Search Results

Search found 19074 results on 763 pages for 'secure government government cloud security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 107/763 | < Previous Page | 103 104 105 106 107 108 109 110 111 112 113 114  | Next Page >

  • Enablement 2.0 Get Specialized

    - by mseika
    Oracle PartnerNetwork Specialized program is releasing new certifications on our latest products, and partners are invited to be the first candidates.Oracle Taleo Enterprise Cloud Service 2013 Specialization – Now Active!This specialization recognizes partner organizations that are proficient in positioning, selling and implementing Taleo’s Enterprise Talent Management solutions.Taleo's Talent Management Cloud helps organizations attract, develop, motivate and retain human capital to improve performance and drive growth. Oracle’s Taleo Enterprise Cloud Service 2013 Specialization encompasses the following products: Oracle Taleo Performance Management Cloud Service, Oracle Taleo Recruiting Cloud Service and Oracle Taleo Performance Management Cloud Service.Topics covered in this Specialization include: Selling and positioning Taleo’s Talent Management Cloud; Functional and Technical positioning. Implementation tracks are included for Taleo Performance Management Cloud Service, Oracle Taleo Recruiting Cloud Service and Oracle Taleo Performance Management Cloud Service. Oracle partners who achieve this Specialization are differentiated in the marketplace through proven expertise in Oracle Taleo Enterprise Cloud Service.New Certified Implementation Specialist Exam in Production! Oracle Taleo Recruiting Cloud Service 2013 Certified Implementation Specialist (1Z0-474) All Beta exam participants will receive their exam scores as of beginning of July 2013. The successful candidates will receive their certificates starting mid-July 2013. Take the exam now at a near-by Pearson VUE testing center!Contact Us Please direct any inquiries you may have to Oracle Partner Enablement team at [email protected].

    Read the article

  • Enablement 2.0 Get Specialized

    - by mseika
    Oracle PartnerNetwork Specialized program is releasing new certifications on our latest products, and partners are invited to be the first candidates.Oracle Taleo Enterprise Cloud Service 2013 Specialization – Now Active!This specialization recognizes partner organizations that are proficient in positioning, selling and implementing Taleo’s Enterprise Talent Management solutions.Taleo's Talent Management Cloud helps organizations attract, develop, motivate and retain human capital to improve performance and drive growth. Oracle’s Taleo Enterprise Cloud Service 2013 Specialization encompasses the following products: Oracle Taleo Performance Management Cloud Service, Oracle Taleo Recruiting Cloud Service and Oracle Taleo Performance Management Cloud Service. Topics covered in this Specialization include: Selling and positioning Taleo’s Talent Management Cloud; Functional and Technical positioning. Implementation tracks are included for Taleo Performance Management Cloud Service, Oracle Taleo Recruiting Cloud Service and Oracle Taleo Performance Management Cloud Service.Oracle partners who achieve this Specialization are differentiated in the marketplace through proven expertise in Oracle Taleo Enterprise Cloud Service.New Certified Implementation Specialist Exam in Production! Oracle Taleo Recruiting Cloud Service 2013 Certified Implementation Specialist (1Z0-474) All Beta exam participants will receive their exam scores as of beginning of July 2013. The successful candidates will receive their certificates starting mid-July 2013. Take the exam now at a near-by Pearson VUE testing center!Contact Us Please direct any inquiries you may have to Oracle Partner Enablement team at [email protected].

    Read the article

  • file:///cdrom/pool/main/k/klibc/klibc-utils_1.5.25-1ubuntu2_amd64.deb was corrupt

    - by curlyreggie
    I guess this is trivial and most commonly asked question, but I'd reiterate it again here as I'm not able to find a correct solution. I'm trying to install Ubuntu Cloud setup on VMWare using the package from http://download.ubuntu.com and have this basic installation setup issue as per the below image. file:///cdrom/pool/main/k/klibc/klibc-utils_1.5.25-1ubuntu2_amd64.deb was corrupt The issue is I cannot continue by skipping this as you know this happens to be the most important setup. How can I fix this? Help is sincerely appreciated.

    Read the article

  • Oracle???????????47??????????

