Search Results

Search found 11785 results on 472 pages for 'password protection'.

Page 104/472 | < Previous Page | 100 101 102 103 104 105 106 107 108 109 110 111  | Next Page >

  • WCF service and security

    - by Gaz83
    Been building a WP7 app and now I need it to communicate to a WCF service I made to make changes to an SQL database. I am a little concerned about security as the user name and password for accessing the SQL database is in the App.Config. I have read in places that you can encrypt the user name and password in the config file. As the username and password is never exposed to the clients connected to the WCF service, would security in my situation be much of a problem? Just in case anyone suggests a method of security, I do not have SSL on my web server.

    Read the article

  • Anti-cheat Javascript for browser/HTML5 game

    - by Billy Ninja
    I'm planning on venturing on making a single player action rpg in js/html5, and I'd like to prevent cheating. I don't need 100% protection, since it's not going to be a multiplayer game, but I want some level of protection. So what strategies you suggest beyond minify and obfuscation? I wouldn't bother to make some server side simple checking, but I don't want to go the Diablo 3 path keeping all my game state changes on the server side. Since it's going to be a rpg of sorts I came up with the idea of making a stats inspector that checks abrupt changes in their values, but I'm not sure how it consistent and trusty it can be. What about variables and functions escopes? Working on smaller escopes whenever possible is safer, but it's worth the effort? Is there anyway for the javascript to self inspect it's text, like in a checksum? There are browser specific solutions? I wouldn't bother to restrain it for Chrome only in the early builds.

    Read the article

  • WebLogic not reading boot.properties 11.1.1.x

    - by James Taylor
    In WebLogic 11.1.1.1 the boot.properties file was stored in the $MW_HOME/user_projects/domains/[domain] directory. It would be read at startup and there would be no requirement to enter username and password. In later releases the location has changed to $MW_HOME/user_projects/domains/[domain]/servers/[managed_server]/security In most instances you will need to create the security directory If you want to specify a custom directory add the following to the startup scripts for the server. -Dweblogic.system.BootIdentityFile=[loc]/boot.properties create a boot.properties file using the following entry username=<adminuser> password=<password>

    Read the article

  • home-folder encryption: Does it work?

    - by jpaugh
    Back when Ubuntu first sported home folder encryption (what, around the time of Jaunty Jackalope?), I opted in. That caused me some grief when I decided to change my login password. I found that I couldn't decrypt my home anymore! In trying to fix this, I eventually muddled things to the point that using my old password didn't work anymore, either. That experience has left me very shy of using an encrypted home directory--nevermind the performance hit of encryption. Has this feature become more "stable" since it came out? Does it break if you change your login password? Has your [more recent] experience been better? (Does it work in Natty Narwhal?)

    Read the article

  • How can I select an appropriate licensing/obfuscation system for .NET?

    - by Adam
    I saw someone suggesting .NET Reactor once as a good obfuscator. I went to their website to check it out and saw they have a product called IntelliLock which is advertised as a pretty robust licensing system which has code protection/obfuscation built in. With that said, I tried to contact them and ask them a few questions regarding the product, but have not had any response. This is kind of a red flag for me. However, it seems like there is some user base for this product whom are satisfied. What .NET licensing system(s) with .NET code protection/obfuscation are you using? What are its pros & cons that you have encountered? Are there things I should be looking for or looking to avoid when evaluating these systems?

