Search Results

Search found 25503 results on 1021 pages for 'browser security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 105/1021 | < Previous Page | 101 102 103 104 105 106 107 108 109 110 111 112  | Next Page >

  • WPF Browser is there, but invisible.

    - by Adam Crossland
    I am attempting to use the Browser control in a very simple WPF application, and it appears that while the browser is loading the page that I requested (I can mouseover images and see the ALT tags), I can't actually see anything else: Here is the XAML for the app: <Window x:Class="SmokeyBox2.MainWindow" xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation" xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml" Title="SmokeyBox" Height="120" Width="510" ShowInTaskbar="False" SizeToContent="WidthAndHeight" WindowStyle="None" AllowsTransparency="True" MouseLeftButtonDown="Window_MouseLeftButtonDown"> <Border Background="#50FFFFFF" CornerRadius="5" BorderThickness="2,0,2,2" Padding="5 1 5 5"> <Grid> <Grid.RowDefinitions> <RowDefinition Height="Auto"></RowDefinition> <RowDefinition Height="Auto"></RowDefinition> <RowDefinition Height="Auto"></RowDefinition> </Grid.RowDefinitions> <Grid.ColumnDefinitions> <ColumnDefinition Width="Auto"></ColumnDefinition> <ColumnDefinition Width="Auto"></ColumnDefinition> </Grid.ColumnDefinitions> <Label Grid.Row="0" Grid.Column="0" Background="Transparent" Content="SmokeyBox" MouseLeftButtonDown="Label_MouseLeftButtonDown" /> <TextBox Grid.Row="1" Grid.Column="0" Name="searchText" Width="450" FontFamily="Arial" Foreground="DarkGray" Background="Transparent" FontSize="20" MouseLeftButtonDown="searchText_MouseLeftButtonDown" BorderBrush="Transparent" /> <Expander Grid.Row="1" Grid.Column="1" Padding="2 3 0 0 " Expanded="Expander_Expanded" Collapsed="Expander_Collapsed" /> <WebBrowser Grid.Row="2" Grid.Column="0" x:Name="browser" Visibility="Visible" Width="480" Height="480" Margin="2 2 2 2" ></WebBrowser> </Grid> </Border> </Window> So can anyone help me figure out why the browser isn't showing the Yahoo! home page like I asked it to? And while I am at it, I'm going to own up to the fact that this is my first WPF app, and I'd love to hear any general pointers on how to get rid of general noobie badness in my XAML. Thanks.

    Read the article

  • how to verify browser IP for server-side web service

    - by Anthony
    I have a web service that needs to be able to verify the end-user's IP that called the server-script that is requesting the web service. Simple layout: Person A goes to Webpage B. Webpage B calls Web Service C to get some info on Person A. Web Service C won't give Webpage B the requested information without confirmation that the request originated from Person A's IP and not someone who has stolen Person A's session. I'm thinking that for a browser-based solution, the original site (Webpage B) can open an iframe that goes to the Web Service's authentication page. A key of some kind is passed to the browser which will some how indicate both the user's IP and Web Page B's IP, so that the Web Service can confirm that no one has nabbed anything. I have two challenges, but I'll stick to the more immediate one first: I'm not sure if my browser-based plan really makes sense. If someone steals the session cookie, how is the Web Service going to know? Would this cookie be held be Web Page B and thus be harder to steal? Is it a sound assumption that a cookie or key held by the server only and not the browser is safe? Also, would the web service, based on the iframe initial connection, be expecting the server/user-ip combo? What I mean is, does the session key provided via the iframe get stored by the web service and the Web Site B shows it has a match? Or is the session key more generic, meaning the web service is passed the key by Website B and the Web Service verifies that this is a valid session key based on what a valid session key should look like?

    Read the article

  • XBAP Browser Control - Invoking Click event of the html Input type button

    - by maharaj
    Hi, Here is what I have. 1.XBAP application with WPF Browser control, hosted on Page1.xaml 2.XBAP in Full Trust, certificate installed in client browser 3.Once the XBAP loaded, the browser control is navigated to some third party site. 4.We are using MVVM for XAML stuff So, when a certain page is loaded, I attach click event handler to the input button with id="submit" on the html page displayed in the browser control (used the code similar to whats in this URL http://social.msdn.microsoft.com/Forums/en-US/wpf/thread/a4f0e4d0-78bf-44c5-a3fe-8faf2e7a0568/). It works just fine as long as I dont make a wcf web service call in my ViewModel, before or after I attach this event hander. Idea is to invoke the click event for the html button and grab the data from the html page before calling the webservice to save data from the page. Here is the issue: When I make the wcf webservice call (sync or async, it doesnt matter) the click event doesnt happen but if I comment out the the code for wcf service call the click event of the html input of type button gets invoked. Any help would be appreciated. Thanks, Salil