    - by user758881
    Oracle???2014?5?31???,??????,40?Oracle???????47????Oracle??? Oracle Accelerate ????? ?Oracle 2014?????????47???????????????????????Oracle????,??Oracle Financials Cloud, Oracle Sales Cloud ? Oracle Service Cloud –???? Oracle CX Cloud, ?? Oracle Human Capital Management (HCM) Cloud. ???Oracle Accelerate??????????????????? ???????????????????, ??, ???, ??, ??, ???????????????????,????????????????? ???????????????????????????????,Oracle??????????????????????Oracle???Oracle????????????? l   ??????????,???????????????——Oracle ???? eVerge Group, Certus Solutions, Presence of IT, CSolutor, Grant Thornton, ? KBACE Technologies ?????Oracle HCM Cloud ?Oracle Accelerate ????????????????????????,???????????????????,???????????????? l   ???????????????????????????——DAZ, Inc., Frontera Consulting?Inoapps ?????Oracle Financials Cloud????????????????????????? l   ?????????????????????——Capricorn Ventis, Enigen, Fellow Consulting, Solveso Interactive, CSolutor, Birchman Consulting,BPI On Demand, Business Technology Services (BizTech)? eVerge Group?????Oracle CX Cloud?????????????????????????? ??,Oracle???????????????????????????????????: l   ?????? BPI On Demand ??????????????????????Oracle Sales Cloud????? ?????????? ·          “??????????????????? ???Oracle Financials Cloud?Oracle Accelerate???? ?????????????????????????????????????????????????”–Phil Wilson, Business Development & Alliances,Inoapps ·          “KBACE?Oracle Accelerate???????KBACE ????????????????????????????????????????KBACE? Oracle Accelerate????,??Oracle HCM???,????????????????????”–Mike Peterson, President & COO, KBACE Technologies ·          “???????Oracle Financials Cloud,??????????????????????????????????????????????Oracle Accelerate????,????????????????????”—Deborah Arnold, President, DAZ Systems, Inc. ·          “????????????Oracle ERP Cloud????Oracle Accelerate?????????????????” - Sean Moore, Principal. C3Biz ·          “????,????Oracle HCM????????????????????????????eVerge Group??Oracle HCM????Oracle Accelerate???????????????????????” - John Peketz, Vice President, Marketing, eVerge Group

    Read the article

  • Spring Security: session expiration without redirect to expired-url?

    - by Kdeveloper
    I'm using Spring Security 3.0.2 form based authentication. But I can't figure out how I can configure it so that when a session expires that the request is not redirect to an other page (expired-url) or displays a 'session expires' message. I don't want any redirect or messages, I want that a anonymous session is started just like when a user without a session enters the website. My current configuration: <http> <intercept-url pattern="/login.action*" filters="none"/> <intercept-url pattern="/admin/**" access="ROLE_ADMIN" /> <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/> <form-login login-page="/login.action" authentication-failure-url="/login.action?error=failed" login-processing-url="/login-handler.action"/> <logout logout-url="/logoff-execute.action" logout-success-url="/logoff.action?done=1"/> <remember-me key="remember-me-security" services-ref="rememberMeServices"/> <session-management > <concurrency-control max-sessions="1" error-if-maximum-exceeded="false" expired-url="/login.action?error=expired.url"/> </session-management> </http>

    Read the article

  • How do I use a custom authentication mechanism for a Java web application with Spring Security?

    - by Adam
    Hi, I'm working on a project to convert an existing Java web application to use Spring Web MVC. As a part of this I will migrate the existing log-on/log-off mechanism to use Spring Security. The idea at this stage is to replicate the existing functionality and replace only the web layer, leaving the service classes and objects in place. The required functionality is simple. Access is controlled to URLs and to access certain pages the user must log on. Authentication is performed with a simple username and password along with an extra static piece of information that comes from the login page. There is no notion of a role: once a user has logged on they have access to all of the pages. Behind the scenes, the service layer has a class with a simple authentication method: doAuthenticate(String username, String password, String info) throws ServiceException An exception is thrown if the login fails. I'd like to leave this existing service object that does the authentication intact but to "plug it into" the Spring Security mechanism. Can somebody suggest the best approach to take for this please? Naturally, I'd like to take the path of least resistance and leave the work where possible to Spring... Thanks in advance, Adam.

