Search Results

Search found 19074 results on 763 pages for 'secure government government cloud security'.

Page 102/763 | < Previous Page | 98 99 100 101 102 103 104 105 106 107 108 109  | Next Page >

• WYSIWYG-editor with "add custom html feature" and secure (validated) html output?

  - by Tom

  I've been looking into some of the WYSIWYG editors (TinyMCE, FCKEditor, etc.) and they all seem to offer a lot of options. However, one vital feature that seems to lack is a simple "add custom html" option which would allow the user to input any of these embed-snippets you find all around the web these days, for example a youtube video. This is different than a "edit html/source" feature as that requires actual knowledge of html and there is the risk of the user writing invalid code. Another issue that I couldn't find much about is the output html. How would I make sure that this output causes no security invulnerabilities? Even when the user has the ability to add his own html? So, basically, is there an open source WYSIWYG editor which covers these 2 features?

  Read the article

• Oracle Event: Database Enterprise User Security

  - by user12603048

  One of the high-value benefits of an integrated Identity and Access Management platform is the ability to leverage a unified corporate directory as the primary authentication source for database access. On July 11, 2012 at 08:00 am PDT, Oracle will host a webcast showing how Enterprise User Security (EUS) can be used to externalize and centrally manage database users in a directory server. The webcast will briefly introduce EUS, followed by a detailed discussion about the various directory options that are supported, including integration with Microsoft Active Directory. We'll conclude how to avoid common pitfalls deploying EUS with directory services. Discussion topics will include Understanding EUS basics Understanding EUS and directory integration options Avoiding common EUS deployment mistakes Make sure to register and mark this date on your calendar! - Click here to register.

  Read the article

• SharePoint Database security corruption

  - by H(at)Ni

  Hello, One time I faced an issue where my customer is having an HTTP 500 internal server error while trying to access any SharePoint site. The problem appeared once he moved back and forth with inheriting/breaking inheritance of permissions over different levels in the site collection. "Security corruption in database" sounds very tough for a customer running a production portal with a backup that can make him lose around 3 weeks of valuable data. However, the solution tends not to be that hard, there's an stsadm command that help us detect the corruption and even delete the orphaned items causing the corruption. Follow these steps: a. stsadm -o databaserepair -url http://SITEURL -databasename DBNAME                and it returned some orphaned items.            b. stsadm -o databaserepair -url http://SITEURL -databasename DBNAME -deletecorruption                and it removed the orphaned items. Cheers,

  Read the article

• Secure to store an ID in an ASP.NET control ID?

  - by Curtis White

  I'm auto-generating a form in my ASP.NET page. This is already tested and working. I want to know if: If there are any security problems with storing the database ID as part of my controls ID? I can see think of 2 issues: the id will be visible in page source (not really important in this case), and the possibility someone could change the name of the control somehow? This second possibility is more serious. Is this a potential problem and how to void it? If there would be a better preferred way to associate a unique data with any type of control? Is it possible to store a custom item in the viewstate for the control?

  Read the article

• Multi Level Security via Roles

  - by Geertjan

  I'm simulating a small scenario: Users can be dragged into roles; roles can be dragged into role groups. When a drop is made into a role group, a new role is created (WindowManager.getDefault().setRole("")). Then, when the user logs in, they log into a particular role. Depending on the role they log into, a different role group is assigned, which maps to a certain "role" in NetBeans Platform terms, i.e., the related level of security is applied and the related windows open.

  Read the article

• Is it more secure to run a desktop app in a applet?

  - by Tom Brito

  Fist of all, when I say "run a desktop app in a applet" I mean do a Applet application that runs off-line, instead of a Desktop application that runs inside a JFrame. The little I know about applets (and maybe something I say is wrong, please correct me) is that applets have all permitions not granted by default. Also, the applets run inside a Sandbox, that does not allow information in or out without explicity permition. So, if I am focused on security in my application, its best to run it inside an applet (off-line, for a desktop application) then inside a JFrame. Is it right?

  Read the article

• How can I validate/secure/authenticate a JavaScript-based POST request?