    Read the article

  • Make phone browser open a URL on Symbian S60 3rd Ed programmatically

    - by ardsrk
    On clicking a URL displayed in my application running on a Symbian S60 3rd Edition device should make the phone browser ( which is already open ) open the specified URL. Here is the code: _LIT( KUrlPrefix,"4 " ) void CMunduIMAppUi::OpenInBrowser(const TDesC& aUrl) { HBufC *url = NULL; const TInt KWmlBrowserUid =0x10008D39; TUid id( TUid::Uid( KWmlBrowserUid ) ); TApaTaskList taskList( CEikonEnv::Static()->WsSession() ); TApaTask task = taskList.FindApp( id ); // Checks if the browser is already open if ( task.Exists() ) { HBufC8* parameter = HBufC8::NewL( aUrl.Length()+ KUrlPrefix().Length()); parameter->Des().Copy(KUrlPrefix); parameter->Des().Append(aUrl); task.BringToForeground(); task.SendMessage(TUid::Uid(0), *parameter); // UID not used delete parameter; parameter = NULL; } } When I use this code to open a URL the browser comes to the foreground but does not get directed to the URL. I suspect something is wrong in SendMessage call that is called after the browser is brought to foreground: task.SendMessage(TUid::Uid(0), *parameter); // UID not used

    Read the article

  • Android: Associating Browser to File Type in App

    - by tekmunki
    I'm attempting to write a simple app that associates a file type to the browser; this is assuming the browser will open the file locally... If this doesn't work, the local file - editor will be fine. I have an option of auto-mailing .ELC files from a custom app, they are basically html formatted TEXT or TXT only files; I would like to associate the .elc extension so that it will open direct from mail rather than just "Save to SD Card" as a mail option. Here's the code I'm at right now; AndroidManifest.xml: ELCViewer.java: package com.tekmunki.ELCViewer; import android.app.Activity; import android.os.Bundle; import android.widget.TextView; public class ELCViewer extends Activity { /** Called when the activity is first created. */ @Override public void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); TextView tv = new TextView(this); tv.setText("ELC Viewer Installed! Now, when you receive the ELC files, they will open in the browser."); setContentView(tv); } } 1) How do I make the browser associated with the ELCViewer Activity? (Do I need to make a second activity, or can that all be done in the manifest?) 2) How do I make it persist after the app has been ran once?

    Read the article

  • Integrated Security on Reporting Services XML Datasource

    - by Nathan
    Hey all, I am working on setting up my report server to use a web service as an XML datasource. I seem to be having authentication issues between the web service and the report with I choose to use Integrated security. Here's what I have: 1) I have a website w/ an exposed service. This website is configured to run ONLY on Integrated Security. This means that we have all other modes turned off AND Enabled anonymous access turned off under directory security. 2) Within the Web.config of the website, I have the authentication mode set to Windows. 3) I have the report datasource set to being an XML data source. I have the correct URL to the service and have it set to Windows Integrated Security. Since I am making a hop from the Browser to the Reporting Server to the Web Service, I wonder if I am having an issue w/ Kerberos, but I am not sure. When I try to access the service, I get a 401 error. Here are the IIS logs that I am generating: 2011-01-07 14:52:12 W3SVC IP_ADDY POST /URL.asmx - 80 - IP_ADDY - 401 1 0 2011-01-07 14:52:12 W3SVC IP_ADDY POST /URL.asmx - 80 - IP_ADDY - 401 1 5 Has anyone worked out this issue before? Thanks!

