Search Results

Search found 25758 results on 1031 pages for 'oracle security'.

Page 343/1031 | < Previous Page | 339 340 341 342 343 344 345 346 347 348 349 350 | Next Page >

Need suggestions on how to create a website with an encrypted database.

- by SFx

Hi guys, I want to create a website where a user enters content (say a couple of sentences) which eventually gets stored in a backend database (maybe MySQL). But before the content leaves the client side, I want it to get encrypted using something on client like maybe javascript. The data will travel over the web encrypted, but more importantly, will also be permanently stored in the backend database encrypted. Is JavaScript appropriate to use for this? Would 256 bit encryption take too long? Also, how do you query an encrypted database later on if you want to pull down the content that a user may have submitted over the past 2 months? I'm looking for tips, suggestions and any pointers you guys may have in how to go about learning about and accomplishing this. Thanks!

Read the article
Build in better usability with UX Direct

- by JuergenKress

The Oracle Applications User Experience team has created a program called Oracle UX Direct to provide customers, partners, and consultants in the enterprise industry with design best-practices and tools that they can leverage to make their enterprise implementations more successful. Read the Voice of User Experience, or VoX, blog to learn more about why the program was created, and visit the UX Direct web site to find out how to introduce design thinking during the implementation stage. Create a solution that best fits the needs of users from the beginning. Read more about UX Direct on VoX. SOA & BPM Partner Community For regular information on Oracle SOA Suite become a member in the SOA & BPM Partner Community for registration please visit www.oracle.com/goto/emea/soa (OPN account required) If you need support with your account please contact the Oracle Partner Business Center. Blog Twitter LinkedIn Facebook Wiki Mix Forum Technorati Tags: UX,SOA Community,Oracle SOA,Oracle BPM,Community,OPN,Jürgen Kress

Read the article
Get phone number of (via mobile networks) browsing mobile device

- by TrialUser

I recently figured out, that the web site of my phone provider (mobile) mysteriously identifies me and automatically logs me into my account when I'm accessing with my android phone, as if it knew my phone number. (I used several browsers. When I'm using the phone as WLAN hotspot and access the same site from another device that doesn't happen.) How does my phone provider do that? On the one hand, as a programmer, I'd like to be able to do that too, but on the other hand, as a user, I'm kind of scared. What information do they have, such that they (believe they) are able to identify me just by my device? I hope this question isn't completely inappropriate for this site; feel free to add better tags — it's hard to find the right ones without knowing the Webmasters site at all.

Read the article
Announcement Ramp-Up Days

- by michaela.seika(at)oracle.com

We are glad to announce a new training format: Ramp-Up Days to support some of the most preferred specializtion topics (e. g.: Oracle DB11g Implementation Specialist and Oracle DB 11g RAC Implementation Specialists) It is a one day trainer-led course on one Oracle Specialization topic. The course takes place at an Oracle Partner with a Pearson Vue Testcenter nearby. Partners can do their assessment by the end of the training and walk home as implementation specialist the very same day. Please have a look to our schedule for Ramp-Up Day so far (more to come): Ramp-Up Days in Germany & SwitzerlandRamp-Up Days in Italy

Read the article
Public Cloud, co-location and managed services ... what is the cloud?

- by llaszews

Recently I have had conversation with a number of people that are selling and implementing 'cloud' solutions. I put cloud in quotes as implementations like co-location (aka co-lo) and managed services (sometimes referred to as 'your mess for less') have become popular options for companies moving to the cloud. These are obviously not pure public cloud offerings and probably more of hybrid cloud implementations as the infrastructure (PasS and IaaS)is dedicated to a specific customer. This eliminates the security, multi-tenancy, performance and other concerns that companies have regarding public cloud. Are co-location and managed services cloud to you? Are they something your company is considering when you think about cloud ?