  - by Bungle

  A product I'm helping to develop will basically work like this: A Web publisher creates a new page on their site that includes a <script> from our server. When a visitor reaches that new page, that <script> gathers the text content of the page and sends it to our server via a POST request (cross-domain, using a <form> inside of an <iframe>). Our server processes the text content and returns a response (via JSONP) that includes an HTML fragment listing links to related content around the Web. This response is cached and served to subsequent visitors until we receive another POST request with text content from the same URL, at which point we regenerate a "fresh" response. These POSTs only happen when our cached TTL expires, at which point the server signifies that and prompts the <script> on the page to gather and POST the text content again. The problem is that this system seems inherently insecure. In theory, anyone could spoof the HTTP POST request (including the referer header, so we couldn't just check for that) that sends a page's content to our server. This could include any text content, which we would then use to generate the related content links for that page. The primary difficulty in making this secure is that our JavaScript is publicly visible. We can't use any kind of private key or other cryptic identifier or pattern because that won't be secret. Ideally, we need a method that somehow verifies that a POST request corresponding to a particular Web page is authentic. We can't just scrape the Web page and compare the content with what's been POSTed, since the purpose of having JavaScript submit the content is that it may be behind a login system. Any ideas? I hope I've explained the problem well enough. Thanks in advance for any suggestions.

  Read the article

• Is it impossible to secure .net code (intellectual property) ?

  - by JL

  I used to work in JavaScript a lot and one thing that really bothered my employers was that the source code was too easy to steal. Even with obfuscation, nothing really helped, because we all knew that any competent developer would be able to read that code if they wanted to. JS Scripts are one thing, but what about SOA projects that have millions invested in IP (Intellectual Property). I love .net, and especially C#, but I recently again had to answer the question "If we give this compiled program over to our clients, can their developers reverse engineer it?" I had gone out of my way to obfuscate the code, but I knew it wouldn't take that much for another determined C# developer to get at the code. So I earnestly pose the question, is it impossible to secure .net code? The considerations I have as as follows: Even regular native executables can be reversed, but not every developer has the skill to be able to do this. Its a lot harder to disassemble a native executable than a .net assembly. Obfuscation will only get you so far, but it does help a little. Why have I never seen any public acknowledgement by Microsoft that anything written in .net is subject to relatively easy IP theft? Why have I never seen a scrap of counter measure training on any Microsoft site? Why does VS come with a community obfuscater as an optional component? Ok maybe I have just had my head in the sand here, but its not exactly high on most developers priority list. Are there any plans to address my concerns in any future version of .net? I'm not knocking .net, but I would like some realistic answers, thank you, question marked as subjective and community!

  Read the article

• Are there more secure alternatives to the .Net SQLConnection class?

  - by KeyboardMonkey

  Hi SO people, I'm very surprised this issue hasn't been discussed in-depth: This article tells us how to use windbg to dump a running .Net process strings in memory. I spent much time researching the SecureString class, which uses unmanaged pinned memory blocks, and keeps the data encrypted too. Great stuff. The problem comes in when you use it's value, and assign it to the SQLConnection.ConnectionString property, which is of the System.String type. What does this mean? Well... It's stored in plain text Garbage Collection moves it around, leaving copies in memory It can be read with windbg memory dumps That totally negates the SecureString functionality! On top of that, the SQLConnection class is non-inheritable, I can't even roll my own with a SecureString property instead; Yay for closed-source. Yay. A new DAL layer is in progress, but for a new major version and for so many users it will be at least 2 years before every user is upgraded, others might stay on the old version indefinitely, for whatever reason. Because of the frequency the connection is used, marshalling from a SecureString won't help, since the immutable old copies stick in memory until GC comes around. Integrated Windows security isn't an option, since some clients don't work on domains, and other roam and connect over the net. How can I secure the connection string, in memory, so it can't be viewed with windbg?

  Read the article

• Is DB logging more secure than file logging for my PHP web app?