    Read the article

  • Are there any security issues to avoid when providing a email-or-username-can-act-as-username login

    - by Tchalvak
    I am in the process of moving from a "username/password" system to one that uses email for login. I don't think that there's any horrible problem with allowing either email or username for login, and I remember seeing sites that I consider somewhat respectable doing it as well, but I'd like to be aware of any major security flaws that I may be introducing. More specifically, here is the pertinent function (the query_row function parameterizes the sql). function authenticate($p_user, $p_pass) { $user = (string)$p_user; $pass = (string)$p_pass; $returnValue = false; if ($user != '' && $pass != '') { // Allow login via username or email. $sql = "SELECT account_id, account_identity, uname, player_id FROM accounts join account_players on account_id=_account_id join players on player_id = _player_id WHERE lower(account_identity) = lower(:login) OR lower(uname) = lower(:login) AND phash = crypt(:pass, phash)"; $returnValue = query_row($sql, array(':login'=>$user, ':pass'=>$pass)); } return $returnValue; } Notably, I have added the WHERE lower(account_identity) = lower(:login) OR lower(uname) = lower(:login) ...etc section to allow graceful backwards compatibility for users who won't be used to using their email for the login procedure. I'm not completely sure that that OR is safe, though. Are there some ways that I should tighten the security of the php code above?

    Read the article

  • Are there any security issues to avoid when providing a either-email-or-username-can-act-as-username

    - by Tchalvak
    I am in the process of moving from a "username/password" system to one that uses email for login. I don't think that there's any horrible problem with allowing either email or username for login, and I remember seeing sites that I consider somewhat respectable doing it as well, but I'd like to be aware of any major security flaws that I may be introducing. More specifically, here is the pertinent function (the query_row function parameterizes the sql). function authenticate($p_user, $p_pass) { $user = (string)$p_user; $pass = (string)$p_pass; $returnValue = false; if ($user != '' && $pass != '') { // Allow login via username or email. $sql = "SELECT account_id, account_identity, uname, player_id FROM accounts join account_players on account_id=_account_id join players on player_id = _player_id WHERE lower(account_identity) = lower(:login) OR lower(uname) = lower(:login) AND phash = crypt(:pass, phash)"; $returnValue = query_row($sql, array(':login'=>$user, ':pass'=>$pass)); } return $returnValue; } Notably, I have added the WHERE lower(account_identity) = lower(:login) OR lower(uname) = lower(:login) ...etc section to allow graceful backwards compatibility for users who won't be used to using their email for the login procedure. I'm not completely sure that that OR is safe, though. Are there some ways that I should tighten the security of the php code above?