Read the article
Basic Ubuntu FTP Server

- by JPrescottSanders

I would like to setup a basic FTP server on my Ubuntu Server install. I have been playing with VSFTPD, but am having issues getting the server to allow me to create directories and copy files. I have set the system to allow local users, but it appears that doesn't mean I get access to create directories. This may be an instance where I need to be better grounded in Unbuntu server setup in order to configure this FTP server adequately. The end goal is to be able to move files from my local dev folder into my www folder for deployment. Directories need to be able to move as well. Any help would be greatly appreciated.

Read the article
Avoid SQL Injection with Parameters

- by simonsabin

The best way to avoid SQL Injection is with parameters. With parameters you can’t get SQL Injection. You only get SQL Injection where you are building a SQL statement by concatenating your parameter values in with your SQL statement. Annoyingly many TSQL statements don’t take parameters, CREATE DATABASE for instance, or really annoyingly ALTER USER. In these situations you have to rely on using QUOTENAME or REPLACE to avoid SQL Injection. (Kimberly Tripp takes about this in her recent blog post Little...(read more)

Read the article
Iterating selected rows in an ADF Faces table

- by Frank Nimphius

In OTN Harvest May 2012; http://www.oracle.com/technetwork/developer-tools/adf/learnmore/may2012-otn-harvest-1652358.pdf I wrote about "Common mistake when iterating <af:table> rows". In this entry I showed code to access the row associated with a selected table row from the binding layer to avoid the problem of having to programmatically change the selected table row. As it turns out, my solution only worked fro selected table rows that are in the current iterator query range. So here's a solution that works for all ranges public String onButtonPress() { RowKeySet rks = table.getSelectedRowKeys(); Iterator it = rks.iterator(); while (it.hasNext()) { List selectedRowKeyPath = (List)it.next(); //table is the JSF component reference created using the table's binding //property Row row = ((JUCtrlHierNodeBinding)table.getRowData(selectedRowKeyPath)).getRow(); System.out.println("Print Test: " + row.getAttribute(1)); } return null; }

Read the article
How to create a restricted SSH user for port forwarding?

- by Lekensteyn

ændrük suggested a reverse connection for getting an easy SSH connection with someone else (for remote help). For that to work, an additional user is needed to accept the connection. This user needs to be able to forward his port through the server (the server acts as proxy). How do I create a restricted user that can do nothing more than the above described? The new user must not be able to: execute shell commands access files or upload files to the server use the server as proxy (e.g. webproxy) access local services which were otherwise not publicly accessible due to a firewall kill the server Summarized, how do I create a restricted SSH user which is only able to connect to the SSH server without privileges, so I can connect through that connection with his computer?

Read the article
Neue Spezialisierung, neues Glück!

- by A&C Redaktion

Spektakuläre News aus der Welt der Spezialisierungen: Das Oracle PartnerNetwork (OPN) bietet künftig eine Spezialisierung für Oracle Spatial. Bekannt gegeben wurde dies kürzlich auf der Location Intelligence and Oracle Spatial User Conference 2012 in Washington. Bei Oracle Spacial handelt es sich um eine besondere Option für die Oracle Database 11g Enterprise Edition. Sie bietet neuartige Möglichkeiten zur Unterstützung von räumlichen Applikationen, location-based Services und raumbezogenen Informationssystemen in Unternehmen. Konkret dient die Anwendung z. B. dazu, geographische Daten innerhalb der Datenbank zu managen. Die Möglichkeiten reichen vom automatisierten Erstellen von Karten über Facilities-Management bis hin zum Geopraphic Information System (GIS). Die Kriterien für diese besondere Spezialisierung finden sie auf der Webseite Oracle Spatial 11g Specialization Criteria. Oracle Spacial ist nur eine unter vielen möglichen Spezialisierungen, mit denen Partner offiziell zu anerkannten und ausgezeichneten Experten werden können. Einen Überblick über die Vorteile der Spezialisierung und die Wege dorthin finden Sie hier.Und dies ist der Link auf unsere deutsche Broschüre.