  - by iama

  I would like to log errors/informational and warning messages from within my web application to a log. I was initially thinking of logging all of these onto a text file. However, my PHP web app will need write access to the log files and the folder housing this log file may also need write access if log file rotation is desired which my web app currently does not have. The alternative is for me to log the messages to the MySQL database since my web app is already using the MySQL database for all its data storage needs. However, this got me thinking that going with the MySQL option is much better than the file option since I already have a configuration file with the database access information protected using file system permissions. If I now go with the log file option I need to tinker the file and folder access permissions and this will only make my application less secure and defeats the whole purpose of logging. Is this correct? I am using XAMPP for development and am a newbie to LAMP. Please let me know your recommendations for logging. Thanks.

  Read the article

• Secure PHP environments with PHP-FPM and SFTP

  - by pdd

  I'd like to set up secure environments for a small number of untrusted PHP websites on a Debian server. Right now everything runs on the same Apache2 with mod_php5 and vsftpd for administrative file access, so there is room for improvement. The idea is to use nginx instead of apache, SFTP through OpenSSH instead of vsftpd and chrooted (in sshd_config), individual users for each website with their own pool of PHP processes. All these users and nginx are part of the same group. Now in theory I can set 700 permissions on all PHP scripts and 750 on static files that nginx has to serve up. Theoretically, if a website is compromised all the other users' data is safe, right? Are there better solutions that require less setup time and memory per website? Cheers

  Read the article

• Citrix Secure Gateway not redirecting to login URL

  - by Dave

  We have an older setup for XenApp - users log in through Citrix Secure Gateway running on a windows box. (We hope to start using a NetScaler soon.) Earlier today, connections to https://citrix.company.com/ starting throwing up a 503 error page, instead of redirecting to https://citrix.company.com/Citrix/XenApp/ If you go directly to the /Citrix/Xenapp/ URL, the user is properly directed to the login page, and can launch apps. We've restarted the service, and rebooted the server. We haven't yet tried uninstalling and reinstalling the software. Before we do this, I'm looking for ideas as to how we can get the redirect working again without a fairly major outage window. To make things more interesting, many of our users have Citrix Receiver installed, also pointed at https://citrix.company.com/. Receiver makes itself the default launcher for ICA files, and gives a connection error when it tries to load apps - probably because of the same non-functional rediect?

  Read the article

• Could not establish a secure connection to server with safari

  - by pharno

  Safari tells me that it couldnt open the page, because it couldnt establish a secure connection to the server. However, other browsers (opera, firefox) can open the page. Also, theres nothing in the apache error log. The certificate is selfsigned, and uses standart values. (seen here: http://www.knaupes.net/tutorial-ssl-zertifikat-selbst-erstellen-und-signieren/ ) ssl config: SSLEngine on #SSLInsecureRenegotiation on SSLCertificateFile /home/gemeinde/certs/selfsigned/gemeinde.crt SSLCertificateKeyFile /home/gemeinde/certs/selfsigned/gemeinde.key #SSLCACertificateFile /home/gemeinde/certs/Platinum_G2.pem #SSLOptions +StdEnvVars <Location "/"> SSLOptions +StdEnvVars +OptRenegotiate SSLVerifyClient optional SSLVerifyDepth 10 </Location>

  Read the article

• Secure login for Firefox alternatives

  - by ldigas

  For some reason, Secure Login 0.9.3. on FF 3.5.4. is relatively buggy (it randomly stops working saying it is not compatible, but continues to work after I uninstall it and reinstall afterwards ... then it stops working after some time. No new extensions were added in the meantime; just BitDefender was installed on the system ... not sure whether he has something to do with it.). What would be good alternatives to it (except RoboForm) which give the same behaviour ? All ideas welcomed.

  Read the article

• McAfee Secure Messaging Service / Postini: false positive?