    Read the article

  • Disaster Recovery Discovery

    - by Rodney Landrum
    Last weekend I joined several of my IT staff on a mission to perform a DR test in our remote CoLo center in a large South East city of the US. Can I be more obtuse? The goal was simple for me as the sole DBA in a throng of Windows, Storage, Network and SAN admins – restore the databases and make them work. There were 4 applications that back ended to 7 SQL Server databases on 4 different SQL Server instances. We would maintain the original server names, but beyond that it was fair game. We had time to prepare so I was able to script out or otherwise automate the recovery process. I used sp_help_revlogin for three of the servers, a bit of a cheat actually because restoring the Master database on the target DR servers was the specified course of action according to the DR procedures ( the caveat “IF REQUIRED” left it open to interpretation. I really wanted to avoid the step of restoring Master for a number of reasons but mainly because I did not want to deal with issues starting SQL Services afterward. Having to account for the location of TempDB and the version conflicts of the resource DBs were just two of the battles I chose not to fight. Not to mention other system database location problems that might arise and prevent SQL from starting.  I was going to have to restore all of the user databases anyway, so I would not really gain any benefit, outside of logins, for taking the time to restore the source Master database over the newly installed one on the fresh server. What I wanted was the ability to restore the Master database as a user database, call it Master_Mine, from a backup on the source system and then use that restored database to script the SQL Logins and passwords on the DR systems. While I did not attempt this on the trip, the thought stuck in my mind and this past week I succeeded at scripting user accounts and passwords using only a restored copy of the Master database. Granted there were several challenges to overcome.  Also, as is usual for any work like this the usual disclaimers apply:  This is not something that I would imagine Microsoft would condone or support and this was really only an experiment for me to learn if it was even possible. While I have tested the process with success, I do not know that I would use this technique in a documented procedure because future updates for SQL Server will render this technique non-functional. I thought at first, incorrectly of course, that I could use sp_help_revlogin on a restored copy of the master database I named Master_Mine.   Since sp_help_revlogin uses system schema objects, sys.syslogins and sys.server_principals, this was not going to work because all results would come from the main Master database. To test this I added a SQL login via SSMS, backed up Master, restored  it as Master_Mine, and then deleted the login.  Even though the test account I created should presumably still be in the Master_Mine database, I should be able to get to it and script out its creation with its password hash so that I would not need to know the password, but any applications that stored that password would not have to be altered in the DR scenario. They would just work as expected. Once I realized that would not work I began looking deeper.  Knowing that sys.syslogins and sys.server_principals are system views, their underlying code should be available with sp_helptext, right? They were. And this led me to discover the two tables sys.sysxlgns and sys.sysprivs, where the data I needed was stored. These tables existed in both the real Master and the restored copy, Master_Mine.  I used this information to tweak the sp_help_revlogin stored procedure to use these tables instead to create the logins cursor used in sp_help_revlogin. For the password hash,  sp_help_revlogin uses the function LoginProperty() which takes a user name and option ‘passwordhash’ to return the hash for the user. Unfortunately, it requires the login to exist in the Master database. This would not work. So another slight modification I had to make was to pull the password hash itself (pwdhash from sys.sysxlgns) into the logins cursor and comment out the section of sp_help_revlogin that uses LoginProperty. Instead, I pass the pwdhash value as the variable @PWD_varbinary to the sp_hexadecimal stored procedure which is also created by and used within the code provided by Microsoft in the link above for sp_help_revlogin. The final challenge: sys.sysxlgns and sys.server_principals are visible only within a Dedicated Administrator Connection (DAC) query window in SSMS or within SQLCDMD.  To open a DAC connection you have to be logged in on the SQL Server itself, via RDP in my case,  and you preface the server name in the query connection with ADMIN:, so that the server connection looks like ADMIN:ServerName. From there you can create the modified stored procedure in the restored copy of a Master database from a source system as whatever name you like, and then run the modified stored procedure. I named my new stored procedure usp_help_revlogin_MyMaster. Upon execution I was happy to see the logins and password hashes that I needed to apply from the source Master database without having to restore over the new Master system database and without the need to access the original server (assuming it was down due to whatever disaster put it in that state). You will note that I am not providing full code samples here of the modifications. I will say that it was a slight bit of work and anyone who needed to do this for whatever reason, could fairly easily roll their own solution with the information provided herein.  My goal, as I said was to prove that this could be done and provide another option if required to ease the burden of getting SQL Servers up and available in an emergency situation where alternatives may be more challenging or otherwise unavailable.  