    Read the article

  • ASP.NET WebAPI Security 5: JavaScript Clients

    - by Your DisplayName here!
    All samples I showed in my last post were in C#. Christian contributed another client sample in some strange language that is supposed to work well in browsers ;) JavaScript client scenarios There are two fundamental scenarios when it comes to JavaScript clients. The most common is probably that the JS code is originating from the same web application that also contains the web APIs. Think a web page that does some AJAX style callbacks to an API that belongs to that web app – Validation, data access etc. come to mind. Single page apps often fall in that category. The good news here is that this scenario just works. The typical course of events is that the user first logs on to the web application – which will result in an authentication cookie of some sort. That cookie will get round-tripped with your AJAX calls and ASP.NET does its magic to establish a client identity context. Since WebAPI inherits the security context from its (web) host, the client identity is also available here. The other fundamental scenario is JavaScript code *not* running in the context of the WebAPI hosting application. This is more or less just like a normal desktop client – either running in the browser, or if you think of Windows 8 Metro style apps as “real” desktop apps. In that scenario we do exactly the same as the samples did in my last post – obtain a token, then use it to call the service. Obtaining a token from IdentityServer’s resource owner credential OAuth2 endpoint could look like this: thinktectureIdentityModel.BrokeredAuthentication = function (stsEndpointAddress, scope) {     this.stsEndpointAddress = stsEndpointAddress;     this.scope = scope; }; thinktectureIdentityModel.BrokeredAuthentication.prototype = function () {     getIdpToken = function (un, pw, callback) {         $.ajax({             type: 'POST',             cache: false,             url: this.stsEndpointAddress,             data: { grant_type: "password", username: un, password: pw, scope: this.scope },             success: function (result) {                 callback(result.access_token);             },             error: function (error) {                 if (error.status == 401) {                     alert('Unauthorized');                 }                 else {                     alert('Error calling STS: ' + error.responseText);                 }             }         });     };     createAuthenticationHeader = function (token) {         var tok = 'IdSrv ' + token;         return tok;     };     return {         getIdpToken: getIdpToken,         createAuthenticationHeader: createAuthenticationHeader     }; } (); Calling the service with the requested token could look like this: function getIdentityClaimsFromService() {     authHeader = authN.createAuthenticationHeader(token);     $.ajax({         type: 'GET',         cache: false,         url: serviceEndpoint,         beforeSend: function (req) {             req.setRequestHeader('Authorization', authHeader);         },         success: function (result) {              $.each(result.Claims, function (key, val) {                 $('#claims').append($('<li>' + val.Value + '</li>'))             });         },         error: function (error) {             alert('Error: ' + error.responseText);         }     }); I updated the github repository, you can can play around with the code yourself.

    Read the article

  • How to find domain registrar and DNS hosting with good DNSSEC support?

    - by rsp
    Simplified problem I want to buy a domain and make a website that is fully secured with DNSSEC. Background I've been hearing about the insecurity of DNS for years. I've watched all of the talks by Dan Kaminsky and others from DNS exploits to The future of DNS Security Panel. I knew that using DNS without security is a disaster waiting to happen. I followed the development of the DNSSEC standard. I celebrated the key signing ceremony. Everything was on the right track to finally have a secure DNS system in place. And now more than 2 years later I wanted to just do what everyone said I should do: use DNSSEC for a new domain. So I need a domain registrar and a DNS hosting service that supports DNSSEC. Surprisingly it is not that easy to even