Search Results

Search found 30819 results on 1233 pages for 'software security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 108/1233 | < Previous Page | 104 105 106 107 108 109 110 111 112 113 114 115  | Next Page >

  • SRs @ Oracle: How do I License Thee?

    - by [email protected]
    With the release of the new Sun Ray product last week comes the advent of a different software licensing model. Where Sun had initially taken the approach of '1 desktop device = one license', we later changed things to be '1 concurrent connection to the server software = one license', and while there were ways to tell how many connections there were at a time, it wasn't the easiest thing to do.  And, when should you measure concurrency?  At your busiest time, of course... but when might that be?  9:00 Monday morning this week might yield a different result than 9:00 Monday morning last week.In the acquisition of this desktop virtualization product suite Oracle has changed things to be, in typical Oracle fashion, simpler.  There are now two choices for customers around licensing: Named User licenses and Per Device licenses.Here's how they work, and some examples:The Rules1) A Sun Ray device, and PC running the Desktop Access Client (DAC), are both considered unique devices.OR, 2) Any user running a session on either a Sun Ray or an DAC is still just one user.So, you have a choice of path to go down.Some Examples:Here are 6 use cases I can think of right now that will help you choose the Oracle server software licensing model that is right for your business:Case 1If I have 100 Sun Rays for 100 users, and 20 of them use DAC at home that is 100 user licenses.If I have 100 Sun Rays for 100 users, and 20 of them use DAC at home that is 120 device licenses.Two cases using the same metrics - different licensing models and therefore different results.Case 2If I have 100 Sun Rays for 200 users, and 20 of them use DAC at home that is 200 user licenses.If I have 100 Sun Rays for 200 users, and 20 of them use DAC at home that is 120 device licenses.Same metrics - very different results.Case 3If I have 100 Sun Rays for 50 users, and 20 of them use DAC at home that is 50 user licenses.If I have 100 Sun Rays for 50 users, and 20 of them use DAC at home that is 120 device licenses.Same metrics - but again - very different results.Based on the way your business operates you should be able to see which of the two licensing models is most advantageous to you.Got questions?  I'll try to help.(Thanks to Brad Lackey for the clarifications!)

    Read the article

  • How to find domain registrar and DNS hosting with good DNSSEC support?

    - by rsp
    Simplified problem I want to buy a domain and make a website that is fully secured with DNSSEC. Background I've been hearing about the insecurity of DNS for years. I've watched all of the talks by Dan Kaminsky and others from DNS exploits to The future of DNS Security Panel. I knew that using DNS without security is a disaster waiting to happen. I followed the development of the DNSSEC standard. I celebrated the key signing ceremony. Everything was on the right track to finally have a secure DNS system in place. And now more than 2 years later I wanted to just do what everyone said I should do: use DNSSEC for a new domain. So I need a domain registrar and a DNS hosting service that supports DNSSEC. Surprisingly it is not that easy to even find out who does support DNSSEC. It was actually much easier to find info on DNSSEC two years ago when everyone was going to support DNSSEC Real Soon Now but now years passed and I hardly see any progress done. I just hope that I was just looking in the wrong places and someone here will explain all of the doubts. I hope that other people who want to have a secure website will also find this question useful. What is needed registrar and DNS servers with full DNSSEC support for .com domains What is not needed IPv6 support Web hosting anything more What I found out so far Go Daddy offers Premium DNS service for additional $36 per year that lets you "Secure up to 5 domains with DNSSEC". easyDNS has DNSSEC available in Beta across all service levels (you need to enable the "beta" flag in configuration) but it doesn't seem to be production ready and judging from the lack of updates it isn't a feature of highest priority (the last update from March 2011 on the easyDNS blog). Name.com - according to The Register (US domain registrar does IPv6, DNSSEC) it has DNSSEC support since 2010 but right now (October 2012) I couldn't find anything related to DNSSEC on their website. Dynadot that is very often recommended doesn't support DNSSEC Namecheap that is also often recommended doesn't support DNSSEC. The support answer from 2011 suggested that it was being added but in 2012 still no ETA is given to customers. DynDNS was supposed to support DNSSEC, I found a link explaining DNSSEC support but it gives 404 Not Found page and offers a search box - when searching for DNSSEC I get "No results were found for your query." GKG was recommended online for DNSSEC support but it's hard to find any information on the level of DNSSEC support - there is a brief explanation on what is DNSSEC and how to sign Delegation Signer records in their FAQ but no information about the level of actual support can be found. Ask Slashdot: Which Registrars Support DNSSEC? from July 2011 - Answers list Go Daddy, DynDNS, GKG, Name.com as registrars that support DNSSEC but: see above. Related questions How to find web hosting that meets my requirements? What is needed to add DNSSEC to my site? DNS hosting better managed by Domain provider or Hosting provider? Registrar with good security, DNS hosting, and DNSSEC and IPv6 resolvers? In no. 1 no one is ever mentioning DNS at all. In no. 2 answers only mention the .se TLD, there are very few answers and they seem very outdated. In no. 3 one answer says "On projects that demand higher security, I might look for a web host that supports DNSSEC" but no more information is provided. The only relevant answers are in no. 4 where easyDNS is recommended by someone who has never used them personally. Meanwhile, as of October 2012, the support of DNSSEC is described as "in beta" on the easyDNS feature list. Another one recommends SiteGround but searching their site for DNSSEC returns no results. Other answers recommend web hosting providers that don't meet the requirement of DNSSEC support. Also the question mentioned above lists 9 very specific requirements other than only DNSSEC (like eg. HTTP-only login cookies, two-factor authentications, no DNS record limits, DNS statistics of queries/day, audit trails etc.) which might have excluded many possible recommendations if one is only interested in DNSSEC support. Conclusions I thought that by the end of 2012 the support of DNSSEC among domain registrars and DNS providers would be nearly universal. I am shocked that the support seems virtually nonexistent. Is this a result of some serious problems with the DNSSEC adoption? Or is it just not a hot topic and no one bothers anymore? According to the DNSSEC Scoreboard roughly about 0.1% of .com domains support DNSSEC. Could that be caused by the lack of DNSSEC support among registrars and DNS providers, is the information too hard to find or maybe no one cares? There is even no "dnssec" tag here. Questions The information is surprisingly hard to find. That is why I am asking for first-hand experience and personal recommendations. Has anyone here actually set up a website with DNSSEC, from the domain registration to the configuration of DNS servers? Can anyone recommend any of the registrars mentioned above? Can anyone recommend any registrar not mentioned above?

