Search Results

Search found 1191 results on 48 pages for 'elevated privileges'.

Page 10/48 | < Previous Page | 6 7 8 9 10 11 12 13 14 15 16 17  | Next Page >

  • Backup Permissions for an Active Directory Profile Directory

    - by Earls
    I have Folder Redirection turned on so the profiles are on a Windows shared folder on a File and Print Server... \folders\Profiles I want to back up the entire Profiles directory, but as Domain Admin I don't seem to have the privileges to "select all and copy" the entire directory structure. The user profile subfolders (Appdata, Documents, Desktop, Pictures, etc.) throw access denied errors... I tried to grant Domain Admins full privileges to the Profiles directory and thought the subfolders would inherit the privileges, but I get access denied errors just trying to set the permissions... How can I assign a user to the Profiles directory so that I can copy the entire directory tree to back it up?

    Read the article

  • Can't login to a new mysql user

    - by mostar
    Hi, When I create a new Mysql user, it is impossible to login using this user and password. Only if I crate a user without a password I can login. For example: mysql -u root -phererootpass grant all privileges on mydb.* to testuser@'%' identified by '' with grant option; grant all privileges on mydb.* to testuser2@'%' identified by 'mypass' with grant option; FLUSH PRIVILEGES; exit; mysql -u testuser #<<< work fine mysql -u testuser2 -pmypass #<<< fail to login ERROR 1045 (28000): Access denied for user 'testuser2'@'localhost' (using password: YES) </code> I'm using Mysql 5.0 on Red Hat v5 Please advice Mostar

    Read the article

  • Force running a program as non-administrator in Vista

    - by Peter Taylor
    I've just installed, on Vista 32-bit, a program which in my opinion shouldn't require administrator rights. It's not installed in a system directory, and its purpose shouldn't obviously require any special privileges. However, the .exe has a UAC shield on it, and it asks me to elevate privileges immediately upon execution. I'm prepared to risk it doing nasty things with the privileges of my user account, but not prepared to risk elevating it. Is there anything I can do short of setting up a virtual machine for it (or downloading the source and compiling it myself)? (FWIW, the program in question is Pencil - pencil.evolus.vn/en-US/Downloads/Application.aspx - but I'm more interested in general answers than app-specific ones).

    Read the article

  • Install Office software on a standard user account automatically.

    - by Earls
    If I know the Administrator account name and password on a Windows 7 computer, would it be possible to create an Office 2010 install CD that would "silently" install Office 2010 on a standard user account which does not have installation privileges. As in, the group policy "always install with elevated privileges" is in effect for the user. Some way to built the admin account privileges into the office installer? VBS Script? CMD? Understand, the laptops are in the field, the end user doesn't have the admin password and can't have the admin password. Thanks.

    Read the article

  • Create a super user in MySQL 5.5 not working: Permission denied for root@localhost

    - by GHarping
    Using CentOS 6, logged in to MySQL as root, entering the command: create user 'user123' identified by 'pass123'; works fine. But when I try and give that user super user privileges with: grant all on *.* to 'user123' identified by 'pass123'; I get the error: ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES) Then select * from mysql.user; shows that root has Y in all columns, so should have all privileges. I'd be very grateful if anyone could help me find why root is unable to grant privileges as I can't see why it wouldn't be working. Thanks

    Read the article

  • Remote connect to mysql server?

    - by LF4
    I've been trying to figure out why I keep getting this error when I try to connect to the MySQL server with the following commands. $~ mysql -u username -h SQLserver -p Enter password: ERROR 1045 (28000): Access denied for user 'username'@'myIP' (using password: YES) I've done the following: Port is open in the firewall other wise I wouldn't get the error it'd just timeout. MySQL server not running with skip-networking or bind-address username has host as '%' and I can connect locally so the password is correct. GRANT USAGE ON *.* TO username@% IDENTIFIED BY 'password'; FLUSH PRIVILEGES; I wanted to know if anyone had ideas or ran into this issue before and solved it? mysql> select user, host from mysql.user where user='username'; +----------+------+ | user | host | +----------+------+ | username | % | +----------+------+ 1 row in set (0.00 sec) mysql> show grants for 'username'; +----------------------------------------------------------------------------------------------------------------+ | Grants for username@% | +----------------------------------------------------------------------------------------------------------------+ | GRANT ALL PRIVILEGES ON *.* TO 'username'@'%' IDENTIFIED BY PASSWORD '*F42AD03PASSWORDHASHADF4021C86B' | | GRANT ALL PRIVILEGES ON `DB2`.* TO 'username'@'%' | +----------------------------------------------------------------------------------------------------------------+ 2 rows in set (0.00 sec)