find out who does support DNSSEC. It was actually much easier to find info on DNSSEC two years ago when everyone was going to support DNSSEC Real Soon Now but now years passed and I hardly see any progress done. I just hope that I was just looking in the wrong places and someone here will explain all of the doubts. I hope that other people who want to have a secure website will also find this question useful. What is needed registrar and DNS servers with full DNSSEC support for .com domains What is not needed IPv6 support Web hosting anything more What I found out so far Go Daddy offers Premium DNS service for additional $36 per year that lets you "Secure up to 5 domains with DNSSEC". easyDNS has DNSSEC available in Beta across all service levels (you need to enable the "beta" flag in configuration) but it doesn't seem to be production ready and judging from the lack of updates it isn't a feature of highest priority (the last update from March 2011 on the easyDNS blog). Name.com - according to The Register (US domain registrar does IPv6, DNSSEC) it has DNSSEC support since 2010 but right now (October 2012) I couldn't find anything related to DNSSEC on their website. Dynadot that is very often recommended doesn't support DNSSEC Namecheap that is also often recommended doesn't support DNSSEC. The support answer from 2011 suggested that it was being added but in 2012 still no ETA is given to customers. DynDNS was supposed to support DNSSEC, I found a link explaining DNSSEC support but it gives 404 Not Found page and offers a search box - when searching for DNSSEC I get "No results were found for your query." GKG was recommended online for DNSSEC support but it's hard to find any information on the level of DNSSEC support - there is a brief explanation on what is DNSSEC and how to sign Delegation Signer records in their FAQ but no information about the level of actual support can be found. Ask Slashdot: Which Registrars Support DNSSEC? from July 2011 - Answers list Go Daddy, DynDNS, GKG, Name.com as registrars that support DNSSEC but: see above. Related questions How to find web hosting that meets my requirements? What is needed to add DNSSEC to my site? DNS hosting better managed by Domain provider or Hosting provider? Registrar with good security, DNS hosting, and DNSSEC and IPv6 resolvers? In no. 1 no one is ever mentioning DNS at all. In no. 2 answers only mention the .se TLD, there are very few answers and they seem very outdated. In no. 3 one answer says "On projects that demand higher security, I might look for a web host that supports DNSSEC" but no more information is provided. The only relevant answers are in no. 4 where easyDNS is recommended by someone who has never used them personally. Meanwhile, as of October 2012, the support of DNSSEC is described as "in beta" on the easyDNS feature list. Another one recommends SiteGround but searching their site for DNSSEC returns no results. Other answers recommend web hosting providers that don't meet the requirement of DNSSEC support. Also the question mentioned above lists 9 very specific requirements other than only DNSSEC (like eg. HTTP-only login cookies, two-factor authentications, no DNS record limits, DNS statistics of queries/day, audit trails etc.) which might have excluded many possible recommendations if one is only interested in DNSSEC support. Conclusions I thought that by the end of 2012 the support of DNSSEC among domain registrars and DNS providers would be nearly universal. I am shocked that the support seems virtually nonexistent. Is this a result of some serious problems with the DNSSEC adoption? Or is it just not a hot topic and no one bothers anymore? According to the DNSSEC Scoreboard roughly about 0.1% of .com domains support DNSSEC. Could that be caused by the lack of DNSSEC support among registrars and DNS providers, is the information too hard to find or maybe no one cares? There is even no "dnssec" tag here. Questions The information is surprisingly hard to find. That is why I am asking for first-hand experience and personal recommendations. Has anyone here actually set up a website with DNSSEC, from the domain registration to the configuration of DNS servers? Can anyone recommend any of the registrars mentioned above? Can anyone recommend any registrar not mentioned above?