    Read the article

  • A list of pros and cons to giving developers “Local Admin” privileges to their machines? [closed]

    - by Boden
    Possible Duplicate: Is local “User” rights enough or do developers need Local Administrator or Power User while coding? I currently work for a large utilities company which currently does not grant “Local Admin” access to developers. This is causing a lot of grief as anything that requires elevated privileges needs to be done by the Desktop Support/Server Teams. In some cases this can take several days and requires our developers to have to show why they need this access. I personally think that all developers should have local administration rights and are currently fighting with management to achieve this but I would like to know what other people think about this. To achieve this I would like to hear what people believe are the pros and cons of letting developers have local admin access to their machines. Here are some I have come up with: Pros Loss time is keep low as developers can resolve issues that would normally require Local Admin Evaluation of tools and software are possible to improve productivity Desktop support time not wasted installing services and software on developers PC Cons Developers install software on local PC that could be malicious to others or inappropriate in a business environment Desktop Support required to support a PC that is not the norm Development done with admin access that then fails when promoted to another environment that does not have the same access level

    Read the article

  • ubuntu 12.10 not updating

    - by gunjan parashar
    i have upgrade to ubuntu 12.10 from ubuntu 12.04 after that it is not updating software updater gives the following error : W:Failed to fetch http://archive.canonical.com/ubuntu/dists/precise/Release.gpg Unable to connect to 10.4.42.15:8080: W:Failed to fetch http://extras.ubuntu.com/ubuntu/dists/quantal/Release.gpg Unable to connect to 10.4.42.15:8080: W:Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/quantal/Release.gpg Unable to connect to 10.4.42.15:8080: W:Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/quantal-updates/Release.gpg Unable to connect to 10.4.42.15:8080: W:Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/quantal-backports/Release.gpg Unable to connect to 10.4.42.15:8080: W:Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/quantal-security/Release.gpg Unable to connect to 10.4.42.15:8080: W:Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/quantal-proposed/Release.gpg Unable to connect to 10.4.42.15:8080: W:Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/quantal/restricted/source/Sources Unable to connect to 10.4.42.15:8080: W:Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/quantal/main/source/Sources Unable to connect to 10.4.42.15:8080: W:Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/quantal/multiverse/source/Sources Unable to connect to 10.4.42.15:8080: W:Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/quantal/universe/source/Sources Unable to connect to 10.4.42.15:8080: : W:Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/quantal-proposed/universe/i18n/Translation-en Unable to connect to 10.4.42.15:8080: E:Some index files failed to download. They have been ignored, or old ones used instead. along with this i am not able to install any thing from software center , it just asks to use this source and after that it just keeps on quering software sources and nothing happens after that plz help me out , this 12.10 has became a great problem for me and forgive for my poor engish

    Read the article

  • Take Advantage of Oracle's Ongoing Assurance Effort!