    Read the article

  • The best, in the West

    - by Fatherjack
    As many of you know, I run the SQL South West user group and we are currently in full flow preparing to stage the UK’s second SQL Saturday. The SQL Saturday spotlight is going to fall on Exeter in March 2013. We have full-day session on Friday 8th with some truly amazing speakers giving their insights and experience into some vital areas of working with SQL Server: Dave Ballantyne and Dave Morrison – TSQL and internals Christian Bolton and Gavin Payne – Mission critical data platforms on Windows Server 2012 Denny Cherry – SQL Server Security André Kamman – Powershell 3.0 for SQL Server Administrators and Developers Mladen Prajdic – From SQL Traces to Extended Events – The next big switch. A number of people have claimed that the choice is too good and they’d have trouble selecting just one session to attend. I can see how this is a problem but hope that they make their minds up quickly. The venue is a bespoke conference suite in the centre of Exeter but has limited capacity so we are working on a first-come first-served basis. All the session details and booking and travel information can be found on our user group website. The Saturday will be a day of free, 50 minute sessions on all aspects SQL Server from almost 30 different speakers. If you would like to submit a session then get a move on as submissions close on 8th January 2013 (That’s less than a month away). We are really interested in getting new speakers started so we have a lightning talk session where you can come along and give a small talk (anywhere from 5 to 15 minutes long) about anything connected with SQL Server as a way to introduce you to what it’s like to be a speaker at an event. Details on registering to attend and to submit a session (Lightning talks need to be submitted too please) can be found on our SQL Saturday pages. This is going to be the biggest and best bespoke SQL Server conference to ever take place this far South West in the UK and we aim to give everyone who comes to either day a real experience of the South West so we have a few surprises for you on the day.

    Read the article

  • SQL SERVER – Importance of User Without Login – T-SQL Demo Script

    - by pinaldave
    Earlier I wrote a blog post about SQL SERVER – Importance of User Without Login and my friend and SQL Expert Vinod Kumar has written excellent follow up blog post about Contained Databases inside SQL Server 2012. Now lots of people asked me if I can also explain the same concept again so here is the small demonstration for it. Let me show you how login without user can help. Before we continue on this subject I strongly recommend that you read my earlier blog post here. In following demo I am going to demonstrate following situation. Login using the System Admin account Create a user without login Checking Access Impersonate the user without login Checking Access Revert Impersonation Give Permission to user without login Impersonate the user without login Checking Access Revert Impersonation Clean up USE [AdventureWorks2012] GO -- Step 1 : Login using the SA -- Step 2 : Create Login Less User CREATE USER [testguest] 9ITHOUT LOGIN WITH DEFAULT_SCHEMA=[dbo] GO -- Step 3 : Checking access to Tables SELECT * FROM sys.tables; -- Step 4 : Changing the execution contest EXECUTE AS USER   = 'testguest'; GO -- Step 5 : Checking access to Tables SELECT * FROM sys.tables; GO -- Step 6 : Reverting Permissions REVERT; -- Step 7 : Giving more Permissions to testguest user GRANT SELECT ON [dbo].[ErrorLog] TO [testguest]; GRANT SELECT ON [dbo].[DatabaseLog] TO [testguest]; GO -- Step 8 : Changing the execution contest EXECUTE AS USER   = 'testguest'; GO -- Step 9 : Checking access to Tables SELECT * FROM sys.tables; GO -- Step 10 : Reverting Permissions REVERT; GO -- Step 11: Clean up DROP USER [testguest]Step 3 GO Here is the step 9 we will be able to notice that how a user without login gets access to some of the data/object which we gave permission. What I am going to prove with this example? Well there can be different rights with different account. Once the login is authenticated it makes sense for impersonating a user with only necessary permissions to be used for further operation. Again this is very basic and fundamental example. There are lots of more points to be discussed as we go in future posts. Just do not take this blog post as a template and implement everything as it is. Reference: Pinal Dave (http://blog.sqlauthority.com) Filed under: PostADay, SQL, SQL Authority, SQL Query, SQL Security, SQL Server, SQL Tips and Tricks, T SQL, Technology