    Read the article

  • sending credential to linkedIn website and get oauth_verifier without sign in again

    - by akash kumar
    i am facing problem regarding sending credentials to other website and after login(automatically not clicked on sign in here) and get oauth_verifier value Detail is bellow.... I want to send emailaddress and password through form(submit button)from my website(i.e liferay portal) to another website(suppose linkedIn) it should automatically authorize and return oauth_verifier to my website. that mean i dont want my website user to submit emailaddress and password to linkedIn again. actually i want to take emailaddress and password in my website and show the user LinkedIn connection,message,job posting in my website it self,i dont want to redirect user to LinkedIn website and sign in there and again come back to my website. I have taken consumer key and secret key from LinkedIn for my aplication. i am using linkedIn api and getting oauth_verifier for access token but for that i have to take user to LinkedIn for signIn, actually it should happen in backend

    Read the article

  • How to deal with social login

    - by Matteo Pagliazzi
    In my new web app I'm going to allow social login through Twitter (maybe), Facebook and Google and I'm in search of the best way to do it. Actually I'm using Rails with Devise + Omniauth and this is the problem: Should I ask the user to choose a password so that he can login without a social network? Or maybe the user should be able to set a password if he want (for example when editing his account?) The second way seems the best one but since Twitter doesn't provide user email and google doesn't provide an username I'll probably have to ask the user for username/email when he log in so in that case I may also ask for the password... waht do you think?

    Read the article

  • How to Connect Lubuntu to Ubuntu Hotspot via Ethernet?

    - by Dillmo
    I just fixed up an old laptop by installing Lubuntu 13.04. The laptop does not have a network card, so it can only connect via Ethernet. I created a hotspot with an Ubuntu laptop, but am having trouble connecting to it via wired. I am not asked for a password when I try to connect, even though the network has a password. The hotspot will not enable a wired connection, so that may be the problem. How can I connect a Lubuntu laptop to an Ubuntu laptop hotspot via Ethernet? Update: The connection also does not ask for a password when connecting to a gaming adapter.

    Read the article

  • Database Security: The First Step in Pre-Emptive Data Leak Prevention

    - by roxana.bradescu
    With WikiLeaks raising awareness around information leaks and the harm they can cause, many organization are taking stock of their own information leak protection (ILP) strategies in 2011. A report by IDC on data leak prevention stated: Increasing database security is one of the most efficient and cost-effective measures an organization can take to prevent data leaks. By utilizing the data protection, access control, account management, encryption, log management, and other security controls inherent in the database management system, entities can institute first-level control over the widest range of protected information. As a central repository for unstructured data, which is growing at leaps and bounds, the database should be the first layer providing information leakage protection. Unfortunately, most organizations are not taking sufficient steps to protect their databases according to a survey of the Independent Oracle User Group. For example, any operating system administrator or database administrator can access the all the data stored in the database in most organizations. Without any kind of auditing or monitoring. And it's not just administrators, database users can typically access the database with ad-hoc query tools from their desktop and by-pass any application level controls. Despite numerous regulations calling for controls to limit the powers of insiders, most organizations still put too many privileges in the hands of their employees. Time and time again these excess privileges have backfired. Internal agents were implicated in almost half of data breaches according to the Verizon Data Breach Investigations Report and the rate is rising. Hackers also took advantage of these excess privileges very successfully using stolen credentials and SQL injection attacks. But back to the insiders. Who are these insiders and why do they do it? In 2002, the U.S. Secret Service (USSS) behavioral psychologists and CERT information security experts formed the Insider Threat Study team to examine insider threat cases that occurred in US critical infrastructure sectors, and examined them from both a technical and a behavioral perspective. A series of fascinating reports has been published as a result of this work. You can learn more by watching the ISSA Insider Threat Web Conference. So as your organization starts to look at data leak prevention over the coming year, start off by protecting your data at the source - your databases. IDC went on to say: Any enterprise looking to improve its competitiveness, regulatory compliance, and overall data security should consider Oracle's offerings, not only because of their database management capabilities but also because they provide tools that are the first layer of information leak prevention. Learn more about Oracle Database Security solutions and get the whitepapers, demos, tutorials, and more that you need to protect data privacy from internal and external threats.