    Read the article

  • Take Advantage of Oracle's Ongoing Assurance Effort!

    - by eric.maurice
    Hi, this is Eric Maurice again! A few years ago, I posted a blog entry, which discussed the psychology of patching. The point of this blog entry was that a natural tendency existed for systems and database administrators to be reluctant to apply patches, even security patches, because of the fear of "breaking" the system. Unfortunately, this belief in the principle "if it ain't broke, don't fix it!" creates significant risks for organizations. Running systems without applying the proper security patches can greatly compromise the security posture of the organization because the security controls available in the affected system may be compromised as a result of the existence of the unfixed vulnerabilities. As a result, Oracle continues to strongly recommend that customers apply all security fixes as soon as possible. Most recently, I have had a number of conversations with customers who questioned the need to upgrade their highly stable but otherwise unsupported Oracle systems. These customers wanted to know more about the kind of security risks they were exposed to, by running obsolete versions of Oracle software. As per Oracle Support Policies, Critical Patch Updates are produced for currently supported products. In other words, Critical Patch Updates are not created by Oracle for product versions that are no longer covered under the Premier Support or Extended Support phases of the Lifetime Support Policy. One statement used in each Critical Patch Update Advisory is particularly important: "We recommend that customers upgrade to a supported version of Oracle products in order to obtain patches. Unsupported products, releases and versions are not tested for the presence of vulnerabilities addressed by this Critical Patch Update. However, it is likely that earlier versions of affected releases are also affected by these vulnerabilities." The purpose of this warning is to inform Oracle customers that a number of the vulnerabilities fixed in each Critical Patch Update may affect older versions of a specific product line. In other words, each Critical Patch Update provides a number of fixes for currently supported versions of a given product line (this information is listed for each bug in the Risk Matrices of the Critical Patch Update Advisory), but the unsupported versions in the same product line, while they may be affected by the vulnerabilities, will not receive the fixes, and are therefore vulnerable to attacks. The risk assumed by organizations wishing to remain on unsupported versions is amplified by the behavior of malicious hackers, who typically will attempt to, and sometimes succeed in, reverse-engineering the content of vendors' security fixes. As a result, it is not uncommon for exploits to be published soon after Oracle discloses vulnerabilities with the release of a Critical Patch Update or Security Alert. Let's consider now the nature of the vulnerabilities that may exist in obsolete versions of Oracle software. A number of severe vulnerabilities have been fixed by Oracle over the years. While Oracle does not test unsupported products, releases and versions for the presence of vulnerabilities addressed by each Critical Patch Update, it should be assumed that a number of the vulnerabilities fixed with the Critical Patch Update program do exist in unsupported versions (regardless of the product considered). The most severe vulnerabilities fixed in past Critical Patch Updates may result in full compromise of the targeted systems, down to the OS level, by remote and unauthenticated users (these vulnerabilities receive a CVSS Base Score of 10.0) or almost as critically, may result in the compromise of the affected systems (without compromising the underlying OS) by a remote and unauthenticated users (these vulnerabilities receive a CVSS Base Score of 7.5). Such vulnerabilities may result in complete takeover of the targeted machine (for the CVSS 10.0), or may result in allowing the attacker the ability to create a denial of service against the affected system or even hijacking or stealing all the data hosted by the compromised system (for the CVSS 7.5). The bottom line is that organizations should assume the worst case: that the most critical vulnerabilities are present in their unsupported version; therefore, it is Oracle's recommendation that all organizations move to supported systems and apply security patches in a timely fashion. Organizations that currently run supported versions but may be late in their security patch release level can quickly catch up because most Critical Patch Updates are cumulative. With a few exceptions noted in Oracle's Critical Patch Update Advisory, the application of the most recent Critical Patch Update will bring these products to current security patch level and provide the organization with the best possible security posture for their patch level. Furthermore, organizations are encouraged to upgrade to most recent versions as this will greatly improve their security posture. At Oracle, our security fixing policies state that security fixes are produced for the main code line first, and as a result, our products benefit from the mistakes made in previous version(s). Our ongoing assurance effort ensures that we work diligently to fix the vulnerabilities we find, and aim at constantly improving the security posture our products provide by default. Patch sets include numerous in-depth fixes in addition to those delivered through the Critical Patch Update and, in certain instances, important security fixes require major architectural changes that can only be included in new product releases (and cannot be backported through the Critical Patch Update program). For More Information: • Mary Ann Davidson is giving a webcast interview on Oracle Software Security Assurance on February 24th. The registration link for attending this webcast is located at http://event.on24.com/r.htm?e=280304&s=1&k=6A7152F62313CA09F77EBCEEA9B6294F&partnerref=EricMblog • A blog entry discussing Oracle's practices for ensuring the quality of Critical patch Updates can be found at http://blogs.oracle.com/security/2009/07/ensuring_critical_patch_update_quality.html • The blog entry "To patch or not to patch" is located at http://blogs.oracle.com/security/2008/01/to_patch_or_not_to_patch.html • Oracle's Support Policies are located at http://www.oracle.com/us/support/policies/index.html • The Critical Patch Update & Security Alert page is located at http://www.oracle.com/technetwork/topics/security/alerts-086861.html

    Read the article

  • What is the career path for a software developer/ programmer? [closed]

    - by Lo Wai Lun
    I've been working as a programmer for a few months and I often study CCNA , CISSP for future. Besides simple coding I was working on specs, designing applications, and all those around-like things. My question is, I want to be a information / system security specialist. what's the career path I should be aiming for? Is it like working on code for the rest of my life? :) Restart my career from the network engineer ? Or do programmers make a good manager-position people ? I know it's very subjective. Thing is, lately I find myself much more into the designing/working on specs part of the development project then the coding itself. How do you see it? Would you like to go from development to information security? Would you like to work on a project with a manager that used to be a coder?

    Read the article

  • Windows Identity Foundation: How to get new security token in ASP.net

    - by Rising Star
    I'm writing an ASP.net application that uses Windows Identity Foundation. My ASP.net application uses claims-based authentication with passive redirection to a security token service. This means that when a user accesses the application, they are automatically redirected to the Security Token Service where they receive a security token which identifies them to the application. In ASP.net, security tokens are stored as cookies. I want to have something the user can click on in my application that will delete the cookie and redirect them to the Security Token Service to get a new token. In short, make it easy to log out and log in as another user. I try to delete the token-containing cookie in code, but it persists somehow. How do I remove the token so that the user can log in again and get a new token?