    Read the article

  • How To Uninstall, Disable, and Remove Windows Defender. Also, How Turn it Off

    - by The Geek
    If you’re already running a full anti-malware suite, you might not even realize that Windows Defender is already installed with Windows, and is probably wasting precious resources. Here’s how to get rid of it. Now, just to be clear, we’re not saying that we hate Windows Defender. Some spyware protection is better than none, and it’s built in and free! But… if you are already running something that provides great anti-malware protection, there’s no need to have more than one application running at a time. Disable Windows Defender Unfortunately, Windows Defender is completely built into Windows, and you’re not going to actually uninstall it. What we can do, however, is disable it. Open up Windows Defender, go to Tools on the top menu, and then click on Options. Now click on Administrator on the left-hand pane, uncheck the box for “Use this program”, and click the Save button. You will then be told that the program is turned off. Awesome! If you really, really want to make sure that it never comes back, you can also open up the Services panel through Control Panel, or by typing services.msc into the Start Menu search or run boxes. Find Windows Defender in the list and double-click on it… And then you can change Startup type to Disabled. Now again, we’re not necessarily advocating that you get rid of Windows Defender. Make sure you keep yourself protected from malware! Similar Articles Productive Geek Tips Stop an Application from Running at Startup in Windows VistaRemove "Map Network Drive" Menu Item from Windows Vista or XPManually Remove Skype Extension from FirefoxUninstall, Disable, or Delete Internet Explorer 8 from Windows 7Still Useful in Vista: Startup Control Panel TouchFreeze Alternative in AutoHotkey The Icy Undertow Desktop Windows Home Server – Backup to LAN The Clear & Clean Desktop Use This Bookmarklet to Easily Get Albums Use AutoHotkey to Assign a Hotkey to a Specific Window Latest Software Reviews Tinyhacker Random Tips DVDFab 6 Revo Uninstaller Pro Registry Mechanic 9 for Windows PC Tools Internet Security Suite 2010 Combine MP3 Files Easily QuicklyCode Provides Cheatsheets & Other Programming Stuff Download Free MP3s from Amazon Awe inspiring, inter-galactic theme (Win 7) Case Study – How to Optimize Popular Wordpress Sites Restore Hidden Updates in Windows 7 & Vista

    Read the article

  • What Would a CyberWar Do To Your Business?

    - by Brian Dayton
    In mid-February the Bipartisan Policy Center in the United States hosted Cyber ShockWave, a simulation of how the country might respond to a catastrophic cyber event. An attack takes place, they can't isolate where it came from or who did it, simulated press reports and market impacts...and the participants in the exercise have to brief the President and advise him/her on what to do. Last week, Former Department of Homeland Security Secretary Michael Chertoff who participated in the exercise summarized his findings in Federal Computer Weekly. The article, given FCW's readership and the topic is obviously focused on the public sector and US Federal policies. However, it touches on some broader issues that impact the private sector as well--which are applicable to any government and country/region-- such as: ·         How would the US (or any) government collaborate to identify and defeat such an attack? Chertoff calls this out as a current gap. How do the public and private sector collaborate today? How would the massive and disparate collection of agencies and companies act together in a crunch? ·         What would the impact on industries and global economies be? Chertoff, and a companion article in Government Computer News, only touch briefly on the subject--focusing on the impact on capital markets. "There's no question this has a disastrous impact on the economy," said Stephen Friedman, former director of the National Economic Council under President George W. Bush who played the role of treasury secretary. "You have financial markets shut down at this point, ordinary transactions are dramatically depleted, there's no question that this has a major impact on consumer confidence." That Got Me Thinking ·         How would it impact Oracle's customers? I know they have business continuity plans--is this one of their scenarios? What if it's not? How would it impact manufacturing lines, ATM networks, customer call centers... ·         How would it impact me and the companies I rely on? The supermarket down the street, my Internet Service Provider, the service station where I bought gas last night.   I sure don't have any answers, and neither do Chertoff or the participants in the exercise. "I have to tell you that ... we are operating in a bit of unchartered territory." said Jamie Gorelick, a former deputy attorney general who played the role of attorney general in the exercise.    But it is a good thing that governments and businesses are considering this scenario and doing what they can to prevent it from happening.

    Read the article

  • Renault under threat from industrial espionage, intellectual property the target

    - by Simon Thorpe
    Last year we saw news of both General Motors and Ford losing a significant amount of valuable information to competitors overseas. Within weeks of the turn of 2011 we see the European car manufacturer, Renault, also suffering. In a recent news report, French Industry Minister Eric Besson warned the country was facing "economic war" and referenced a serious case of espionage which concerns information pertaining to the development of electric cars. Renault senior vice president Christian Husson told the AFP news agency that the people concerned were in a "particularly strategic position" in the company. An investigation had uncovered a "body of evidence which shows that the actions of these three colleagues were contrary to the ethics of Renault and knowingly and deliberately placed at risk the company's assets", Mr Husson said. A source told Reuters on Wednesday the company is worried its flagship electric vehicle program, in which Renault with its partner Nissan is investing 4 billion euros ($5.3 billion), might be threatened. This casts a shadow over the estimated losses of Ford ($50 million) and General Motors ($40 million). One executive in the corporate intelligence-gathering industry, who spoke on condition of anonymity, said: "It's really difficult to say it's a case of corporate espionage ... It can be carelessness." He cited a hypothetical example of an enthusiastic employee giving away too much information about his job on an online forum. While information has always been passed and leaked, inadvertently or on purpose, the rise of the Internet and social media means corporate spies or careless employees are now more likely to be found out, he added. We are seeing more and more examples of where companies like these need to invest in technologies such as Oracle IRM to ensure such important information can be kept under control. It isn't just the recent release of information into the public domain via the Wikileaks website that is of concern, but also the increasing threats of industrial espionage in cases such as these. Information rights management doesn't totally remove the threat, but abilities to control documents no matter where they exist certainly increases the capabilities significantly. Every single time someone opens a sealed document the IRM system audits the activity. This makes identifying a potential source for a leak much easier when you have an absolute record of every person who's had access to the documents. Oracle IRM can also help with accidental or careless loss. Often people use very sensitive information all the time and forget the importance of handling it correctly. With the ability to protect the information from screen shots and prevent people copy and pasting document information into social networks and other, unsecured documents, Oracle IRM brings a totally new level of information security that would have a significant impact on reducing the risk these organizations face of losing their most valuable information.

