Search Results

Search found 3707 results on 149 pages for 'secure'.

Page 92/149 | < Previous Page | 88 89 90 91 92 93 94 95 96 97 98 99  | Next Page >

• How can I prevent Apache from exposing a user's password?

  - by Marius Marais

  When using basic authentication (specifically via LDAP, but htpasswd also) with Apache, it makes the REMOTE_USER variable available to the PHP / Ruby / Python code underneath -- this is very useful for offloading authentication to the webserver. In our office environment we have lots of internal applications working like this over SSL, all quite secure. BUT: Apache exposes the PHP_AUTH_USER (=REMOTE_USER) and PHP_AUTH_PW variables to any application inside PHP. (PHP_AUTH_PW contains the plaintext password the user entered.) This means it's possible for the app to harvest usernames and passwords. Presumably the same information is available to Python and Ruby (all three are currently in use; PHP is being phased out). So how can I prevent Apache from doing this? One idea is to use Kerberos Negotiate authentication (which does not expose the password and has the benefit of being SSO), but that automatically falls back to Basic for some browsers (Chrome and in some cases Firefox), causing the password to be exposed again.

  Read the article

• What does the NTFS encryption protect against?

  - by Ray

  I have encrypted a folder from the (PropertiesAdvancedEncrypt contents to secure data). However when I change my user profile to another one which is also an administrator the folder seems to be accessible as if nothing happened. What exactly does this encryption protect against. I'm looking to encrypt folders that no other user, or another OS or even if the HDD were to be removed and plugged to another device will be accessible. My OS is Windows 7 Ultimate. Any suggestions?

  Read the article

• What is the correct way to use Chef-server's 'validation key'?

  - by Socio

  It seems to me that the recommended way of adding clients to a chef server - or my understanding of it - is flawed. from the docs: When the chef-client runs, it checks if it has a client key. If the client key does not exist, it then attempts to "borrow" the validation client's identity to register itself with the server. In order to do that, the validation client's private key needs to be copied to the host and placed in /etc/chef/validation.pem. So the "validation key" is basically the superuser credential, allowing anyone who possesses it full access to the chef server? Am I reading this right? Surely the correct model would be for clients to generate their own keypair, and submit the public key to the chef server. Clients should never need access to this superuser "validation key". How can I do it in this, more secure, manner?

  Read the article

• How to prevent Windows 8 of erasing GRUB?

  - by dirleyrls

  I'm doing dualboot with Ubuntu and Windows 8 on my DELL Laptop. EFI is enabled, secure boot is not. My partitions are GPT. Everything seems to work for some time. After some normal use, GRUB stops working. The "ubuntu" EFI entry is still there on top of everything else. But the computer boots directly into the Windows Bootloader, skipping GRUB. Any clues on why is that happening or how can I prevent that? My current partiton setup is: - /dev/sda1 NTFS Windows recovery - /dev/sda2 FAT32 UEFI boot (with boot flag) - /dev/sda3 unknown (msftres flag) - /dev/sda4 NTFS Windows Drive C - /dev/sda5 ext4 /home - /dev/sda6 ext4 / I usually reinstall GRUB through chrooting from a Live Session and doing a apt-get install --reinstall grub-efi-amd64.

  Read the article

• a safer no password sudo?

  - by Stacia

  Ok, here's my problem - Please don't yell at me for being insecure! :) This is on my host machine. I'm the only one using it so it's fairly safe, but I have a very complex password that is hard to type over and over. I use the console for moving files around and executing arbitrary commands a LOT, and I switch terminals, so sudo remembering for the console isn't enough (AND I still have to type in my terrible password at least once!) In the past I have used the NOPASSWD trick in sudoers but I've decided to be more secure. Is there any sort of compromise besides allowing no password access to certain apps? (which can still be insecure) Something that will stop malware and remote logins from sudo rm -rf /-ing me, but in my terminals I can type happily away? Can I have this per terminal, perhaps, so just random commands won't make it through? I've tried running the terminal emulations as sudo, but that puts me as root.

  Read the article

• Logins with only HTTP - are they as insecure as I'm thinking?