    Read the article

  • Unwanted authentication request window at login after upgrade to Ubuntu 13.10

    - by UBod
    I recently upgraded to Ubuntu 13.10 (64bit) on my Dell Laptop. Since then, at each login, a dialog window entitled "Authentication request ... Please enter the password for account "[email protected]"." appears (I would rather post a screenshot if I could, but I am not entitled to do that because I do not have the necessary 10 reputation credits). I neither have any idea why my password (I checked it a hundred times) does not work ("Password was incorrect") nor why this dialog is displayed at all. As said, I never saw it before 13.10. I looked around in different forums and it seems (please correct me if I am wrong) that it stems from evolution server. I also deleted ~/.config/evolution/ entirely - without any effect. Further note that I am not using evolution at all and I would rather like to get rid of it completely, but I do not dare to remove evolution-server. Any ideas? Thanks in advance, Ulrich

    Read the article

  • No databases showing in phpMyAdmin

    - by Thein Hla Maw
    My website is hosted in shared hosting service and is working fine with updated news stored in MySQL database. To manage the database of website, I install phpMyAdmin in a sub-folder with the same username and password used in website. When I login to phpMyAdmin, I don't see my database. phpMyAdmin is showing "No databases" in left pane. Is there any thing I need to configure in phpMyAdmin? Edited: This is the settings in config.inc.php. I can login to phpMyAdmin successfully. $cfg['Servers'][$i]['host'] = 'hostname'; $cfg['Servers'][$i]['port'] = ''; $cfg['Servers'][$i]['socket'] = ''; $cfg['Servers'][$i]['connect_type'] = 'tcp'; $cfg['Servers'][$i]['extension'] = 'mysqli'; $cfg['Servers'][$i]['auth_type'] = 'cookie'; $cfg['Servers'][$i]['user'] = 'dbuser'; $cfg['Servers'][$i]['password'] = 'password';

    Read the article

  • How To Create a Shortcut That Lets a Standard User Run An Application as Administrator

    - by Chris Hoffman
    Want to allow a standard user account to run an application as administrator without a UAC or password prompt? You can easily create a shortcut that uses the runas command with the /savecred switch, which saves the password. Note that using /savecred could be considered a security hole – a standard user will be able to use the runas /savecred command to run any command as administrator without entering a password. However, it’s still useful for situations where this doesn’t matter much – perhaps you want to allow a child’s standard user account to run a game as Administrator without asking you. We’ve also covered allowing a user to run an application as Administrator with no UAC prompts by creating a scheduled task. HTG Explains: Is ReadyBoost Worth Using? HTG Explains: What The Windows Event Viewer Is and How You Can Use It HTG Explains: How Windows Uses The Task Scheduler for System Tasks