    Read the article

  • Security Alert for CVE-2010-0886 and CVE-2010-0887 Released

    - by eric.maurice
    Hi, this is Eric Maurice again! Oracle just released a Security Alert to announce the availability of fixes for two vulnerabilities (CVE-2010-0886 and CVE-2010-0887) affecting Oracle Java SE and Oracle Java For Business. Both vulnerabilities only affect Java when running in a 32-bit web browser. These vulnerabilities are not present in Java running on servers or standalone Java desktop applications and do not impact any Oracle server based software. The first vulnerability (CVE-2010-0886) affects the Java Deployment Toolkit (version 6 update 10 through 19) on Windows only. The second vulnerability (CVE-2010-0887) affects the Java Plug-in (version 6 update 18 and 19) on Windows, Solaris and Linux. Both vulnerabilities may allow an attacker to run commands on the user's system with the privileges of the user, whose system may have become compromised by visiting a malicious web site. Oracle rated the severity of both vulnerabilities with a CVSS Base Score of 10.0 because many Windows users grant themselves administrative privileges. However, on other platforms, or for Windows users with limited privileges, the CVSS Base Score is only 7.5, because a successful exploitation of these vulnerabilities cannot result in a full compromise of the affected system. Users can quickly determine if they are running vulnerable versions of Java by pointing their browser to http://www.java.com/en/download/help/testvm.xml. Java SE users can visit http://www.java.com and download the most recent release of Java SE to address these vulnerabilities. Because of the criticality of these vulnerabilities, and the publicity they received as a result of their disclosure before the availability of a fix, Oracle recommends that all customers and Java users update their Java installation to the most recent version (6 update 20). For More Information: The advisory for the Security Alert for CVE-2010-0886 and CVE-2010-0887 is located at http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0886.html

    Read the article

  • Should I use a separate 'admin' user as my "root sudo" or grant sudo to my 'app' user?

    - by AJB
    I'm still wrapping my brain around the Ubuntu 'nullify root' user management philosophy (and Linux in general) and I'm wondering if I should 'replace' my root user with a user called 'admin' (which basically has all the powers of the root, when using sudo) and create another user called 'app' that will be the primary user for my app. Here's the context: I'll be running a LNMP stack on Ubuntu 12.04 Server LTS. There will be only one app running on the server. The 'app' user needs to have SUPER privileges for MySQL. PHP will need to be able to exec() shell commands. The 'app' user will need to be able to transfer files via SFTP. And I'm thinking this would be the best approach: nullify 'root' user create a user called 'admin' that will be a full sudoer of root, this will be the new "root" user of NGINX, PHP, and MySQL (and all system software) grant SUPER privileges to 'app' in MySQL Grant SFTP privileges to only the 'app' user. As I'm new to this, and the information I've found in researching it tends to be of a more general nature, I'm wondering if this is a solid approach, or if it's unorthodox in a way that would cause issues down the road. Thanks in advance for any help.

    Read the article

  • Access to CD/DVD Drive is Denied through Windows 7 Explorer (Permission Problem)

    - by Synetech inc.
    A while ago I started having trouble with my optical drives. Both of them keep showing up in Explorer as CD/DVD drives on boot, but as soon as I put a disc in either one, it suddenly turns into a hard-drive—“local disk” is displayed in the Type column, though the File System column remains UDF/CDFS. (I though that maybe it was a permission issue on the registry key in HKLM\System\CurrentControlSet..., but I’m not so certain because of the next test.) When I try to open a disc (of any type), I get an access denied error message. If I open an elevated command-prompt, I am able to access the files. Also, if I kill Explorer and run it from an elevated command-prompt (thus giving Explorer elevated permissions), then I can access the files from Explorer. I’ve tried uninstalling and reinstalling the devices without success. The security dialog indicates that there are none set for the drives (no owner and no permissions). I tried setting the owner, but am only able to do so if there is a disc in it (it complains if it is empty), but the settings do not stick (if I immediately open the security dialog after setting it, it is empty again). I tried setting permissions, but that gives an error. I’ve included a screencap-flowchart of the security dialog of one of the drives below. (Yes, I made sure that there are no upper- or lower-filters, and yes, I ran sfc. I also made sure that in the policy editor, “devices: restrict CD-ROM...” is not set.) Does anyone know what the owner and permissions are supposed to be for optical drives and how to reset them?

