Search Results

Search found 19074 results on 763 pages for 'secure government government cloud security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 62/763 | < Previous Page | 58 59 60 61 62 63 64 65 66 67 68 69  | Next Page >

  • Ubuntu Live USB: best practices for secure net traffic

    - by Och
    I want to to set up a live USB with Ubuntu, in the most secure way. So I want to have the persistent data on a second USB, something that its not that much problematic. How to configure a very safe Internet surfing (throughout a VPN?) Which are the best practices that could be implemented to have the Ubuntu live in a USB, the persistent data in other, and with the Internet access to a VPN (the Ubuntu privacy remix gives most of this, except the VPN config), Any ideas of how to combine the best of Ubuntu privacy remix, and Internet access to a VPN?

    Read the article

  • Secure Enterprise Search 11.2.2.2 Now Available for PeopleTools 8.53

    - by Matthew Haavisto
    We are pleased to announce that Oracle Secure Enterprise Search (SES) 11.2.2.2 is now available to PeopleSoft Customers on PeopleTools 8.53.  The minimum PeopleTools Patch Version Required to adopt SES 11.2.2.2 is PeopleTools 8.53.06.  This version of SES provides some important benefits for PeopleSoft Customers, particularly in the areas of platform support, distributed architecture support, and RAC support.  You can get all the details on this update on My Oracle Support.  This MOS document lists the fixes and configurations needed for PeopleTools certification of SES 11.2.2.2. For other useful information on PeopleTools and SES, see this Oracle forum.

    Read the article

  • 6 Ways To Secure Your Dropbox Account

    - by Chris Hoffman
    Dropbox is a hugely popular cloud storage service beloved by many. Unfortunately, it’s had a history of security problems, ranging from compromised accounts to once allowing access to every Dropbox account without requiring a password for several hours. If you’re using Dropbox, there are a variety of ways you can secure your account against unauthorized access and protect your files even if someone does gain access to your account. Why Does 64-Bit Windows Need a Separate “Program Files (x86)” Folder? Why Your Android Phone Isn’t Getting Operating System Updates and What You Can Do About It How To Delete, Move, or Rename Locked Files in Windows

    Read the article

  • Options for secure git -repo hosting?

    - by hhh
    I need a secure git -repo host, either by third-party or by myself. I am not sure how so outlining some ideas. Please, answer how you manage git -repos securely -- do you use some service or do you use only your 'legs' -approach? Afaik Bitbucket.org and Github.com are missing Gmail -style second-verification. Now I need this kind of login-system with password and mobile-phone to access the administration things in the git -hosting or ability to disable this kind of access without private -key. Host it oneself (not sure about details) other? Perhaps related http://stackoverflow.com/questions/11007679/how-can-i-host-git-repositories-and-manage-my-content-hosting-myself

    Read the article

  • Create secure working environment on USB stick

    - by Chris
    I want to create an usb stick which contains an ubuntu installation that: can be used as a working environment (Covered in: How do I install Ubuntu to a USB key?) - ie the ubuntu installation on the stick must provide an accessible home folder. Is completely encrypted. I intend to use it as a secure environment to work on sensitive customer data - and also need the system on the stick to be able to connect to the internet. How do I realize the complete usb stick encryption? I am also very thankfull for any further articles and ideas on this topic!

    Read the article

  • How to make safe and secure forms in asp.net MVC 3

    - by anirudha
    the asp.net application need all kind of security. unsecure forms may be influence by XSS [cross site scripting] there is some way to solve these type of problem in MVC. first sollution is that use <%= Html.AntiForgeryToken() %> for make secure from cross site scripting. it’s work by machine key in MVC. well you can valid them whenever you got respond from client. you can apply by this attribute on action you give the response behalf of form submission [ValidateAntiForgeryToken] you can secondly use authorize attribute where you can make own definition of authorize attribute in asp.net mvc for more info read david’s post well I am use my own custom attribute who use a different type of authorization :- the who controller use a attribute I put their and the attribute I put their have a logic and logic check the cookie in request who make sure that request they got from user.

    Read the article

  • Secure Web Apps from SQL Injection in ASP.Net

    In the first part of this two-part series you learned how SQL injection works in ASP.NET 3.5 using a MS SQL database. You were also shown with a real web application which was not secure against SQL injection attacks how these attacks can be used by the hacker to delete sensitive information from your website such as database tables. In this part you will learn how to start securing your web applications so they will not be vulnerable to these kinds of exploits. A complete corrected example of the insecure web application will be provided at the end of this tutorial.... ALM Software Solution ? Try it live! Requirements Management, Project Planning, Implementation Tracking & QA Testing.