  - by Martin

  Hello, I'm puzzled by this email message that gets quarantined by McAfee Secure Messaging Service (it's based on Postini) for no reason that I can think of. Here are the Postini headers: X-pstn-2strike: clear X-pstn-neptune: 0/0/0.00/0 X-pstn-levels: (S: 0.02932/98.63596 CV:99.9000 FC:95.5390 LC:95.5390 R:95.9108 P:95.9108 M:97.0282 C:98.6951 ) X-pstn-settings: 3 (1.0000:1.0000) s cv gt3 gt2 gt1 r p m c X-pstn-addresses: from [db-null] X-pstn-disposition: quarantine I read the docs (http://www.mcafee-sms.com/webdocs/admin%5Fee%5Fmcafee/wwhelp/wwhimpl/common/html/wwhelp.htm?context=MACAFFHelp&file=header%5Foverview.html#951634) and in short, the x-pstn-settings header tells me that NONE of the filters was triggered, but the x-pstn-levels header tells me that the final score (0.02932) is low enough to classify the email as bulk/spam. Can anyone explain to me why the final score is so low when none of the filters were triggered? Does anyone have any suggestions on how to prevent this from happening? Regards, Martin

  Read the article

• Problem opening XWindows programs with xming and SSH Secure Shell

  - by Brian

  I've installed SSH Secure Shell and xming on my laptop running Windows 7 (64-bit). I'm having trouble starting X Windows applications from the SSH console. I've been able to do it in the past. I've pretty much determined that it's not a server issue because I've tried it on two different servers (both servers are running RHEL 5). Running "echo $DISPLAY" on either server gave me "localhost:10.0". My XLaunch configuration settings are: Multiple Windows, 10 (display number), and Start no client. Once xming has launched, I'll try to execute something like "firefox" and I get this back: The application 'firefox' lost its connection to the display localhost:10.0; most likely the X server was shut down or you killed/destroyed the application. I've already checked to make sure that the X server is running and it is: root 12579 2689 0 Feb14 tty7 00:04:23 /usr/bin/Xorg :0 -br -audit 0 -auth /var/gdm/:0.Xauth -nolisten tcp vt7 Additionally, X11 Tunneling has been enabled in SSH as well as SSH 2 connections.

  Read the article

• Secure Connection Failed using Firefox

  - by Saifallah

  I'm using Firefox 5 with some add-ons that require an external connection to a certain server (lastPass & Xmarks). I'm using the connection from my company, and every while & then I get a pop-up; Secure connection failed. This certificate in not trusted because the certificate issuer isn't trusted. (Error code: sec_error_untrusted_issuer) This also occurs using other versions of Firefox. Thanks in advance.

  Read the article

• Perform shell operation through secure shell

  - by Ben

  Is it possible to perform a shell operation from a bash script through a secure shell. Here is an example of why you may want to do this. Lets say you have a simple unix operating system that you need only build and run on, but you want to do all of the development on another machine. I want to write a bash script that has the following functionality: scp file to location on other machine ssh to other machine cd into correct directory make run program scp results to file on original computer exit ssh Is this remotely possible? (Pardon the Pun :p)

  Read the article

• testing ssl cert for smtps => "secure connection could not be established with this website"

  - by cc young

  testing ssl cert on server using a web service. https, imaps and pop3s all check, but smtps yields the message "we advise you not to submit any confidential or personal data to this website because a secure connection could not be established with this website." running postfix tls logging: connect from s097.networking4all.com[213.249.64.242] lost connection after UNKNOWN from s097.networking4all.com[213.249.64.242] disconnect from s097.networking4all.com[213.249.64.242] these work correctly: telnet mydomain.net 587 openssl s_client -starttls smtp -crlf -connect mydomain.net:587 but cannot get email using ssl to log into either 587 or 564 - get same "UNKNOWN" problem. email smtp w/o ssh works fine. the test site is http://www.networking4all.com/en/support/tools/site+check/

  Read the article

• Does SELinux make Redhat more secure?

  - by vfclists

  Does SELinux make Redhat more secure? I can't remember the number of times when I have disabled SELinux because it kept frustrating my ability to get stuff running. Lots of times to there was no obvious reason why stuff wasn't working and I had to Google to discover why. Given that most casual users will disable or weaken security when it appears to get in the way, with the exclusion of serious, enterprisey Redhat users, is SELinux really useful? PS. Is there some tool that helps you log, track and manage SELinux issues across all applications? In spite of being an Ubuntu user I am a closet Fedora fan.