    Read the article

  • Unable to delete a file or take ownership on Win7x64

    - by Basic
    I'm a developer and as part of the build process, a Microsoft dll is copied to a certain folder. That file copy is now failing as the target can't be overwritten. I decided to delete it by hand (using an admin account but a non-elevated explorer) so browsed to the folder and attempted a delete. This failed (Require permission from the Administrator). The same applies when using an elevated explorer. So I tried Properties-Security-Advanced-Ownership The current owner is showing as Unable to display current owner. I can't take ownership (a simple Access Denied message with no elaboration). Elevated Command Prompt/PowerShell don't help either (both give an Access Denied in their own way). Process explorer shows no open handles on the file. Eventually, I booted to linux and deleted the file but what I'd like to know is what caused it? Security Essentials had no issues with the file. It's digitally signed by MS and the signatures match.

    Read the article

  • Flash crashing Mac?

    - by Bohdan Trotsenko
    In his recent blogpost, Thoughts on Flash, Steve Jobs says: We also know first hand that Flash is the number one reason Macs crash. My best guess is that Flash runs in user-mode, with restricted privileges. Is is impossible to crash a system having restricted privileges. What am I missing?

    Read the article

  • Migrate data from one server to another using rsync

    - by Leonid Shevtsov
    I'm moving from one VPS to another, and I figured that the simplest way to transfer data would be rsync. However, the data is owned by a user, www-data, which doesn't have ssh privileges, and I'd like it to be owned by the same (named) user on the target machine. Obviously I need all file permissions preserved. I have SSH access via another user with sudo privileges on both machines. Is this possible to do this with rsync?

    Read the article

  • MySQL keeps adding additional user without rights from specific IP

    - by Niels B.
    I'm running MySQL Server 5.5.29 on Ubuntu Server 13.04 I have a created a user with a wildcard host access % and given him various privileges. However, whenever this user connects from 194.182.245.61, a new user account is created for that specific IP address with no rights and he is unable to exercise his privileges. When he connects from other internet connections, such as his home IP, it works just as it should. Why does this happen and how can I stop it from happening?

    Read the article

  • gpasswd and access to a file or directory

    - by PeanutsMonkey
    As I understand it if I run the command gpasswd -A username directoryname I assign administrator privileges to username for the directory directoryname. This means that username is able to add new members to the group for directoryname without root privileges. Does this also mean that username belongs to the group or do I need to add username to the group using the commands usermod, gpasswd -a or gpasswd -M

    Read the article

  • What do the "ALL"s in the line " %admin ALL=(ALL) ALL " in Ubuntu's /etc/sudoers file stand for?

    - by sri
    What does each ALL mean? I understand that the whole line indicates that the admin group members get admininstartive privileges, but would like to know more info about the position of the ALLS and if they each refer to a different set of permissions or something like that? $sudo cat /etc/sudoers ... # User privilege Information root ALL=(ALL) ALL #... %sudo ALL=(ALL) ALL # #includedir /etc/sudoers.d #Members of the admin group may gain root privileges %admin ALL=(ALL) ALL # If it matters: OS: Ubuntu : 10.4

    Read the article

  • Exporting query results to a file on the fly

    - by ercan
    Hi all, I need to export the results of a query to a csv file in an FTP folder. Is it possible to achieve this within a stored procedure? If yes, comes yet another constraint: can I achieve this without sysadmin privileges, aka without using xp_cmdshell + BCP utility? If no to 2., does the caller have to have sysadmin privileges or would it suffice if the SP owner has sysadmin privileges? Here are some more details to the problem: The SP must export and transfer the file on the fly and raise error if something went wrong. The caller must get a response immediately, i.e. in case of no error, he can assume that the results are successfully transferred to the folder. Therefore, a DTS/SSIS job that runs every N minutes is not an option. I know the problem smells like I will have to do this at application level, but I would be more than happy if all those stuff could be done from T-SQL.