    Read the article

  • How to store Role Based Access rights in web application?

    - by JonH
    Currently working on a web based CRM type system that deals with various Modules such as Companies, Contacts, Projects, Sub Projects, etc. A typical CRM type system (asp.net web form, C#, SQL Server backend). We plan to implement role based security so that basically a user can have one or more roles. Roles would be broken down by first the module type such as: -Company -Contact And then by the actions for that module for instance each module would end up with a table such as this: Role1 Example: Module Create Edit Delete View Company Yes Owner Only No Yes Contact Yes Yes Yes Yes In the above case Role1 has two module types (Company, and Contact). For company, the person assigned to this role can create companies, can view companies, can only edit records he/she created and cannot delete. For this same role for the module contact this user can create contacts, edit contacts, delete contacts, and view contacts (full rights basically). I am wondering is it best upon coming into the system to session the user's role with something like a: List<Role> roles; Where the Role class would have some sort of List<Module> modules; (can contain Company, Contact, etc.).? Something to the effect of: class Role{ string name; string desc; List<Module> modules; } And the module action class would have a set of actions (Create, Edit, Delete, etc.) for each module: class ModuleActions{ List<Action> actions; } And the action has a value of whether the user can perform the right: class Action{ string right; } Just a rough idea, I know the action could be an enum and the ModuleAction can probably be eliminated with a List<x, y>. My main question is what would be the best way to store this information in this type of application: Should I store it in the User Session state (I have a session class where I manage things related to the user). I generally load this during the initial loading of the application (global.asax). I can simply tack onto this session. Or should this be loaded at the page load event of each module (page load of company etc..). I eventually need to be able to hide / unhide various buttons / divs based on the user's role and that is what got me thinking to load this via session. Any examples or points would be great.

    Read the article

  • What Would a CyberWar Do To Your Business?

    - by [email protected]
    In mid-February the Bipartisan Policy Center in the United States hosted Cyber ShockWave, a simulation of how the country might respond to a catastrophic cyber event. An attack takes place, they can't isolate where it came from or who did it, simulated press reports and market impacts...and the participants in the exercise have to brief the President and advise him/her on what to do. Last week, Former Department of Homeland Security Secretary Michael Chertoff who participated in the exercise summarized his findings in Federal Computer Weekly. The article, given FCW's readership and the topic is obviously focused on the public sector and US Federal policies. However, it touches on some broader issues that impact the private sector as well--which are applicable to any government and country/region-- such as: · How would the US (or any) government collaborate to identify and defeat such an attack? Chertoff calls this out as a current gap. How do the public and private sector collaborate today? How would the massive and disparate collection of agencies and companies act together in a crunch? · What would the impact on industries and global economies be? Chertoff, and a companion article in Government Computer News, only touch briefly on the subject--focusing on the impact on capital markets. "There's no question this has a disastrous impact on the economy," said Stephen Friedman, former director of the National Economic Council under President George W. Bush who played the role of treasury secretary. "You have financial markets shut down at this point, ordinary transactions are dramatically depleted, there's no question that this has a major impact on consumer confidence." That Got Me Thinking · How would it impact Oracle's customers? I know they have business continuity plans--is this one of their scenarios? What if it's not? How would it impact manufacturing lines, ATM networks, customer call centers... · How would it impact me and the companies I rely on? The supermarket down the street, my Internet Service Provider, the service station where I bought gas last night. I sure don't have any answers, and neither do Chertoff or the participants in the exercise. "I have to tell you that ... we are operating in a bit of unchartered territory." said Jamie Gorelick, a former deputy attorney general who played the role of attorney general in the exercise. But it is a good thing that governments and businesses are considering this scenario and doing what they can to prevent it from happening.