    Read the article

  • The Unintended Consequences of Sound Security Policy

    - by Tanu Sood
    v\:* {behavior:url(#default#VML);} o\:* {behavior:url(#default#VML);} w\:* {behavior:url(#default#VML);} .shape {behavior:url(#default#VML);} Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Calibri","sans-serif"; mso-bidi-font-family:"Times New Roman";} Author: Kevin Moulton, CISSP, CISM Meet the Author: Kevin Moulton, Senior Sales Consulting Manager, Oracle Kevin Moulton, CISSP, CISM, has been in the security space for more than 25 years, and with Oracle for 7 years. He manages the East Enterprise Security Sales Consulting Team. He is also a Distinguished Toastmaster. Follow Kevin on Twitter at twitter.com/kevin_moulton, where he sometimes tweets about security, but might also tweet about running, beer, food, baseball, football, good books, or whatever else grabs his attention. Kevin will be a regular contributor to this blog so stay tuned for more posts from him. When I speak to a room of IT administrators, I like to begin by asking them if they have implemented a complex password policy. Generally, they all nod their heads enthusiastically. I ask them if that password policy requires long passwords. More nodding. I ask if that policy requires upper and lower case letters – faster nodding – numbers – even faster – special characters – enthusiastic nodding all around! I then ask them if their policy also includes a requirement for users to regularly change their passwords. Now we have smiles with the nodding! I ask them if the users have different IDs and passwords on the many systems that they have access to. Of course! I then ask them if, when they walk around the building, they see something like this: Thanks to Jake Ludington for the nice example. Can these administrators be faulted for their policies? Probably not but, in the end, end-users will find a way to get their job done efficiently. Post-It Notes to the rescue! I was visiting a business in New York City one day which was a perfect example of this problem. First I walked up to the security desk and told them where I was headed. They asked me if they should call upstairs to have someone escort me. Is that my call? Is that policy? I said that I knew where I was going, so they let me go. Having the conference room number handy, I wandered around the place in a search of my destination. As I walked around, unescorted, I noticed the post-it note problem in abundance. Had I been so inclined, I could have logged in on almost any machine and into any number of systems. When I reached my intended conference room, I mentioned my post-it note observation to the two gentlemen with whom I was meeting. One of them said, “You mean like this,” and he produced a post it note full of login IDs and passwords from his breast pocket! I gave him kudos for not hanging the list on his monitor. We then talked for the rest of the meeting about the difficulties faced by the employees due to the security policies. These policies, although well-intended, made life very difficult for the end-users. Most users had access to 8 to 12 systems, and the passwords for each expired at a different times. The post-it note solution was understandable. Who could remember even half of them? What could this customer have done differently? I am a fan of using a provisioning system, such as Oracle Identity Manager, to manage all of the target systems. With OIM, and email could be automatically sent to all users when it was time to change their password. The end-users would follow a link to change their password on a web page, and then OIM would propagate that password out to all of the systems that the user had access to, even if the login IDs were different. Another option would be an Enterprise Single-Sign On Solution. With Oracle eSSO, all of a user’s credentials would be stored in a central, encrypted credential store. The end-user would only have to login to their machine each morning and then, as they moved to each new system, Oracle eSSO would supply the credentials. Good-bye post-it notes! 3M may be disappointed, but your end users will thank you. I hear people say that this post-it note problem is not a big deal, because the only people who would see the passwords are fellow employees. Do you really know who is walking around your building? What are the password policies in your business? How do the end-users respond?

    Read the article

  • How do i completely remove phpmyadmin?

    - by blade19899
    I messed up my phpmyadmin, I haven't logged in, in phpmyadmin, in a while, and as a result i forgot my password, so i purged it like so: sudo apt-get purge phpmyadmin. I did get some error messages asking for my password but i forgot that, so i just pressed ignore, after that i installed phpmyadmin again like so: sudo apt-get install phpmyadmin. This time i wont be forgetting my password. But now, when i logging my phpmyadmin I get a 404 not found error page!? Question: How do i completely remove phpmyadmin and as a result get phpmyadmin working again Note: I am running Ubuntu 12.10(AMD64)

    Read the article

  • How would you want to see software intellectual property protected?

    - by glenatron
    Reading answers to this question - and many other discussions of software patents - it seems that most of us as programmers feel that software patents are a bad idea. At the same time we are in the group most likely to lose out if our work is copied or stolen. So what level of Intellectual Property Protection does code and software need? Is copyright sufficient? Are patents necessary? As software is neither a physical object nor simple text, should we be thinking of a third path that falls somewhere between the two? Do we need any protection at all? If you had the facility to set up the law for this, what would you choose?

    Read the article

  • Is it possible to get a Proxy Authentication Dialog with Ubuntu Server?