  Read the article

• Microsoft secure downloader not finishing download

  - by Goran_Mandic

  I am downloading Windows 8 RTM using Microsoft's secure downloader provided by my school's DreamSpark account. The OS I'm currently on is Windows 8 preview. Once the download reaches 100%, it restarts to 0%. I open the download path folder, and find the en_windows_8_x64_dvd_915440.sdc file and the en_windows_8_x64_dvd_915440.scd.log file. The log file contains only one line : "Unpacking File: C:\Users\en_windows_8_x64_dvd_915440.sdc" I was unable to unpack the file using 3rd party software, and there seems to be no official software made for unpacking this type of file. What can I do to avoid downloading the OS illegally, even though I have my own product key?

  Read the article

• Secure copy in Linux

  - by Michael

  Hi all, I wanna simpy exchange 3 directories to a collegue's home directory (I dont have write access to that one) from my home directory, probably using secure copy if possible. I am not good with Linux command line, so I am not sure how to do that and I would very much appreciate it if somebody could help me a bit out with this. I guess it should look something like that scp -r /home/user1/directoy1 /home/user2/directoy1 scp -r /home/user1/directoy2 /home/user2/directoy2 scp -r /home/user1/directoy3 /home/user2/directoy3 Do I need to specify the login name of my collegue so that the files can be copied when he enters his password? Thanks for your help, Michael

  Read the article

• Most secure way to have IPtables auto-loaded using Debian / Linux

  - by networkIT

  I'd like to know the safest way to load iptables using Debian. Of course, I can use a script that uses iptables-restore : #!/bin/sh iptables-restore < /etc/firewall.conf but : 1) where is the safest place to have it loaded ? /etc/network/if-up.d ? I'm concerned about the script being loaded early enough at boot time, and reliably enough when plugging/unplugging interfaces ... 2) is this script method using iptables-restore the most secure way ? 3) additionnally, how much does the answer validity stretch to other Linux distros ( Ubuntu, Fedora, CentOS ) ? Thanks ^^

  Read the article

• Mail Secure & Stable Open Source Mail Server

  - by Fanar ALHAYALI

  I have asked question on http://stackoverflow.com/questions/9868426/i-need-to-know-which-email-server-i-have-to-use and someone tell me my question would be better on serverfault. I know that this is a common question and asked many times. but there are so many available mail servers that i am not able to decide the one. Kindly tell that which is the Secure, Stable and fast open source mail server for Centos or Redhat Server. Is there any guide which can be used to deploy the mail server with all its components e.g. smtp, pop3, imap, spam, calender server, antivirus, DNS Setting. Currently I'm using sun messaging V6 which installed on Solaris 10 and my boss ask me to make a report for the best mail server today in the marketing? I tried to have a look on Google but I couldn't find interesting information for my report. Any advice would be appreciated.

  Read the article

• Secure against c99 and similar shells

  - by Amit Sonnenschein

  I'm trying to secure my server as much as i can without limiting my options, so as a first step i've prevented dangerous functions with php disable_functions = "apache_child_terminate, apache_setenv, define_syslog_variables, escapeshellarg, escapeshellcmd, eval, exec, fp, fput, ftp_connect, ftp_exec, ftp_get, ftp_login, ftp_nb_fput, ftp_put, ftp_raw, ftp_rawlist, highlight_file, ini_alter, ini_get_all, ini_restore, inject_code, mysql_pconnect, openlog, passthru, php_uname, phpAds_remoteInfo, phpAds_XmlRpc, phpAds_xmlrpcDecode, phpAds_xmlrpcEncode, popen, posix_getpwuid, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, posix_setuid, posix_uname, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, shell_exec, syslog, system, xmlrpc_entity_decode" but i'm still fighting directory travel, i can't seems to be able to limit it, by using a shell script like c99 i can travel from my /home/dir to anywhere on the disc. how can i limit it once and for all ?

  Read the article

< Previous Page | 98 99 100 101 102 103 104 105 106 107 108 109  | Next Page >