    Read the article

  • Is reliance on parametrized queries the only way to protect against SQL injection?

    - by Chris Walton
    All I have seen on SQL injection attacks seems to suggest that parametrized queries, particularly ones in stored procedures, are the only way to protect against such attacks. While I was working (back in the Dark Ages) stored procedures were viewed as poor practice, mainly because they were seen as less maintainable; less testable; highly coupled; and locked a system into one vendor; (this question covers some other reasons). Although when I was working, projects were virtually unaware of the possibility of such attacks; various rules were adopted to secure the database against corruption of various sorts. These rules can be summarised as: No client/application had direct access to the database tables. All accesses to all tables were through views (and all the updates to the base tables were done through triggers). All data items had a domain specified. No data item was permitted to be nullable - this had implications that had the DBAs grinding their teeth on occasion; but was enforced. Roles and permissions were set up appropriately - for instance, a restricted role to give only views the right to change the data. So is a set of (enforced) rules such as this (though not necessarily this particular set) an appropriate alternative to parametrized queries in preventing SQL injection attacks? If not, why not? Can a database be secured against such attacks by database (only) specific measures? EDIT Emphasis of the question changed slightly, in the light of the initial responses received. Base question unchanged. EDIT2 The approach of relying on paramaterized queries seems to be only a peripheral step in defense against attacks on systems. It seems to me that more fundamental defenses are both desirable, and may render reliance on such queries not necessary, or less critical, even to defend specifically against injection attacks. The approach implicit in my question was based on "armouring" the database and I had no idea whether it was a viable option. Further research has suggested that there are such approaches. I have found the following sources that provide some pointers to this type of approach: http://database-programmer.blogspot.com http://thehelsinkideclaration.blogspot.com The principle features I have taken from these sources is: An extensive data dictionary, combined with an extensive security data dictionary Generation of triggers, queries and constraints from the data dictionary Minimize Code and maximize data While the answers I have had so far are very useful and point out difficulties arising from disregarding paramaterized queries, ultimately they do not answer my original question(s) (now emphasised in bold).

    Read the article

  • Can see samba shares but not access them

    - by nitefrog
    For the life of me I cannot figure this one out. I have samba installed and set up on the ubuntu box and on the Win7 box I CAN SEE all the shares I created. I created two users on ubuntu that map to the users in windows. On ubuntu they are both admins, user A & B on Windows User A is admin and user B is poweruser. User A can see both shares and access them, but user B can see everythin, but only access the homes directory, the other directory throws an error. I have two drives in Ubuntu and this is the smb.config file (I am new to samba): [global] workgroup = WORKGROUP server string = %h server (Samba, Ubuntu) wins support = no dns proxy = yes name resolve order = lmhosts host wins bcast log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d security = user encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes map to guest = bad user ; usershare max shares = 100 usershare allow guests = yes And here is the share section: Both user A & B can access this from windows. No problems. [homes] comment = Home Directories browseable = no writable = yes Both User A & B can see this share, but only user A can access it. User B get an error thrown. [stuff] comment = Unixmen File Server path = /media/data/appinstall/ browseable = yes ;writable = no read only = yes hosts allow = The permission for the media/data/appinstall/ is as follows: appInstall properties: share name: stuff Allow others to create and delete files in this folder is cheeked Guest access (for people without a user account) is checked permissions: Owner: user A Folder Access: Create and delete files File Access: --- Group: user A Folder Access: Create and delete files File Access: --- Others Folder Access: Create and delete files File Access: --- I am at a loss and need to get this work. Any ideas? The goal is to have a setup like this. 3 users on window machines. Each user on the data drive will have their own personal folder where they are the ones that can only access, then another folder where 2 of the users will have read only and one user full access. I had this setup before on windows, but after what happened I am NEVER going back to windows, so Unix here I am to stay! I am really stuck. I am running Ubuntu 11. I could reformat again and put on version 10 if that would make life easier. I have been dealing with this since Wed. 3pm. Thanks.

    Read the article

  • How to set up an rsync backup to Ubuntu securely?