    Read the article

  • PowerShell script to restart a service

    - by Guy Thomas
    My mission is to press a keyboard sequence, such as Ctrl +Shift +R, to restart a Windows Service. I have a script which works fine in the PowerShell ISE, when launched with administrative privileges. When I try with a PowerShell script it fails due to insufficient Administrative Privileges. It’s galling that I can get it to work with an old-fashioned bat file, but not PowerShell. The root of the problem is that shortcuts to a PowerShell script have their Administrative privileges box greyed out. So far no work-around has overcome this privilege problem. Any ideas?

    Read the article

  • SQL? "Show me all the Activities that can be performed by User X."

    - by Casey Fulton
    I'm at my wits end. I've searched like crazy, read plenty of database textbooks and God knows how many online guides, blogs and forums. Can someone put me out of my misery? PseudoSchema Diagram (Warning: although pretty, not in a format even remotely approaching ER diagrams! Primary keys are bold, foreign keys are italics.) Given the above set of tables relating Users to Groups to Privileges, and then a set of Activities that can each require a Privilege to perform, how do you find out this: Show me all the Activities that can be performed by User X. That is: User X is a member of groups G and F; groups G and F correlate to privileges P, Q, R and S; show me all the activities that require privileges either P, Q, R or S. How do you do this?

    Read the article

  • How to delete ProgIDs from other user accounts when uninstalling from Windows?

    - by Mordachai
    I've been investigating "how should a modern windows c++ application register its file types" with Windows (see http://stackoverflow.com/questions/2828637/c-how-do-i-correctly-register-and-unregister-file-type-associations-for-our-ap). And having combed through the various MSDN articles on the subject, the summary appears to be as follows: The installer (elevated) should register the global ProgID HKLM\Software\Classes\my-app.my-doc[.version] (e.g. HKLM\Software\Classes\TextPad.text) The installer also configures default associations for its document types (e.g. .myext) and points this to the aforementioned global ProgID in HKLM. NOTE: a user interface should be provided here to allow the user to either accept all default associations, or to customize which associations should be set. The application, running standard (unelevated), should provide a UI for allowing the current user to set their personal associations as is available in the installer, except that these associations are stored in HKCU\Software\Classes (per user, not per machine). The UN-installer is then responsible for deleting all registered ProgIDs (but should leave the actual file associations alone, as Windows is smart enough to handle associations pointing to missing ProgIDs, and this is the specified desired behavior by MSDN). So that schema sounds reasonable to me, except when I consider #4: How does an uninstaller, running elevated for a given user account, delete any per-user ProgIDs created in step #3 for other users? As I understand things, even in elevated mode, an uninstaller cannot go into another user's registry hive and delete items? Or can it? Does it have to load each given user hive first? What are the rules here? Thanks for any insight you might have to offer! EDIT: See below for the solution (My question was founded in confusion)