    Read the article

  • How do I secure a Tomcat installation?

    - by spangeman
    I have installed tomcat on my Ubuntu Home 11.10 system and can successfully access the test page online after port forwarding on 8080 within my router. I have not made any other changes to the router, Ubuntu or the tomcat install, everything else has remained standard. I intend on using this to play around with Java Servlets and basic web development for my own personal use. What steps, if any, would you suggest I take to ensure this is secure? Should I change anything within the Tomcat configuration? This seemed like a good idea to limit access - http://www.seankilleen.com/2010/09/how-to-allow-only-specific-ip-addresses_30.html But I am open to any other recommendations.

    Read the article

  • How secure is KeePassX?

    - by Uli
    I have hundreds of passwords, since I use a different random one for each website/service. They are all generated & stored with KeePassX, which can be synced to different computers and my android phone via dropbox (or ubuntuone). I know the database of KeePassX is secure (at least with a good passphrase). But what about when I am copying the password into the clipboard (where it is stored for 5 seconds)? Can any program running in user-space access the clipboard and store the password? If so, how big of a security risk is this?

    Read the article

  • Facebook Connect - Security Warning

    - by Skoder
    Hey all, I'm using Facebook connect using FBML tags. Although it works, when I run the site in Internet Explorer, a security warning comes up similar to this: The current webpage is trying to open a site in your Trusted sites list. Do you want to allow this? Current site: http://www.facebook.com Trusted site: http://localhost" My Facebook code involves these two: http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php http://static.ak.connect.facebook.com/js/api_lib/v0.4/XdCommReceiver.js I tried changing them to HTTPS: https://ssl.connect... but the errors still appear. None of my pages use SSL. I've also tried turning facebook-logo='false' but still no luck. Any ideas on how to fix this? Although it's not show-stopping, it doesn't give a good impression to users who may be feel it insecure. Thanks

    Read the article

  • Flash CS4 AS3 Security Sandbox Violation

    - by Jennifer Heidelberg
    Hi, I have build my entire website with flash and embedded several swf objects (slideshows) into it. everything always worked fine when I published it as swf movie. but now that I want to upload my website an error message occurs saying: Error #2044: Unhandled SecurityErrorEvent:. text=Error #2140: Security sandbox violation: file:///mylayout.swf cannot load file:///slideshow_1.swf. Local-with-filesystem and local-with-networking SWF files cannot load each other. I know that it has something to do with the fact that one of the swf is local with filesystem and the other local with networking. but in my publish settings i told it to access local files only. but it didnt help. does anyone have an answer?

    Read the article

  • How to tell whether Code Access Security is allowed in library code

    - by Sander Rijken
    In .NET 4 Code Access Security (CAS) is deprecated. Whenever you call a method that implicitly uses it, it fails with a NotSupportedException, that can be resolved with a configuration switch that makes it fall back to the old behavior. We have a common library that's used in both .NET 3.5 and .NET 4, so we need to be able to tell whether or not we should use the CAS method. For example, in .NET 3.5 I should call: Assembly.Load(string, Evidence); Whereas in .NET 4 I want to call Assembly.Load(string); Calling Load(string, Evidence) throws a NotSupportedException. Of course this works, but I'd like to know if there's a better method: try { asm = Assembly.Load(someString, someEvidence); } catch(NotSupportedException) { asm = Assembly.Load(someString); }

    Read the article

  • How to tell wether Code Access Security is allowed in library code

    - by Sander Rijken
    in .NET 4 Code Access Security (CAS) is deprecated. Whenever you call a method that implicitly uses it, it fails with a NotSupportedException, that can be resolved with a configuration switch that makes it fall back to the old behavior. We have a common library that's used in both .NET 3.5 and .NET 4, so we need to be able to tell wether or not we should use the CAS method. For example, in .NET 3.5 I should call: Assembly.Load(string, Evidence); Whereas in .NET 4 I want to call Assembly.Load(string); Calling Load(string, Evidence) throws a NotSupportedException. Ofcourse this works, but I'd like to know if there's a better method: try { asm = Assembly.Load(someString, someEvidence); } catch(NotSupportedException) { asm = Assembly.Load(someString); }