    - by ws_e_c421
    I have been following various other tutorials and blog posts on setting up a Ubuntu machine as a backup "server" (I'll call it a server, but it's just running Ubuntu desktop) that I push new files to with rsync. Right now, I am able to connect to the server from my laptop using rsync and ssh with an RSA key that I created and no password prompt when my laptop is connected to my home router that the server is also connected to. I would like to be able to send files from my laptop when I am away from home. Some of the tutorials I have looked at had some brief suggestions about security, but they didn't focus on them. What do I need to do to let my laptop with send files to the server without making it too easy for someone else to hack into the server? Here is what I have done so far: Ran ssh-keygen and ssh-copy-id to create a key pair for my laptop and server. Created a script on the server to write its public ip address to a file, encrypt the file, and upload to an ftp server I have access to (I know I could sign up for a free dynamic DNS account for this part, but since I have the ftp account and don't really need to make the ip publicly accessible I thought this might be better). Here are the things I have seen suggested: Port forwarding: I know I need to assign the server a fixed ip address on the router and then tell the router to forward a port or ports to it. Should I just use port 22 or choose a random port and use that? Turn on the firewall (ufw). Will this do anything, or will my router already block everything except the port I want? Run fail2ban. Are all of those things worth doing? Should I do anything else? Could I set up the server to allow connections with the RSA key only (and not with a password), or will fail2ban provide enough protection against malicious connection attempts? Is it possible to limit the kinds of connections the server allows (e.g. only ssh)? I hope this isn't too many questions. I am pretty new to Ubuntu (but use the shell and bash scripts on OSX). I don't need to have the absolute most secure set up. I'd like something that is reasonably secure without being so complicated that it could easily break in a way that would be hard for me to fix.

    Read the article

  • SSL + Jquery + Ajax

    - by chobo2
    Hi I starting too look at a bit of security into my site. My site I would consider a very low security risk as it has really no personal information from the user other than email. However the security risk will go up a bit as I am partnering with a company and the initial password for this companies users will be the same password they use essentially to get onto the network and every piece of software. So I have up my security( what is fine by me...I wanted to get around to this anyways). So one of my security concerns is this. A user logs in. form submit(non ajax is done). Password is hashed & Salted and compared to one in the database. Reject or let them proceed. So this uses no jquery or ajax but is just asp.net mvc and C#. Still if my understanding is right the password is sent in clear text. So if a use SSL and I would not need to worry about that is this correct? If that is true is that all I need? Second the user can change their password at anytime. This is done through ajax. So when the password is sent it is sent in clear text( and I can verify this by looking at firebug). So if I have SSL enabled on this page is that all I need or do I need to do more? So I am just kinda confused of what I need to make the password being sent to the server(both ajax and full post ways secure). I am not sure if I need to do more then SSL or if that is enough and if it is not enough what is the next layer of security?

    Read the article

  • apt-get update error after removing apt-key

    - by Caterpillar
    After Running apt-get update on ubuntu 10.04 server, I found this issue, Can any help me to solve this issue. Before this I had remove apt-key. Where can I get this apt-key to add it again. apt-get update Get:1 http://security.ubuntu.com lucid-security Release.gpg [198B] Ign http://security.ubuntu.com/ubuntu/ lucid-security/main Translation-en_IN Ign http://security.ubuntu.com/ubuntu/ lucid-security/restricted Translation-en_IN Get:2 http://in.archive.ubuntu.com lucid Release.gpg [189B] Ign http://in.archive.ubuntu.com/ubuntu/ lucid/main Translation-en_IN Ign http://in.archive.ubuntu.com/ubuntu/ lucid/restricted Translation-en_IN Ign http://security.ubuntu.com/ubuntu/ lucid-security/universe Translation-en_IN Ign http://security.ubuntu.com/ubuntu/ lucid-security/multiverse Translation-en_IN Get:3 http://security.ubuntu.com lucid-security Release [44.7kB] Err http://security.ubuntu.com lucid-security Release Ign http://in.archive.ubuntu.com/ubuntu/ lucid/universe Translation-en_IN Ign http://in.archive.ubuntu.com/ubuntu/ lucid/multiverse Translation-en_IN Get:4 http://in.archive.ubuntu.com lucid-updates Release.gpg [198B] Ign http://in.archive.ubuntu.com/ubuntu/ lucid-updates/main Translation-en_IN Ign http://in.archive.ubuntu.com/ubuntu/ lucid-updates/restricted Translation-en_IN Ign http://in.archive.ubuntu.com/ubuntu/ lucid-updates/universe Translation-en_IN Ign http://in.archive.ubuntu.com/ubuntu/ lucid-updates/multiverse Translation-en_IN Hit http://in.archive.ubuntu.com lucid Release Ign http://in.archive.ubuntu.com lucid Release Get:5 http://in.archive.ubuntu.com lucid-updates Release [44.7kB] Err http://in.archive.ubuntu.com lucid-updates Release Hit http://in.archive.ubuntu.com lucid/main Packages Hit http://in.archive.ubuntu.com lucid/restricted Packages Hit http://in.archive.ubuntu.com lucid/main Sources Hit http://in.archive.ubuntu.com lucid/restricted Sources Hit http://in.archive.ubuntu.com lucid/universe Packages Hit http://in.archive.ubuntu.com lucid/universe Sources Hit http://in.archive.ubuntu.com lucid/multiverse Packages Hit http://in.archive.ubuntu.com lucid/multiverse Sources Fetched 587B in 1s (465B/s) Reading package lists... Done W: A error occurred during the signature verification. The repository is not updated and the previous index files will be used.GPG error: http://security.ubuntu.com lucid-security Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5 W: GPG error: http://in.archive.ubuntu.com lucid Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5 W: A error occurred during the signature verification. The repository is not updated and the previous index files will be used.GPG error: http://in.archive.ubuntu.com lucid-updates Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5 W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/lucid-security/Release W: Failed to fetch http://in.archive.ubuntu.com/ubuntu/dists/lucid-updates/Release W: Some index files failed to download, they have been ignored, or old ones used instead.