    Read the article

  • New Big Data Appliance Security Features

    - by mgubar
    The Oracle Big Data Appliance (BDA) is an engineered system for big data processing.  It greatly simplifies the deployment of an optimized Hadoop Cluster – whether that cluster is used for batch or real-time processing.  The vast majority of BDA customers are integrating the appliance with their Oracle Databases and they have certain expectations – especially around security.  Oracle Database customers have benefited from a rich set of security features:  encryption, redaction, data masking, database firewall, label based access control – and much, much more.  They want similar capabilities with their Hadoop cluster.    Unfortunately, Hadoop wasn’t developed with security in mind.  By default, a Hadoop cluster is insecure – the antithesis of an Oracle Database.  Some critical security features have been implemented – but even those capabilities are arduous to setup and configure.  Oracle believes that a key element of an optimized appliance is that its data should be secure.  Therefore, by default the BDA delivers the “AAA of security”: authentication, authorization and auditing. Security Starts at Authentication A successful security strategy is predicated on strong authentication – for both users and software services.  Consider the default configuration for a newly installed Oracle Database; it’s been a long time since you had a legitimate chance at accessing the database using the credentials “system/manager” or “scott/tiger”.  The default Oracle Database policy is to lock accounts thereby restricting access; administrators must consciously grant access to users. Default Authentication in Hadoop By default, a Hadoop cluster fails the authentication test. For example, it is easy for a malicious user to masquerade as any other user on the system.  Consider the following scenario that illustrates how a user can access any data on a Hadoop cluster by masquerading as a more privileged user.  In our scenario, the Hadoop cluster contains sensitive salary information in the file /user/hrdata/salaries.txt.  When logged in as the hr user, you can see the following files.  Notice, we’re using the Hadoop command line utilities for accessing the data: $ hadoop fs -ls /user/hrdataFound 1 items-rw-r--r--   1 oracle supergroup         70 2013-10-31 10:38 /user/hrdata/salaries.txt$ hadoop fs -cat /user/hrdata/salaries.txtTom Brady,11000000Tom Hanks,5000000Bob Smith,250000Oprah,300000000 User DrEvil has access to the cluster – and can see that there is an interesting folder called “hrdata”.  $ hadoop fs -ls /user Found 1 items drwx------   - hr supergroup          0 2013-10-31 10:38 /user/hrdata However, DrEvil cannot view the contents of the folder due to lack of access privileges: $ hadoop fs -ls /user/hrdata ls: Permission denied: user=drevil, access=READ_EXECUTE, inode="/user/hrdata":oracle:supergroup:drwx------ Accessing this data will not be a problem for DrEvil. He knows that the hr user owns the data by looking at the folder’s ACLs. To overcome this challenge, he will simply masquerade as the hr user. On his local machine, he adds the hr user, assigns that user a password, and then accesses the data on the Hadoop cluster: $ sudo useradd hr $ sudo passwd $ su hr $ hadoop fs -cat /user/hrdata/salaries.txt Tom Brady,11000000 Tom Hanks,5000000 Bob Smith,250000 Oprah,300000000 Hadoop has not authenticated the user; it trusts that the identity that has been presented is indeed the hr user. Therefore, sensitive data has been easily compromised. Clearly, the default security policy is inappropriate and dangerous to many organizations storing critical data in HDFS. Big Data Appliance Provides Secure Authentication The BDA provides secure authentication to the Hadoop cluster by default – preventing the type of masquerading described above. It accomplishes this thru Kerberos integration. Figure 1: Kerberos Integration The Key Distribution Center (KDC) is a server that has two components: an authentication server and a ticket granting service. The authentication server validates the identity of the user and service. Once authenticated, a client must request a ticket from the ticket granting service – allowing it to access the BDA’s NameNode, JobTracker, etc. At installation, you simply point the BDA to an external KDC or automatically install a highly available KDC on the BDA itself. Kerberos will then provide strong authentication for not just the end user – but also for important Hadoop services running on the appliance. You can now guarantee that users are who they claim to be – and rogue services (like fake data nodes) are not added to the system. It is common for organizations to want to leverage existing LDAP servers for common user and group management. Kerberos integrates with LDAP servers – allowing the principals and encryption keys to be stored in the common repository. This simplifies the deployment and administration of the secure environment. Authorize Access to Sensitive Data Kerberos-based authentication ensures secure access to the system and the establishment of a trusted identity – a prerequisite for any authorization scheme. Once this identity is established, you need to authorize access to the data. HDFS will authorize access to files using ACLs with the authorization specification applied using classic Linux-style commands like chmod and chown (e.g. hadoop fs -chown oracle:oracle /user/hrdata changes the ownership of the /user/hrdata folder to oracle). Authorization is applied at the user or group level – utilizing group membership found in the Linux environment (i.e. /etc/group) or in the LDAP server. For SQL-based data stores – like Hive and Impala – finer grained access control is required. Access to databases, tables, columns, etc. must be controlled. And, you want to leverage roles to facilitate administration. Apache Sentry is a new project that delivers fine grained access control; both Cloudera and Oracle are the project’s founding members. Sentry satisfies the following three authorization requirements: Secure Authorization:  the ability to control access to data and/or privileges on data for authenticated users. Fine-Grained Authorization:  the ability to give users access to a subset of the data (e.g. column) in a database Role-Based Authorization:  the ability to create/apply template-based privileges based on functional roles. With Sentry, “all”, “select” or “insert” privileges are granted to an object. The descendants of that object automatically inherit that privilege. A collection of privileges across many objects may be aggregated into a role – and users/groups are then assigned that role. This leads to simplified administration of security across the system. Figure 2: Object Hierarchy – granting a privilege on the database object will be inherited by its tables and views. Sentry is currently used by both Hive and Impala – but it is a framework that other data sources can leverage when offering fine-grained authorization. For example, one can expect Sentry to deliver authorization capabilities to Cloudera Search in the near future. Audit Hadoop Cluster Activity Auditing is a critical component to a secure system and is oftentimes required for SOX, PCI and other regulations. The BDA integrates with Oracle Audit Vault and Database Firewall – tracking different types of activity taking place on the cluster: Figure 3: Monitored Hadoop services. At the lowest level, every operation that accesses data in HDFS is captured. The HDFS audit log identifies the user who accessed the file, the time that file was accessed, the type of access (read, write, delete, list, etc.) and whether or not that file access was successful. The other auditing features include: MapReduce:  correlate the MapReduce job that accessed the file Oozie:  describes who ran what as part of a workflow Hive:  captures changes were made to the Hive metadata The audit data is captured in the Audit Vault Server – which integrates audit activity from a variety of sources, adding databases (Oracle, DB2, SQL Server) and operating systems to activity from the BDA. Figure 4: Consolidated audit data across the enterprise.  Once the data is in the Audit Vault server, you can leverage a rich set of prebuilt and custom reports to monitor all the activity in the enterprise. In addition, alerts may be defined to trigger violations of audit policies. Conclusion Security cannot be considered an afterthought in big data deployments. Across most organizations, Hadoop is managing sensitive data that must be protected; it is not simply crunching publicly available information used for search applications. The BDA provides a strong security foundation – ensuring users are only allowed to view authorized data and that data access is audited in a consolidated framework.