    - by eric.maurice
    Hi, this is Eric Maurice again! A few years ago, I posted a blog entry, which discussed the psychology of patching. The point of this blog entry was that a natural tendency existed for systems and database administrators to be reluctant to apply patches, even security patches, because of the fear of "breaking" the system. Unfortunately, this belief in the principle "if it ain't broke, don't fix it!" creates significant risks for organizations. Running systems without applying the proper security patches can greatly compromise the security posture of the organization because the security controls available in the affected system may be compromised as a result of the existence of the unfixed vulnerabilities. As a result, Oracle continues to strongly recommend that customers apply all security fixes as soon as possible. Most recently, I have had a number of conversations with customers who questioned the need to upgrade their highly stable but otherwise unsupported Oracle systems. These customers wanted to know more about the kind of security risks they were exposed to, by running obsolete versions of Oracle software. As per Oracle Support Policies, Critical Patch Updates are produced for currently supported products. In other words, Critical Patch Updates are not created by Oracle for product versions that are no longer covered under the Premier Support or Extended Support phases of the Lifetime Support Policy. One statement used in each Critical Patch Update Advisory is particularly important: "We recommend that customers upgrade to a supported version of Oracle products in order to obtain patches. Unsupported products, releases and versions are not tested for the presence of vulnerabilities addressed by this Critical Patch Update. However, it is likely that earlier versions of affected releases are also affected by these vulnerabilities." The purpose of this warning is to inform Oracle customers that a number of the vulnerabilities fixed in each Critical Patch Update may affect older versions of a specific product line. In other words, each Critical Patch Update provides a number of fixes for currently supported versions of a given product line (this information is listed for each bug in the Risk Matrices of the Critical Patch Update Advisory), but the unsupported versions in the same product line, while they may be affected by the vulnerabilities, will not receive the fixes, and are therefore vulnerable to attacks. The risk assumed by organizations wishing to remain on unsupported versions is amplified by the behavior of malicious hackers, who typically will attempt to, and sometimes succeed in, reverse-engineering the content of vendors' security fixes. As a result, it is not uncommon for exploits to be published soon after Oracle discloses vulnerabilities with the release of a Critical Patch Update or Security Alert. Let's consider now the nature of the vulnerabilities that may exist in obsolete versions of Oracle software. A number of severe vulnerabilities have been fixed by Oracle over the years. While Oracle does not test unsupported products, releases and versions for the presence of vulnerabilities addressed by each Critical Patch Update, it should be assumed that a number of the vulnerabilities fixed with the Critical Patch Update program do exist in unsupported versions (regardless of the product considered). The most severe vulnerabilities fixed in past Critical Patch Updates may result in full compromise of the targeted systems, down to the OS level, by remote and unauthenticated users (these vulnerabilities receive a CVSS Base Score of 10.0) or almost as critically, may result in the compromise of the affected systems (without compromising the underlying OS) by a remote and unauthenticated users (these vulnerabilities receive a CVSS Base Score of 7.5). Such vulnerabilities may result in complete takeover of the targeted machine (for the CVSS 10.0), or may result in allowing the attacker the ability to create a denial of service against the affected system or even hijacking or stealing all the data hosted by the compromised system (for the CVSS 7.5). The bottom line is that organizations should assume the worst case: that the most critical vulnerabilities are present in their unsupported version; therefore, it is Oracle's recommendation that all organizations move to supported systems and apply security patches in a timely fashion. Organizations that currently run supported versions but may be late in their security patch release level can quickly catch up because most Critical Patch Updates are cumulative. With a few exceptions noted in Oracle's Critical Patch Update Advisory, the application of the most recent Critical Patch Update will bring these products to current security patch level and provide the organization with the best possible security posture for their patch level. Furthermore, organizations are encouraged to upgrade to most recent versions as this will greatly improve their security posture. At Oracle, our security fixing policies state that security fixes are produced for the main code line first, and as a result, our products benefit from the mistakes made in previous version(s). Our ongoing assurance effort ensures that we work diligently to fix the vulnerabilities we find, and aim at constantly improving the security posture our products provide by default. Patch sets include numerous in-depth fixes in addition to those delivered through the Critical Patch Update and, in certain instances, important security fixes require major architectural changes that can only be included in new product releases (and cannot be backported through the Critical Patch Update program). For More Information: • Mary Ann Davidson is giving a webcast interview on Oracle Software Security Assurance on February 24th. The registration link for attending this webcast is located at http://event.on24.com/r.htm?e=280304&s=1&k=6A7152F62313CA09F77EBCEEA9B6294F&partnerref=EricMblog • A blog entry discussing Oracle's practices for ensuring the quality of Critical patch Updates can be found at http://blogs.oracle.com/security/2009/07/ensuring_critical_patch_update_quality.html • The blog entry "To patch or not to patch" is located at http://blogs.oracle.com/security/2008/01/to_patch_or_not_to_patch.html • Oracle's Support Policies are located at http://www.oracle.com/us/support/policies/index.html • The Critical Patch Update & Security Alert page is located at http://www.oracle.com/technetwork/topics/security/alerts-086861.html