Read the article
Java EE@Princeton Java Meetup

- by reza_rahman

On November 28th, I spoke at the Princeton Java Meetup Group. It's a well-organized group led by veteran Java champion Yakov Fain - I have spoken there numerous times. I did my Java EE 6 DDD talk (the same one from Java2Days 2012). Domain Driven Design with Java EE 6 from Reza Rahman The code examples are available here: https://blogs.oracle.com/reza/resource/dddsample.zip. Give me a shout if you would like to get it up and running. The talk went very well -- the official RSVP shows 33 attended. I gave away a few GlassFish T-shirts, laptop stickers and Arun Gupta's Java EE 6 pocket guide. More details on the talk here. I most certainly look forward to speaking there again.

Read the article
What should a developer know before building a public web site?

- by Joel Coehoorn

What things should a programmer implementing the technical details of a web site address before making the site public? If Jeff Atwood can forget about HttpOnly cookies, sitemaps, and cross-site request forgeries all in the same site, what important thing could I be forgetting as well? I'm thinking about this from a web developer's perspective, such that someone else is creating the actual design and content for the site. So while usability and content may be more important than the platform, you the programmer have little say in that. What you do need to worry about is that your implementation of the platform is stable, performs well, is secure, and meets any other business goals (like not cost too much, take too long to build, and rank as well with Google as the content supports). Think of this from the perspective of a developer who's done some work for intranet-type applications in a fairly trusted environment, and is about to have his first shot and putting out a potentially popular site for the entire big bad world wide web. Also: I'm looking for something more specific than just a vague "web standards" response. I mean, HTML, JavaScript, and CSS over HTTP are pretty much a given, especially when I've already specified that you're a professional web developer. So going beyond that, Which standards? In what circumstances, and why? Provide a link to the standard's specification. This question is community wiki, so please feel free to edit that answer to add links to good articles that will help explain or teach each particular point. To search in only the answers from this question, use the inquestion:this option.

Read the article
Disadvantages of a fake phpMyAdmin honeypot that causes ip blacklisting and robots.txt disallow/exclusion of the honeypot?

- by Tchalvak

I'm trying to figure out whether I should set up a honeypot system with a fake phpMyAdmin (site gets hits all the time with people spidering for insecurities with that app). My thought was to create a honeypot php script that would mimic a phpMyAdmin login, and then blacklist ips that hit that url (and aren't already whitelisted). I would then add the appropriate urls to the robots.txt so that spiders that actually respect my robots.txt wouldn't be caught by the blacklist. Are there disadvantages to this approach, do legit robots sometimes not respect robots.txt in certain circumstances, are there any problems with this that I should consider in advance?

Read the article
How to backup encrypted home in encrypted form only?

- by Eric

I want to backup the encrypted home of a user who might be logged in at backup time. Which directories should I backup if I want to ensure that absolutely no plaintext data can be leaked? Are the following folders always encrypted? /home/user/.Private /home/user/.ecryptfs Just want to make sure that no data leaks, as the backup destination is untrustworthy. Edit: Yes, as Lord of Time has suggested, I'd like to know which folders and/or files I need to backup if I need to store only encrypted content in a way that allows me to recover it later with the right passphrase.

Read the article
Deny access to a folder on hosting server but serve the pages

- by Sourav

My hosting server allows to host multiple websites. The directory structure is like this root |_ www.a.com |_ www.b.com |_ www.c.com |_ www.d.com I want to put some PHP files on the www.d.com folder so if some one browse the site from web-browser can get it, but no one can get it's source code [even by loggin in to the root folder]. Is there any way to doing so ? There is a feature called Password protect folder or so, can in help in this case ?