    Read the article

  • Multiple vulnerabilities in Mozilla Firefox

    - by chandan
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2011-2372 Permissions, Privileges, and Access Controls vulnerability 3.5 Firefox web browser Solaris 11 11/11 SRU 3 Solaris 10 Contact Support CVE-2011-2995 Denial of Service (DoS) vulnerability 10.0 CVE-2011-2997 Denial of Service (DoS) vulnerability 10.0 CVE-2011-3000 Improper Control of Generation of Code ('Code Injection') vulnerability 4.3 CVE-2011-3001 Permissions, Privileges, and Access Controls vulnerability 4.3 CVE-2011-3002 Denial of Service (DoS) vulnerability 9.3 CVE-2011-3003 Denial of Service (DoS) vulnerability 10.0 CVE-2011-3004 Improper Input Validation vulnerability 4.3 CVE-2011-3005 Denial of Service (DoS) vulnerability 9.3 CVE-2011-3232 Improper Control of Generation of Code ('Code Injection') vulnerability 9.3 CVE-2011-3648 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3 CVE-2011-3650 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2011-3651 Denial of Service (DoS) vulnerability 10.0 CVE-2011-3652 Denial of Service (DoS) vulnerability 10.0 CVE-2011-3654 Denial of Service (DoS) vulnerability 10.0 CVE-2011-3655 Improper Control of Generation of Code ('Code Injection') vulnerability 9.3 This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • Database Security: The First Step in Pre-Emptive Data Leak Prevention