    Read the article

  • How do you make Bastille work and secure Ubuntu 12.04? It doesnt work for me `sudo bastille -x`

    - by BobMil
    I was able to install bastille from the normal repositories and then run the GUI. After going through the options and clicking OK to apply, it showed these errors. Do you know why Bastille wont work on Ubuntu 12.04? NOTE: Executing PSAD Specific Configuration NOTE: Executing File Permissions Specific Configuration NOTE: Executing Account Security Specific Configuration NOTE: Executing Boot Security Specific Configuration ERROR: Unable to open /etc/inittab as the swap file /etc/inittab.bastille already exists. Rename the swap file to allow Bastille to make desired file modifications. ERROR: open /etc/inittab.bastille failed... ERROR: open /etc/inittab failed. ERROR: Couldn't insert line to /etc/inittab, since open failed.NOTE: Executing Inetd Specific Configuration

    Read the article

  • How common is prototyping as the first stage of development?

    - by EpsilonVector
    I've been taking some software design courses in the past few semesters, and while I see the benefit in a lot of the formalism, I still feel like it doesn't tell me anything about the program itself. You can't tell how the program is going to operate from the Use Case spec, even though it discusses what the program can do, and you can't tell anything about the user experience from the requirements document, even though it can include QA requirements. ...sequence diagrams are as good a description of how the software works as the call stack, in other words- very limited, highly partial view of the overall system, and a class diagram is great for describing how the system is built, but is utterly useless in helping you figure out what the software needs to be. Where in all this formalism is the bottom line- how the program looks, operates, and what experience it gives? Doesn't it make more sense to design off of that? Isn't it better to figure out how the program should work via a prototype and strive to implement it for real? I know that I'm probably suffering from being taught engineering by theoreticians, but I got to ask, do they do this in the industry? How do people figure out what the program actually is, not what it should conform to? Do people prototype a lot? ...or do they mostly use the formal tools like UML and I just didn't get the hang of using them yet?

    Read the article

  • Effective versus efficient code

    - by Todd Williamson
    TL;DR: Quick and dirty code, or "correct" (insert your definition of this term) code? There is often a tension between "efficient" and "effective" in software development. "Efficient" often means code that is "correct" from the point of view of adhering to standards, using widely-accepted patterns/approaches for structures, regardless of project size, budget, etc. "Effective" is not about being "right", but about getting things done. This often results in code that falls outside the bounds of commonly accepted "correct" standards, usage, etc. Usually the people paying for the development effort have dictated ahead of time what it is that they value more. An organization that lives in a technical space will tend towards the efficient end, others will tend towards the effective. Developers often refuse to compromise their favored approach for the other. In my own experience I have found that people with formal education in software development tend towards the Efficient camp. Those that picked up software development more or less as a tool to get things done tend towards the Effective camp. These camps don't get along very well. When managing a team of developers who are not all in one camp it is challenging. In your own experience, which camp do you land in, and do you find yourself having to justify your approach to others? To management? To other developers?

    Read the article

  • How should I describe the process of learning someone else's code? (In an invoicing situation.)

    - by MattyG
    I have a contract to upgrade some in-house software for a large company. The company has requested multiple feature additions and a few bug fixes. This is my first freelance style job. First, I needed to become familiar with how the application worked - I learnt it as if I was a user. Next, I had to learn how the software worked. I started with broad concepts, and then narrowed down into necessary detail before working on each bug fix and feature. At least at the start of the project, it took me a lot longer to learn the existing code than it did to write the additional features. How can I describe the process of learning the existing code on the invoice? (This part of the company usually does things in-house, so doesn't have much experience dealing with software contractors like me, and I fear they may not understand the overhead of learning someone else's code). I don't want to just tack the learning time onto the actual feature upgrade, because in some cases this would make a 'simple task' look like it took me way too long. I want break the invoice into relevant steps, and communicate that I'm charging for the large overhead of learning someone else's code before being able to add my own to it. Is there a standard way of describing this sort of activity when billing for a job?