    Read the article

  • Visual Studio / Visual Source Safe / Integrated Security / IIS 7

    - by Jason
    Using Visual Source Safe with IIS integration (the working dir is the IIS site) Visual Studio, pointed to the IIS site would load up the Web project. It would be under VSS control (have to check out files, etc). Recently, we had to switch to Integrated Security for our database connections from the web app. This means changing the impersonation of the IIS app pool (and anon authentication) to the impersonated account. Since I did this -- my project loads in Visual Studio, but it acts as if I'm not me, and the files aren't under source control anymore. I'm going to assume it's something with the pass-through from IIS to the VSS (as if you'll remember you had to add IIS_USERS to the VSS list of users). Even trying to add the impersonated account didn't work. Any ideas?

    Read the article

  • How to inherit from DataAnnotations.ValidationAttribute (it appears SecureCritical under Visual Stud

    - by codetuner
    Hi, I have an [AllowPartiallyTrustedCallers] class library containing subtypes of the System.DataAnnotations.ValidationAttribute. The library is used on contract types of WCF services. In .NET 2/3.5, this worked fine. Since .NET 4.0 however, running a client of the service in the Visual Studio debugger results in the exception "Inheritance security rules violated by type: '(my subtype of ValidationAttribute)'. Derived types must either match the security accessibility of the base type or be less accessible." (System.TypeLoadException) The error appears to occure only when all of the following conditions are met: a subclass of ValidationAttribute is in an AllowPartiallyTrustedCallers assembly reflection is used to check for the attribute the Visual Studio hosting process is enabled (checkbox on Project properties, Debug tab) So basically, in Visual Studio.NET 2010: create a new Console project, add a reference to "System.ComponentModel.DataAnnotations" 4.0.0.0, write the following code: . using System; [assembly: System.Security.AllowPartiallyTrustedCallers()] namespace TestingVaidationAttributeSecurity { public class MyValidationAttribute : System.ComponentModel.DataAnnotations.ValidationAttribute { } [MyValidation] public class FooBar { } class Program { static void Main(string[] args) { Console.WriteLine("ValidationAttribute IsCritical: {0}", typeof(System.ComponentModel.DataAnnotations.ValidationAttribute).IsSecurityCritical); FooBar fb = new FooBar(); fb.GetType().GetCustomAttributes(true); Console.WriteLine("Press enter to end."); Console.ReadLine(); } } } Press F5 and you get the exception ! Press Ctrl-F5 (start without debugging), and it all works fine without exception... The strange thing is that the ValidationAttribute will or will not be securitycritical depending on the way you run the program (F5 or Ctrl+F5). As illustrated by the Console.WriteLine in the above code. But then again, this appear to happen with other attributes (and types?) too. Now the questions... Why do I have this behaviour when inheriting from ValidationAttribute, but not when inheriting from System.Attribute ? (Using Reflector I don't find special settings on the ValidationAttribute class or it's assembly) And what can I do to solve this ? How can I keep MyValidationAttribute inheriting from ValidationAttribute in an AllowPartiallyTrustedCallers assembly without marking it SecurityCritical, still using the new .NET 4 level 2 security model and still have it work using the VS.NET debug host (or other hosts) ?? Thanks a lot! Rudi

    Read the article

  • Spring-Security with X509?

    - by jschoen
    I am new to spring-security in general and am a bit confused. The project I am trying to integrate this with uses X509 certificates to identify users for signing in to the application. There are no usernames or passwords. We validate the certificates are good, and that they have been given access to our app. The question is how do I integrate spring in to this to get their roles using the X509 certificates? I have seen this: <http> ... <x509 subject-principal-regex="CN=(.*?)," user-service-ref="userService"/> ... </http> But I don't understand how this works. Will it still require something for a password? Or is the subject all it needs?

    Read the article

  • Spring security custom principal bean

    - by wuntee
    I have a web application that is set up to use the default ldap server/authentication manager/authentication provider/user service. I have another DAO that already does majority of the work that those do (besides the authenticating a user) using Spring-LDAP. My problem is that I want the principal to be of my own custom bean class. What is the simplest way to do this? Initially I was thinking to create a custom authentication provider, but since the default one does exactly what I want, there doesnt seem to be a need. I am thinking I just need to override whatever object actually returns the Principal bean. Is this possible, and able to be injected into the security ldap authenticator context?

    Read the article

  • security issue of Linux sudo command?