    - by roxana.bradescu
    With WikiLeaks raising awareness around information leaks and the harm they can cause, many organization are taking stock of their own information leak protection (ILP) strategies in 2011. A report by IDC on data leak prevention stated: Increasing database security is one of the most efficient and cost-effective measures an organization can take to prevent data leaks. By utilizing the data protection, access control, account management, encryption, log management, and other security controls inherent in the database management system, entities can institute first-level control over the widest range of protected information. As a central repository for unstructured data, which is growing at leaps and bounds, the database should be the first layer providing information leakage protection. Unfortunately, most organizations are not taking sufficient steps to protect their databases according to a survey of the Independent Oracle User Group. For example, any operating system administrator or database administrator can access the all the data stored in the database in most organizations. Without any kind of auditing or monitoring. And it's not just administrators, database users can typically access the database with ad-hoc query tools from their desktop and by-pass any application level controls. Despite numerous regulations calling for controls to limit the powers of insiders, most organizations still put too many privileges in the hands of their employees. Time and time again these excess privileges have backfired. Internal agents were implicated in almost half of data breaches according to the Verizon Data Breach Investigations Report and the rate is rising. Hackers also took advantage of these excess privileges very successfully using stolen credentials and SQL injection attacks. But back to the insiders. Who are these insiders and why do they do it? In 2002, the U.S. Secret Service (USSS) behavioral psychologists and CERT information security experts formed the Insider Threat Study team to examine insider threat cases that occurred in US critical infrastructure sectors, and examined them from both a technical and a behavioral perspective. A series of fascinating reports has been published as a result of this work. You can learn more by watching the ISSA Insider Threat Web Conference. So as your organization starts to look at data leak prevention over the coming year, start off by protecting your data at the source - your databases. IDC went on to say: Any enterprise looking to improve its competitiveness, regulatory compliance, and overall data security should consider Oracle's offerings, not only because of their database management capabilities but also because they provide tools that are the first layer of information leak prevention. Learn more about Oracle Database Security solutions and get the whitepapers, demos, tutorials, and more that you need to protect data privacy from internal and external threats.

    Read the article

  • Transparency call for Spec Leads and EC materials posted

    - by heathervc
    The materials and recording from the February 2012 call for JCP program Spec Leads is now available.  This call features Martijn Verburg, alternate EC representative for the London Java Community and includes information on the Adopt-a-JSR program.  The materials and audio recording of the  "Leveraging the Community" call can be found on the multimedia page of jcp.org .  The EC meeting summaries from February and March 2012 have also been posted.  Following the April 2012 EC Meeting this morning (minutes and materials will be posted soon), there are now four EC Members that have lost their voting privileges--AT&T, SK Telecom, Samsung and Twitter.  In order to regain their privileges, these EC Members must attend two EC meeting in a row, as detailed in the EC Standing Rules.

    Read the article

  • Setting Up Your SQL Server Agent Correctly

    It is important to set up SQL Server Agent Security on the principles of 'executing with minimum privileges’, and ensure that errors are properly logged and alerts are set up for a comprehensive range of errors. SQL Server Agent allows fine-grained control of every job step that should allow tasks to be run entirely safely even if they occasionally need special privileges. Can 41,000 DBAs really be wrong? Join 41,000 other DBAs who are following the new series from the DBA Team: the 5 Worst Days in a DBA’s Life. Part 3, As Corrupt As It Gets, is out now – read it here.

    Read the article

  • Path is too long

    - by kaleidoscope
    Bugged by the irritating "Path is too long after being fully qualified" error while running in the Development Fabric? The solution is pretty funny and not so obvious unfortunately. The culprit here is not your app, but the Development Fabric. The DevFab accumulates a lot of temporary junk comprising of local storage locations, cached binaries, configuration, diagnostics information and cached compiled web site content files over its lifetime. They are typically stored at C:\Users\<username>\AppData\Local\dftmp. The Azure Tools will periodically clean this up, but some time you have to play janitor and take the law in your hands ;). The csrun.exe has quite a few tricks up its sleeve. One of them is the ability to clean the development fabric's temporary junk accumulated over time. You can do this by  running the Azure command prompt with elevated privileges and running csrun.exe /devfabric:shutdown and then csrun.exe /devfabric:clean If the problem still persists then the application directory structure could indeed be too long. A workaround to this is changing the Development Fabric temporary directory to point to a shorter path. The temporary directory path can be addressed by an environment variable _CSRUN_STATE_DIRECTORY. You can try setting its value to something like "C:\WA" or "C:\A" this will reduce some 25+ characters from your path. Do not forget to close Visual Studio and expressly shutdown the dev fab with csrun.exe /devfabric:shutdown (Under elevated privileges of course). Source: http://geekswithblogs.net/IUnknown/archive/2010/02/03/no-more-path-is-too-long.aspx  :D   Sarang, K

    Read the article

< Previous Page | 6 7 8 9 10 11 12 13 14 15 16 17  | Next Page >