  - by JoeCool1986

  Recently I was thinking about how websites like gmail and amazon use HTTPS during the login process when accessing your account. This makes sense, obviously, since you're typing in your account username and password and you would want that to be secure. However, on Facebook, among countless other websites, their logins are done with simple HTTP. Doesn't that mean that my login name and password are completely unencrypted? Which, even worse, means that all those people who login to their facebooks (or similar sites) at a wifi hotspot in public are susceptible to anyone getting their credentials using a simple packet sniffer (or something similar)? Is it really that easy? Or am I misunderstanding internet security? I'm a software engineer working on some web related stuff, and although at the current time I'm not too involved with the security aspect of our software, I knew I should probably know the answer to this question, since it's extremely fundamental to website security. Thanks!

  Read the article

• Running a service as root

  - by kovica

  I have a java program that I use to automate the process of creating VPN settings for clients. The program calls couple of bash scripts, create and copies files around. I have to run it under root user because the whole VPN config is under /etc/openvpn. For this directory I need root privileges. On the same machine I have Glassfish application server and it will call the mentioned Java program. Glassfish is run under non-root user. What is the best, most secure way of running a program as a root user of course without entering a password if I run it via sudo?

  Read the article

• Why is chrome slashing my HTTPS?

  - by John Isaacks

  In Chrome when I view my page the https in the URL has a red slash through it. When I click it, it says: Your connection to www.example.com is encrypted with 256-bit encryption. However, this page includes other resources which are not secure. ... I am not getting the mixed content warning in IE or FF. Is there a way to get Chrome to tell you exactly what/where is causing the issue? I am having trouble finding what is causing Chrome to throw a hissy fit. I searched my source for any http that does not contained https but am not seeing any. It would be nice if there is an easy way to pinpoint the issue.

  Read the article

• need help setting up a VPN for remote computer connection

  - by Chowdan

  I am on a low budget right now. I am currently in the process of starting a computer company. I am in need of a VPN network so I can run Dameware tools for working on customers/partners computers remotely. I will be working with Windows and some Apple and linux machines. I have desktop with an AMD Phenom II 965BE(currently running stable at 3.8Ghz) processor with 8 GB of ram and a radeon hd 6870(i know graphics aren't too useful) and about 1.5TB of HDD space. I am attempting to create a network out of my office based all on one machine that would also be secure for me to remotely connect to my partners computers so when they have issues I would be able to connect and do the diagnosing and repairs remotely. What types of servers besides a VPN server would i need to create this? I have access to all Microsoft products so I can run Windows Server 2012, Windows Server 2008 R2, or any other Microsoft Software. thanks for the help all

  Read the article

• Searching for online database software/cms

  - by ButterdBread

  I am searching for a software or CMS that manages and displays large online databases, as some kind of frontend to MySQL or any other database. It should be accessible through the browser, be as secure as possible (offering login). The data I'd like to store would be personal information such as name, adress and birthday - also I'd need to be able to add custom fields as well. Also forms and the possibility to download the data in an excel? table would be great. PHPmyadmin is not an option, it should be similar to a CRM but more closely adapted to managing database tables, searching for entries and filtering data. It should be possible to have many user accounts with different rights, with each of them being able to acces certain parts of the data and entering own data. Is there something out there, that might get close to what I imagine? I appreciate any help!

  Read the article

• Set up homeserver with single IP to host multiple sites on Ubuntu [closed]

  - by Ortix92

  I am trying to set up my homeserver so it can function as a regular server one would rent. I am running Ubuntu 12.04 LTS with openpanel. I have a single static IP address. I am used to having two addresses and pointing them to NS1.domain.tld and NS2.domain.tld and setting up the propper DNS records. I would also like to mention I am somewhat new to DNS zones. Either way, how would I go about setting this up correctly (in openpanel) with just a single IP address if possible at all? I have also read about free solutions online, but I would like to keep everything secure and private so other people can't peer into my data somehow. Thanks!

  Read the article

• disbale ssh for bnroot as root account

  - by user2916639

  i am beginner with centos - Linux i have dedicated server . my root username is bnroot . now i am taking ssh using this user. i want to disable ssh for bnroot. i have created user user name welcome i want take ssh login by welcome user then i ll use su - bnroot to get root privileges. i have set PermitRootLogin no , AllowUsers welcome IN /etc/sshd_config and after restarting sshd service . i take ssh login by welcome use then it is ok. but when i use su bnroot its prompt to password and i enter right passowrd it show su: incorrect password , i dont know where i am wrong . please help me here. changes i done - /etc/ssh/sshd_confid PermitRootLogin no AllowUsers welcome /etc/sudoers welcome ALL=(ALL) ALL getting error in /var/log/secure unix_chkpwd[666]: password check failed for user (bnroot) su: pam_unix(su:auth): authentication failure; logname=ewalletssh uid=503 euid=500 tty=pts/1 ruser=ewalletssh rhost= user=bnroot please let me know where i am wrong