Read the article
Winner of the 2012 Government Big Data Solutions Award

- by Jean-Pierre Dijcks

Hot off the press: The winner of the 2012 Government Big Data Solutions Aware is the National Cancer Institute!! Read all the details on CTOLabs.com. A short excerpt to wet your appetite: "... This solution, based on the Oracle Big Data Appliance with the Cloudera Distribution of Apache Hadoop (CDH), leverages capabilities available from the Big Data community today in pioneering ways that can serve a broad range of researchers. The promising approach of this solution is repeatable across many other Big Data challenges for bioinfomatics, making this approach worthy of its selection as the 2012 Government Big Data Solution Award." Read the entire post. Congrats to the entire team!!

Read the article
11/28 Webinar: How Marketers Are Crafting Customer Experiences

- by Charles Knapp

According to recent studies by Sirius Decisions and the CEB, 70% of the consumer buying journey is complete before a salesperson becomes involved. Business customers complete 57% of their buying journey without a salesperson. So, what are savvy marketers doing to stay involved in the customer journey? Marketers are at the epicenter of turning "big data" into insights that are acted upon by the company and customers. Drawing upon social, transactional, and online behavioral insights, marketers are making customer interactions easier and more rewarding. Marketers are personalizing and innovating customer connections across new channels and devices, especially for interactions that span channels. Learn more about three key innovation strategies in an informative webcast sponsored by the Internet Marketing Association, University of California Irvine Extension, and Oracle on Wednesday, November 28, 11 am to 12 pm Pacific. Register today to learn from these thought leaders.

Read the article
Solera Networks Threat Predictions for 2012, Solutions

Legitimate sites are often trusted by their visitors, which makes them a perfect target for cybercriminals. Solera lists attacks on legitimate, yet compromised sites as a growing trend for 2012 due to the increased amount of such sites containing unpatched vulnerabilities. Once compromised, hackers can use the legitimate sites to redirect unsuspecting visitors and put them in harm's way. According to Solera, malicious spam is another undesirable item that should increase in 2012. Various methods, such as email, instant messaging, attachments, malicious links, and social networks will cont...

Read the article
Microsoft Unveils New Logo

Indeed, with those four familiar colored squares - set in a bigger square rather than standing on a point in a diamond - Microsoft's new corporate logo seems almost inevitable. As you'd expect, the company's name makes up part of the logo, but instead of the thick italic letters it has used for the past two and a half decades, it's in a more standard, lighter font. Jeff Hansen, Microsoft's general manager of brand strategy, notes that the point of the new logo is to signal the heritage but also signal the future - a newness and a freshness. It's very fitting when you consider just how many...

Read the article
Felkészülni, vigyázz, kész - Blog indul!

- by user552636

Kedves Ügyfeleink! Örömmel indítom útjára támogatás témában blog-omat, mellyel célom az Oracle Support-tal kapcsolatos fontosabb tudnivalók, újdonságok ismertetése. Egyben ezen a csatornán is tájékoztatást fogok adni aktuális support szemináriumainkról, eseményeinkrol, illetve az ezeken bemutatásra kerülo anyagokat is elérhetové fogom tenni. Bízom benne, hogy hasznosnak találják majd a bejegyzéseket, híreket. Megtiszteltetés számomra, és elore is megköszönöm, ha visszajelzést adnak a felkerülo témákról. Kellemes tájékozódást! Gruhala Iza

Read the article
Drop in service for account management, authentication, identity?

- by Mike Repass

I'm building an Android app and associated set of web services for uploading/downloading data. I need a basic (no frills) solution for account management (register, login, logout, verify credentials/token). What open source / third party solutions exist for this scenario? I need: create a new account db based on a salt simple web service to create a new account simple web service to authenticate supplied credentials and return some sort of token That's it, I can get by without 'fancy' email activation or password reset for the time being. Are there off-the-shelf components for this? Should I just use a 'blank' django or rails app to get this done? Seems crazy for everyone to be doing CREATE TABLE user_accounts ... Thoughts? Thank you.