    - by George2
    Hello everyone, 1. I am using Red Hat Enterprise 5 Linux box. I find if a user is in /etc/sudoers file, then if the user run command with sudo, the user will run this command with root privilege (without knowing root password, the user runs sudo only need to input the user's own password in order to run a command with sudo). Is that correct understanding? 2. If yes, then is it a security hole? Since users other than root could run with root privilege? thanks in advance, George

    Read the article

  • Security flaw in this code approach

    - by Alec Smart
    Hello, Am wondering if there would be any security flaw in this approach. I am writing a piece of code which allows users to upload files and another set to download those files. These files can be anything. User uploads the file (any file including .php files), it is renamed to an md5 hash (extension removed) and stored on server. A corresponding mySQL entry is made. The user trying to download the file, uses say download.php to download the file where the md5 file is sent (with the original name). Is there someway in which anyone can exploit the above scenario?

    Read the article

  • Image Uploading - security issues

    - by TenaciousImpy
    Hi, I'm developing an ASP.NET Web app and would like the user to be able to either upload an image from their local system, or pass in a URL to an image. The image can either be a JPG or PNG. What security issues should I be concerned about doing this? I've seen various ways of embedding code within JPG files. Are there any methods in C# (or external libraries) which can confirm that a file is a JPG/PNG, otherwise throw an error? At the very least, I'm making the directory which holds uploaded images non-browsable and putting a max size limit of 1mb, but I'd like to implement further checks. Thanks for any advice.

    Read the article

  • Methods for ensuring security between users in multi-user applications

    - by Emilio
    I'm writing a multiuser application (.NET - C#) in which each user's data is separated from the others and there is no data that's common between users. It's critical to ensure that no user has access to another user's data. What are some approaches for implementing security at the database level and/or in the application architecture to to accomplish this? For example (and this is totally made up - I'm not suggesting it's a good or bad approach) including a userID column in all data tables might be an approach. I'm developing the app in C# (asp.net) and SQL Server 2008. I'm looking for options that are are either native in the tools I'm using or general patterns.

    Read the article

  • Amazon S3 security credentials per bucket

    - by slythic
    Hi all, I was wondering if it was possible to generate security credentials per individual Amazon S3 bucket. I am working with a developer and would like to grant him access only to the bucket we are working with. It's not a trust issue, it's more a concern that he'll delete the wrong bucket or its contents. For example: If we were working on an application that used a bucket called test-application I could generate the credentials for just that one bucket. These credentials would not allow access to other buckets in my account. Is this possible? Thanks, Tony

    Read the article

  • Quick MySQLi security question

    - by Benjamin Falk
    I have a quick MySQLi security related question... For example, take a look at this code (gets in put from the user, checks it against the database to see if the username/password combination exist): $input['user'] = htmlentities($_POST['username'], ENT_QUOTES); $input['pass'] = htmlentities($_POST['password'], ENT_QUOTES); // query db if ($stmt = $mysqli->prepare("SELECT * FROM members WHERE username=? AND password = ?")) { $stmt->bind_param("ss", $input['user'], md5($input['pass'] . $config['salt'])); $stmt->execute(); $stmt->store_result(); // check if there is a match in the database for the user/password combination if ($stmt->num_rows > 0) {} } In this case, I am using htmlentities() on the form data, and using a MySQLi prepared statement. Do I still need to be using mysql_real_escape_string()?

    Read the article

  • Help with Role Based Security.

    - by Bill K
    Hello, I'm trying to understand role based security and I have the following method: [PrincipalPermission(SecurityAction.Demand, Role = "Administrators")] static void Test() { //administratos only can call this code } What I wanna do is that only users that are members of the Windows Administrators group can call this code, however, if I do the following, it works: GenericIdentity genericIdentity = new GenericIdentity("test", "test"); GenericPrincipal genericPrincipal = new GenericPrincipal(genericIdentity, new string[] { "Administrators" }); AppDomain.CurrentDomain.SetThreadPrincipal(genericPrincipal); Test(); So, how can I make it work only if the user is in the Administrators windows group? thanks!

    Read the article

  • Security issues with rights to Network Service account

    - by Shrewd Demon
    hi, i have a page where the user can upload files on the server. Due to some problem related to account rights it was not working. Then i gave full rights to the Network Service account. I just wanted to know if there are any security breaching related issues with this solution, because i will be publishing the same to the client. If there are problems with this then kindly help with proper solution. any help will be appreciated... thank you.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 58 59 60 61 62 63 64 65 66 67 68 69  | Next Page >