  Read the article

• Data storage solutions for rapidly running out of space

  - by Grimlockz

  I have 2 web servers (1 live and other backup), the issue I have is our storage is rapidly running out. All the data on the server is used by our customers and new documents are uploaded to the server daily. So nothing can be deleted as it's always in use. We use a flat file structure with no database. I'm seeking solutions or ideas for the best place to move the our data to. The data has to be secure and needs to run on a linux environment. Not sure where to start - clusters, vmware, or they such solutions for huge file servers?

  Read the article

• Monitor disk I/O for specific drive in OS X

  - by raffi

  In my Macbook Pro, I have two internal drives and I've connected a third drive via USB in enclosure. I am currently doing a secure wipe of the external drive and I was interested in seeing what the disk I/O was for that particular drive, but when I use Activity Monitor I only see the total disk usage for all drives combined. Is there any way to monitor a specific drive's total I/O, preferably via a built-in or free method? I don't want to filter by process ID. I just want to filter by mounted disk.

  Read the article

• Does Microsoft offer a corporate IM/collaboration tool similar to Campfire? My googlefu skills appear to be failing me today.

  - by user54266

  I mentioned to my boss that we should look into a single unified IM client that we could use and secure on a corporate level, and then suggested Campfire. We're a primarily Microsoft house so he suggested we use something that would better integrate with SharePoint and the other tools our end users use in house. However, I'm not aware of any Microsoft tool that does something like this. Obviously there is MSN Messenger but I think/hope he wasn't referring to that. Other than a product from 2005 I haven't been able to locate a Microsoft corporate IM tool...does anybody know what he may have been talking about?

  Read the article

• Fedora: "Login Incorrect"

  - by darkblackcorner

  I've just set up a minimal install on my netbook (the default was too resource hungry, so I figured I'd customize the install and learn something about linux at the same time!) No problems logging in as root, but when I create a new user and try to login as them I just get the "Login incorrect" error. I'm certain the password is correct, though the secure log displays an authentication error. Am I missing a permission somewhere? useradd test usermod -p [pwd] test Shell is added automatically I think (checking password file says shell is /bin/bash) I've tried adding the user to the sudo-ers group usermod -a -G wheel which doesn't help. I've kept the password simple in order to rule out human error.

  Read the article

• Would you embrace a new technology that worked better than a VPN?

  - by Jumpto

  Ok so VPNs have been around for ages. Business has been addicted to them as the only method of securing their home servers with their workstations in the field. Even with all their problems and shortcomings. So my question is this: How likely are you to embrace a new technology that promises to work better, secure better and have more features than a VPN? State your reasons for or against. Extra points if you point out what steps the new technology would have to take to knock VPN off its throne.

  Read the article

• How to open http for linux server

  - by wtfcoder

  I am a Windows (IIS) software engineer, but recently I've been thrown into a Linux server admin role until we can find someone to fill the position. I am not ashamed to admit I have no idea what I am doing. Currently the problem I am trying to solve is that the server is only responding to https requests. However, we need it to respond to standard http requests as well. We don't really have anything that needs to stay secure on its way to the requester. I am running redhat linux via bash. If anyone could tell me how to enable http requests I would really appreciate it! Thanks Please make sure your response is fairly step by step as I have minimal command line experience :/

  Read the article

• Server 2008 Hyper-V User Accounts to access each other

  - by asn1981

  Hi, I have a windows server 2008 r2 with 3 hyper-v vm's IIS server Sql server 3 - Mail server I'm new to networking/server configuration. I have created a Virtual Network and can see each of the 3 VMs as well as the host on the network. I can connect from each VM to the host using the admin account. However, what would be the best (secure) way to create connections/accounts between the VMs, presumabely this shouldn't be done with an admin account but one with lesser priveledges. For example, to be able to access the SQL Server VM from the IIS server VM?