    - by Johnny Bigoode
    I've got a VM Virtual Box with Ubuntu Server. I'set the http_proxy variable using export http_proxy="http://1234:linux@proxy:8080" The problem is that Ubuntu will constantly try to connect to the internet, even when I'm not logged in my company's account, so everyday I need to reset my password since Ubuntu will constantly try to access the internet. Also, it's always a problem when I need to authenticate the proxy with a different user/password. Can't I just set it to make a small prompt when it tries to connect to the proxy and fails? Like Firefox, Chrome and every app I have installed with Windows 7? I get this small dialog box that asks for a username and password when it can't access the internet. The Ubuntu Server doesn't need constant internet connection, specially since it's only online for tests over LAN.

    Read the article

  • Login - check database if user exists... (c#)

    - by SAMIR BHOGAYTA
    I have managed to do the following... string connectionString = "datasource=localhost;username=xxx;password=xxx;database=xxx"; MySqlConnection mySqlConnection = new MySqlConnection(connectionString); string selectString = "SELECT username, password " + "FROM forum_members " + "WHERE username = '" + frmUsername.Text + "' AND password = '" + frmPassword.Text + "'"; MySqlCommand mySqlCommand = new MySqlCommand(selectString, mySqlConnection); mySqlConnection.Open(); String strResult = String.Empty; strResult = (String)mySqlCommand.ExecuteScalar(); mySqlConnection.Close(); if (strResult.Length == 0) { Label1.Text = "INCORRECT USER/PASS!" //could redirect to register page } else { Label1.Text = "YOU ARE LOGGED IN!"; //set loggin in sessions variables }

    Read the article

  • How to protect own software from copying [closed]

    - by Zzz
    Possible Duplicate: How do you prevent the piracy of your software? Is possible to protect some file from copying if you are administrator of machine? I heard some story about some behavior: one software developer sells his software in some way. He is installing it on every client's computer and this software does not work on other computers or cannot be copied physically. How to implement the first and second protection. Is it effectively protection if software costs about $100 for all copies across client's company?

    Read the article

  • Can't get vnc to connect

    - by Thom
    I have a server and my laptop. I want to be able to start vnc server on the server and then connect from my laptop. Both are running ubuntu 11.10 64 bit desktop On my server, i installed x11vnc. I set it up with a password, no view only password. I ssh to the box and typed vncserver :42 Now on my laptop, I installed gtkvncviewer and ran it. It popped up a box. I entered the picard:42 (the name of the server in my /etc/hosts file) and the password. I tried with and without the user. It always disconnects immediately. Can anyone point out what I'm doing wrong? Is it because I'm not running a GUI session currently on picard? If so, how can I start the Xwindows session remotely to connect with vncserver?

    Read the article

  • How to disable automatic login?

    - by iammilind
    I was playing around with "User accounts" and somehow set automatic login. Now, when I start my PC, it just has one button named as "login". Clicking that button, directly logs me in to my PC. There is no music or no asking for password while logging in. As a side effect, it asks me separately for keyring password How to disable auto login and make login/keyring password unified again like before? NOTE: Attempting to disable Automatic Login from System Settings User Accounts does not work. This is the content of my /etc/lightdm/lightdm.conf (where I have commented the autologin for my username mgandhi): [SeatDefaults] greeter-session=unity-greeter user-session=ubuntu #autologin-user=mgandhi

    Read the article

  • How to setup passwordless SSH access for root user

    - by Cerin
    I need to configure a machine so software installation can be automated remotely via SSH. Following the wiki, I was able to setup SSH keys so my user can access the machine without a password, but I still need to manually enter my password when I use sudo, which obviously an automated process shouldn't have to do. Although my /etc/ssh/sshd_config has PermitRootLogin yes, I can't seem to be able to login as root, presumably because it's not a "real" account with a separate password. How do I configure SSH keys, so a process can remotely login as root on Ubuntu?

    Read the article

< Previous Page | 100 101 102 103 104 105 106 107 108 109 110 111  | Next Page >