    Read the article

  • Open file - Security warning

    - by joker
    Does anyone know how to disable the unknown publisher security warning when running an application in Windows Xp Home? It's pretty annoying to have to click run everytime... I have tried: Run gpedit.msc, and go to Local Computer Policy-User Configuration-Administrative Templates-Windows Components-Attachment Manager and enable "Default risk level for file attachments", and then enable "Inclusion list for low risk file types" and add to this list the file extensions that you want to open without triggering this crap. But this file 'gpedit.msc' doest not exist on my computer, i checked system32 folder also =/ maybe its for xp pro

    Read the article

  • SSL security error

    - by shah
    What would the reason of getting the following error? Microsoft OLE DB Provider for SQL Server error '80004005' [DBNETLIB][ConnectionOpen (SECDoClientHandshake()).]SSL Security error.

    Read the article

  • How to prevent yourself from commenting on websites?

    - by MHH
    There is a bunch of browser add ons to either block particular websites (i.e. leechblock, chrome nanny or various OS specific solutions) or block the comment section of a website (i.e. commentBlocker). However, what if you want to be able to read the comment section of all websites, but want to never be able to add comments yourself, on particular sites? Is there anything that will allow this? I'm particularly interested in answers that will work for both windows and mac, and will also work for google chrome, firefox, and safari (note they can be different solutions for each browser/operating system)

    Read the article

  • Displaying XML in Chrome Browser

    - by Josh
    I love the Chrome browser but I use XML quite a lot in my development work and when I view it in Chrome I just get the rendered text. I know that the source view is slightly better but I'd really like to see the layout and functionality that IE adds to XML namely: Highlighting Open/close nodes Any ideas how I can get this on Chrome? Thanks, Josh UPDATE: The XMLTree Extension is available on Google Chrome Extension Beta Site. Thanks again for your help.

    Read the article

  • How can I regain control over a "stuck" scrollbar?

    - by jonsca
    I fear that this is one of those "for your own good" features, but I'm wondering whether or not there is a setting in Firefox or Chrome (or perhaps Windows in general) that will allow me to recapture the scroll bar even though the browser may be busy. I run into this a lot, especially when I have a lot of tabs open in either browser, and so perhaps it's just a fact of life. I wouldn't mind being able to scroll along gradually, even if the page hasn't had time to fully render all of the images, etc., yet. Does such an advanced setting exist "under the hood"?

    Read the article

  • Exporting Speed Dial settings from within Firefox into Chrome Speed dial...

    - by Paul
    Win7 Home Prem 32-bit I usually use Firefox as my browser of choice and have been using the Addin Speed Dial for ages. I have many sites added on multiple tabs within it. I have just installed the Google Chrome browser which also has the Speed Dial Extension. Is there a way to export/import/copy/sync my Speed Dial settings i have in Firefox to the Speed Dial extension in Chrome? I know i can export from Speed Dial in Firefox but can't see any easy way to import from Speed Dial in Chrome.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 101 102 103 104 105 106 107 108 109 110 111 112  | Next Page >