    Read the article

  • How will I support 100,000 requests an hour?!

    - by tylerl
    I know this question is a little strange but I got lucky with an idea and I need some numbers to use for when I try to make a deal with a company. I'm wondering how much it'll cost me to run a site that's heavy on PHP and gets between 70,000 and 100,000 requests an hour on something like Rackspace's Cloud Servers. I have no idea how many servers I need or how much RAM each one should have. There will be a decent number of images on the site (probably something like 10,000 in the first couple weeks) and the site runs on about 2,500 lines of PHP code. I figure I should sign up for a CDN of some kind, although CDN In A Box is all I've heard of and I'm not sure it's necessary for a site that's already on a cloud platform. I've obviously never done anything like this before so I'm just looking to get an estimation of what I need for this massive site... Also, I use a database and I was wondering how that works - would I dedicate one of the cloud servers to running the database or would I need to put the database into each of the cloud servers? Thanks in advance...

    Read the article

  • Why should I Use ASP.NET Membership security model?

    - by ListenToRick
    I'm updating my website at the moment and figure that if I am to update my login/security mode, now is a good time. I have looked through the Membership model which is included in ASP.NET but I'm convinced that it will provide any benefit apart from being familiar to other .NET deevlopers. There seems to be quite a lot of documentation for it, but little discussion for why its worth the effort. Can anybody shed some light upon this?

    Read the article

  • How does WCF RIA Services handle authentication/authorization/security?

    - by Edward Tanguay
    Since no one answered this question: What issues to consider when rolling your own data-backend for Silverlight / AJAX on non-ASP.NET server? Let me ask it another way: How does WCF RIA Services handle authentication/authorization/security at a low level? e.g. how does the application on the server determine that the incoming http request to change data is coming from a valid client and not from non-desirable source, e.g. a denial-of-service bot?

    Read the article

  • Adding custom filter in spring framework problem?

    - by user298768
    hello there iam trying to make a custom AuthenticationProcessingFilter to save some user data in the session after successful login here's my filter: Code: package projects.internal; import java.io.IOException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.springframework.security.Authentication; import org.springframework.security.ui.webapp.AuthenticationProcessingFilter; public class MyAuthenticationProcessingFilter extends AuthenticationProcessingFilter { protected void onSuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, Authentication authResult) throws IOException { super.onSuccessfulAuthentication(request, response, authResult); request.getSession().setAttribute("myValue", "My value is set"); } } and here's my security.xml file Code: <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"> <global-method-security pre-post-annotations="enabled"> </global-method-security> <http use-expressions="true" auto-config="false" entry-point-ref="authenticationProcessingFilterEntryPoint"> <intercept-url pattern="/" access="permitAll" /> <intercept-url pattern="/images/**" filters="none" /> <intercept-url pattern="/scripts/**" filters="none" /> <intercept-url pattern="/styles/**" filters="none" /> <intercept-url pattern="/p/login.jsp" filters="none" /> <intercept-url pattern="/p/register" filters="none" /> <intercept-url pattern="/p/**" access="isAuthenticated()" /> <form-login login-processing-url="/j_spring_security_check" login-page="/p/login.jsp" authentication-failure-url="/p/login_error.jsp" /> <logout /> </http> <authentication-manager alias="authenticationManager"> <authentication-provider> <jdbc-user-service data-source-ref="dataSource"/> </authentication-provider> </authentication-manager> <beans:bean id="authenticationProcessingFilter" class="projects.internal.MyAuthenticationProcessingFilter"> <custom-filter position="AUTHENTICATION_PROCESSING_FILTER" /> </beans:bean> <beans:bean id="authenticationProcessingFilterEntryPoint" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint"> </beans:bean> </beans:beans> it gives an error here: Code: <custom-filter position="AUTHENTICATION_PROCESSING_FILTER" /> multiple annotation found at this line:cvc-attribute.3 cvc-complex-type.4 cvc-enumeration-vaild what is the problem? thanks in advance

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 103 104 105 106 107 108 109 110 111 112 113 114  | Next Page >