hand, if i would write a small script in a nice language (in my case Haskell), i'd have the security of a nice type system, preventing typos etc. What are the pro/cons in your opinion?

Read the article
PHP accessible shared content between two websites on the same VPS on different domains/IPs

- by Lee Fentress

I have two ecommerce websites, selling music digital downloads, on the same VPS, currently using cPanel/WHM (but thinking of switching to Virtualmin). They have separate domains and IPs of course. They both share from the same set of music files, so I have duplicate copies in each website directory, which takes up a lot of disk space. How might I go about sharing the same set of music files across both sites, allowing PHP access, so that it does not break my shopping cart's functionality of serving customers the downloads after they have paid for them? I thought of maybe using symlinks or something, but I don't know if it's possible, or if it would have to somehow circumvent built-in security features of the server. I'm new to VPS management.

Read the article
Slow Internet Performance in 12.04 LTS

- by Mad

Have installed Ubuntu 12.04 LTS. I have encountered the below problems. 1. Have two OS. Internet is too slow in U 12.04 compared to Windows 7 2. System Performance is very slow 3. After installing Ubuntu 12.04, my brightness is dark during the initiail time. However, I have resolved this issue and found to be working fine. 4. Unable to connect Wireless network after inputing security credentials. Please note, I am beginner to this Linux. Would Appreciate if someone could explain in step by step to overcome the above issues.

Read the article
YouTube Scalability Lessons

- by Bertrand Matthelié

@font-face { font-family: "Arial"; }@font-face { font-family: "Courier New"; }@font-face { font-family: "Wingdings"; }@font-face { font-family: "Calibri"; }@font-face { font-family: "Cambria"; }p.MsoNormal, li.MsoNormal, div.MsoNormal { margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: "Times New Roman"; }h2 { margin: 12pt 0cm 3pt; page-break-after: avoid; font-size: 14pt; font-family: "Times New Roman"; font-style: italic; }a:link, span.MsoHyperlink { color: blue; text-decoration: underline; }a:visited, span.MsoHyperlinkFollowed { color: purple; text-decoration: underline; }span.Heading2Char { font-family: Calibri; font-weight: bold; font-style: italic; }div.Section1 { page: Section1; }ol { margin-bottom: 0cm; }ul { margin-bottom: 0cm; } Very interesting blog post by Todd Hoff at highscalability.com presenting “7 Years of YouTube Scalability Lessons in 30 min” based on a presentation from Mike Solomon, one of the original engineers at YouTube: …. The key takeaway away of the talk for me was doing a lot with really simple tools. While many teams are moving on to more complex ecosystems, YouTube really does keep it simple. They program primarily in Python, use MySQL as their database, they’ve stuck with Apache, and even new features for such a massive site start as a very simple Python program. That doesn’t mean YouTube doesn’t do cool stuff, they do, but what makes everything work together is more a philosophy or a way of doing things than technological hocus pocus. What made YouTube into one of the world’s largest websites? Read on and see... Stats @font-face { font-family: "Arial"; }@font-face { font-family: "Cambria"; }p.MsoNormal, li.MsoNormal, div.MsoNormal { margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: "Times New Roman"; }div.Section1 { page: Section1; } 4 billion Views a day 60 hours of video is uploaded every minute 350+ million devices are YouTube enabled Revenue double in 2010 The number of videos has gone up 9 orders of magnitude and the number of developers has only gone up two orders of magnitude. 1 million lines of Python code Stack @font-face { font-family: "Arial"; }@font-face { font-family: "Cambria"; }p.MsoNormal, li.MsoNormal, div.MsoNormal { margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: "Times New Roman"; }div.Section1 { page: Section1; } Python - most of the lines of code for YouTube are still in Python. Everytime you watch a YouTube video you are executing a bunch of Python code. Apache - when you think you need to get rid of it, you don’t. Apache is a real rockstar technology at YouTube because they keep it simple. Every request goes through Apache. Linux - the benefit of Linux is there’s always a way to get in and see how your system is behaving. No matter how bad your app is behaving, you can take a look at it with Linux tools like strace and tcpdump. MySQL - is used a lot. When you watch a video you are getting data from MySQL. Sometime it’s used a relational database or a blob store. It’s about tuning and making choices about how you organize your data. Vitess- a new project released by YouTube, written in Go, it’s a frontend to MySQL. It does a lot of optimization on the fly, it rewrites queries and acts as a proxy. Currently it serves every YouTube database request. It’s RPC based. Zookeeper - a distributed lock server. It’s used for configuration. Really interesting piece of technology. Hard to use correctly so read the manual Wiseguy - a CGI servlet container. Spitfire - a templating system. It has an abstract syntax tree that let’s them do transformations to make things go faster. Serialization formats - no matter which one you use, they are all expensive. Measure. Don’t use pickle. Not a good choice. Found protocol buffers slow. They wrote their own BSON implementation, which is 10-15 time faster than the one you can download. ...Contiues. Read the blog Watch the video

Read the article
Public JCP EC Meeting on 12 November

- by Heather VanCura

The next JCP EC Meeting, and the last public EC Meeting of 2013, is scheduled for Tuesday, 12 November at 08:00 AM PST. Agenda includes a discussion on invigorating your community participation in the JCP program. We hope you will join us, but if you cannot attend, the recording and materials will also be public on the JCP.org multimedia page. Meeting details below. Meeting information ------------------------------------------------------- Topic: Public EC Meeting Date: Tuesday, November 12, 2013 Time: 8:00 am, Pacific Standard Time (San Francisco, GMT-08:00) Meeting Number: 809 853 126 Meeting Password: 1234 ------------------------------------------------------- To start or join the online meeting ------------------------------------------------------- Go to https://jcp.webex.com/jcp/j.php?ED=239354237&UID=491098062&PW=NZjAyM2Q2YTVj&RT=MiM0 ------------------------------------------------------- Audio conference information ------------------------------------------------------- +1 (866) 682-4770 (US) Conference code: 5731908 Security code: 1234 For global access numbers https://www.intercallonline.com/listNumbersByCode.action?confCode=5731908 Or +1 (408) 774-4073

Read the article
Registration free hosting for ASP.NET web service

- by Andrew

I've built a simple ASP.NET web service, tested it locally and would like to test it when externally hosted. Are there free hosting services available where I can just upload the assembly and service description file and test it straight away. Without registering the account, etc. My service does not do anything malicious and I am ok to run it in a restricted (security sandbox, bandwith, calls per second, etc) environment? I have heard about appharbor.com but it looks like an overkill to test a simple web service.

Read the article
Avast Antivirus Crashes

- by user67966

Well I have installed avast anti virus on Ubuntu 12.04. But after updating, it crashes! So I have made some tweaks like below: 1) I pressed press Ctrl+Alt+T and opened Terminal. When it opened, I ran the command below. sudo gedit /etc/init.d/rcS 2) typed my password and hit enter 3) when the text file opens add the line: sysctl -w kernel.shmmax=128000000 4) made sure the line you added is before: exec /etc/init.d/rc S 5) This is how it should look like: Code: #! /bin/sh # rcS # # Call all S??* scripts in /etc/rcS.d/ in numerical/alphabetical order # sysctl -w kernel.shmmax=128000000 exec /etc/init.d/rc S 6) save it 7) Reboot My question is. Did I do anything wrong. I mean as I have made some tweaks,will it lower the security of avast down like viruses do! Please if you are a programmer check this if it contains bug or harmful intentions...Thanks.

Read the article

< Previous Page | 812 813 814 815 816 817 818 819 820 821 822 823 | Next Page >