  Read the article

• Please provide how to setup using VMware, AD [closed]

  - by user552585

  In my organisation we have more than 100 pcs and high configured 3 IBM servers. Now the senario is 300 employees with diff programmers like .Net,java,php etc. these employees use by these systems only in diff shifts without stop their work. I want all applications required them on every system and they have perticular id, Pw to login and i have to secure the organisation data and userdata to tamper or any thing by other users. Please provide how to setup using VMware, AD with MicroSoft environment with fully secured manner. please give brief explanation. Please help me

  Read the article

• Windows 8: How to Lock (not sleep) laptop on lid close?

  - by Eye of Hell

  If my laptop is connected to power source and is not configured to sleep on lid close (it is connected to power source and is working, i don't want it to sleep. It's compiling my code) if i close the lid, laptop will do nothing. This works as expected, but actually if i have my laptop connected to power source in the office it will be good to lock it if i close a lid. So no one can just open the lid and see my unlocked desktop. I searched google and it says thet correct use case is to manually lock laptop via Win + L every time before lid is closed. This is ok, but not very secure - after all, i can forget Win + L. Is t any easy way (maybe some registry value or app) to configure windows laptop so it will lock on lid close even without sleep? Of course i can write app / powershell script for this task, but this is not suitable for non-programmers end users.

  Read the article

• Encrypt ONE system directory?

  - by acidzombie24

  I dont want to encrypt my whole hard drive. But one app i ENJOY using stores my password in a not so secure way in the AppData folder. I would like to encrypt the folder. One note is the folder is inside my user/name directory. Maybe that will help or hinder the solution. I am fine with encrypting all of AppData if necessary. However i prefer not to encrypt C:\Users\NAME\ since it is heavily used by many apps. C:\Users\NAME\AppData\Local\APPNAME

  Read the article

• Playbook is starting to get mail all of a sudden [closed]

  - by 1.21 gigawatts

  After 6 months my Playbook is just now this morning starting to pull in emails from my GMail account. Why? I didn't change anything on my end. The only difference I can think of (besides something changing on RIMs services end if that has any part in this) may be that I've been on a secure university connection for a few hours. I've been on this network before but the playbook doesn't seem to stay connected to it very long. Maybe it's because I have a lot of emails in my account? Has anyone else noticed this?

  Read the article

• Installing Ubuntu on an Asus Vivotab Smart Windows 8 32-bit processor tablet

  - by Ikenna

  Good day, I just got an Asus Vivotab Smart with Windows 8 but the processor is actually a 32-bit type. I am kinda confused with the Ubuntu version to install (32-bit or 64-bit). I have read all the tips and guidelines on installing Ubuntu on a Windows 8 machine. I have disabled fast boot, quiet boot, secure boot, and still cannot boot from the usb. I tried this with Ubuntu 12.04.2, 12.10, and 13.04 (the 64-bit versions only). I am yet to try a 32-bit version but I'm reluctant since Canonical says only the 64-bit version was developed to handle the Windows 8 UEFI issues. Also, I have a boot-override field in my UEFI options which I think force-boots from the boot option one selects. I selected to force-boot from my pendrive containing Ubuntu, but the screen just blinks momentarily and nothing happens. Please help me to figure out how to load ubuntu on my machine. I don't really want the Windows 8......just Ubuntu on my tablet. Thank you.

  Read the article

• The Most Common and Least Used 4-Digit PIN Numbers [Security Analysis Report]

  - by Asian Angel

  How ‘secure’ is your 4-digit PIN number? Is your PIN number a far too common one or is it a bit more unique in comparison to others? The folks over at the Data Genetics blog have put together an interesting analysis report that looks at the most common and least used 4-digit PIN numbers chosen by people. Numerically based (0-9) 4-digit PIN numbers only allow for a total of 10,000 possible combinations, so it stands to reason that some combinations are going to be far more common than others. The question is whether or not your personal PIN number choices are among the commonly used ones or ‘stand out’ as being more unique. Note 1: Data Genetics used data condensed from released, exposed, & discovered password tables and security breaches to generate the analysis report. Note 2: The updates section at the bottom has some interesting tidbits concerning peoples’ use of dates and certain words for PIN number generation. The analysis makes for very interesting reading, so browse on over to get an idea of where you stand with regards to your personal PIN number choices. 8 Deadly Commands You Should Never Run on Linux 14 Special Google Searches That Show Instant Answers How To Create a Customized Windows 7 Installation Disc With Integrated Updates

  Read the article

< Previous Page | 88 89 90 91 92 93 94 95 96 97 98 99  | Next Page >