Read the article
Best Method/Library For Remote Authentication

- by Mike

I have a web app that has a REST API interface: http://api.example.com/core that uses API Keys and domain specific keys (key has to be used on the specified domain). I then will have several client sites with ajax forms where we will require users to sign in before being able to submit the form. This form will add data to a table, and submit an email to several recipients along with checking credentials. This form will use an ajax submit to our REST API. All Communication to/from the API is over SSL Ideal Flow: Visitor Fills Form Out -> Enters User/pass -> Submits Form -> ajax request to REST API -> API Verifies credentials -> does CRUD -> sends emails -> returns 200/403 -> perform DOM manipulation based on return code in ajax call Are there any libraries in PHP that currently do something to this similarly? Would OAuth be a good use for this scenario? Languages used are: js/html/css/php/MySQL

Read the article
How to deal with malicious domain redirections?

- by user359650

It is possible for anybody to buy a domain name containing negative terms and point it to someone's website in order to damage their reputation. For instance someone could buy the domain child-pornography.com and point it to the address 64.34.119.12 which is the address behind stackoverflow.com and people navigating to the domain in question would end up visualizing content from StackExchange which would be detrimental to StackExchange's image. To illustrate this, I added the entry 64.34.119.12 child-pornography.com to my /etc/hosts file and tested. Here is what I obtained: I personally found this user experience terrible as someone could think that Stack Exchange are in favor of child pornography and awaiting support from the community to create a Q&A site about it. I tested with other websites and experienced other behaviors that I would categorize as follows: 1 - Useful 404 page (happens with stackoverflow.com): For me the worst way of handling this as the image of the targeted website is directly associated with the offending domain. The more useful the 404 page, the bigger the impression that the targeted website would be willing to help with child pornography. 2 - Redirection (happens with microsoft.com): For instance when accessing child-pornography.com you get redirected to www.microsoft.com. It isn't as bad as above as the offending domain name never appears alongside the targeted website's content, but still bad in my opinion as it gives the impression the targeted website bought the offending domain and redirected it to their website to get more traffic. 3 - Server error (happens with lemonde.fr): You get an error from the webserver which page doesn't contain any content that can be associated with the targeted website (e.g. default Apache 404 page, completely blank page). I believe that is good as the identify of the targeted website isn't revealed. Above are the various behaviors I experienced, but I also thought about a fourth way of dealing with this which is described below. 4 - Disclaimer page (haven't found any website implementing that technique): Display a message such as : "You ended here because someone bought and linked the child-pornography.com domain to our website. We do not own this domain and do not associate ourselves with it. This request has been logged by our servers and we will raise this issue with the competent authorities to have this domain taken down. If you want to access our website, please click here." The good thing about this method is that it can be implemented at application layer (good if you don't have control over web server which happens with some hosting solutions), allows you to protect yourself from any liability, and offer the visitor to be redirected to your own website. Which of the above options would you implement to deal with malicious domain linking (IMO only options 3 and 4 are worth considering) ?

Read the article
How do I safely use a virus infected USB drive in Ubuntu?

- by suhridk

I have an USB drive which I know is virus infected (an anti-virus on my friend's machine detected it). Unfortunately neither of us know the virus name and I don't want to take the risk of plugging it to my Windows box again. Of course, in all probability the virus affects only Windows. (But I'm not sure) I want to know if I can safely plug the USB into my Ubuntu Lucid laptop and copy the stuff I need from the drive. If there are some precautions I need to follow what would they be?

Read the article
Did Microsoft Add Wiretapping Capability to Skype?

Ryan Gallagher, writing for Slate, put two and two together from a lot of no comments. He noted that back in 2007, German police forces said that they couldn't tap into Skype calls because of of its strong encryption and complicated peer-to-peer network connections; in fact, Skype bluntly stated at the time that, due to its encryption and architecture techniques, it couldn't conduct wiretaps. But that may have changed. Gallagher cited a Forbes article that claims the hacker community is talking about recent changes to Skype's architecture and whether they will allow users to be wiretapped. ...

Read the article

< Previous Page | 339 340 341 342 343 344 345 346 347 348 349 350 | Next Page >