    Read the article

  • How successful is GPL in reaching its goals?

    - by StasM
    There are, broadly, two types of FOSS licenses when it relates to commercial usage of the code - let's say the GPL-type and the BSD-type. The first is, broadly, restrictive about commercial usage (by usage I also mean modification and redistribution, as well as creating derived works, etc.) of the code under the license, and the second is much more permissive. As I understand, the idea behind GPL-type licenses is to encourage people to abandon the proprietary software model and instead convert to the FOSS code, and the license is the instrument to entice them to do so - i.e. "you can use this nice software, but only if you agree to come to our camp and play by our rules". What I want to ask is - was this strategy successful so far? I.e. are there any major achievements in the form of some big project going from closed to open because of GPL or some software being developed in the open only because GPL made it so? How big is the impact of this strategy - compared, say, to the world where everybody would have BSD-type licenses or release all open-source code under public domain? Note that I am not asking if FOSS model is successful - this is beyond question. What I am asking is if the specific way of enticing people to convert from proprietary to FOSS used by GPL-type and not used by BSD-type licenses was successful. I also don't ask about the merits of GPL itself as the license - just about the fact of its effectiveness.

    Read the article

  • "Malformed line 6" error in my /etc/apt/sources.list

    - by Odi1215
    I'm new to Ubuntu so I don't really know much yet. I encountered this problem while on the terminal: E: Malformed line 6 in source list /etc/apt/sources.list (dist parse) E: The list of sources could not be read. What should I do? Help would be much appreciated. Here's my source.list: # /etc/apt/sources.list deb http://archive.ubuntu.com/ubuntu/ precise main restricted universe multiverse deb http://security.ubuntu.com/ubuntu/ precise-security main restricted universe multiverse deb http://archive.ubuntu.com/ubuntu/ precise-updates main restricted universe multiverse deb http://archive.canonical.com/ partner deb-src http://archive.canonical.com/ partner /etc/apt/sources.list

    Read the article

  • How do I remove a malformed line from my sources.list?

    - by eminencejae
    I have unistalled and reinstalled the Ubuntu Software Center as per info I found in a similar thread and I got the same response about line 91 or something like that. I just tried to upload a screen shot but since I'm new it won't allow me to. I also can not figure out how to cut and paste anything so I have to hand type what the error screen says, both when I attempt to open the software center and nothing happens, when I try to enter commands into the terminal to uninstall, reinstall, whatever I get the same following: COULD NOT INTITIALIZE THE PACKAGE INFORMATION An unresolvable problem occured while initializing the package information Please report t:his bug against the 'update-manager' package and include the following error message: 'E: Malformed line 91 in source list/etc/apt/sources.list (dist parse) E: The list of sources could not be read., E: The package list of status file could not be parsed or opened. How do I report bugs? What can be done about this. I have searched and everything everyone says to do leads me back to the same line error message. So, I don't know how to get to line 91 in the source list; to tell you what it says. Sorry, I'm really new to this. That is what I need is to find out how to get there and fix what it says. I would really like to NOT have to re partition my hard drive and start from scratch, so I'm really looking forward to getting this problem solved. I need to be able to install new software.

    Read the article

  • Good message board for a website (e.g. phpBB)

    - by unixman83
    Hi, What are the best (and most widely used) message board softwares, and the pros and cons of each. e.g. Security Vulnerabilities, Performance on a cheap server, comes pre-packaged. I am looking for the best message board software for my website. A VPS can run almost any software, so the sky is the limit! Free, doesn't require unreasonable number of hyperlinks to their website Security focused / Widely Used, vulnerabilities are found and fixed quick Easy to keep up-to-date, i.e. prepackaged / auto-update in some way Moderator features [like pinning / message preamble], account management Themeable, customize appearance a bit

    Read the article

  • Good message board for a website (e.g. phpBB)

    - by unixman83
    Hi, What are the best (and most widely used) Linux-based message board softwares, and the pros and cons of each. e.g. Security Vulnerabilities, Performance on a cheap server, comes pre-packaged [RPM or DEB]. I am looking for the best message board software for my website. A VPS can run almost any software, so the sky is the limit! Free, doesn't require unreasonable number of hyperlinks to their website Security focused / Widely Used, vulnerabilities are found and fixed quick Easy to keep up-to-date, i.e. prepackaged / auto-update in some way Moderator features [like pinning / message preamble], account management Themeable, customize appearance a bit

    Read the article

  • What is the most secure environment for multiple CMS sites? [closed]

    - by Brian Gulino
    I wish to run about 50 Joomla or WordPress low-traffic websites on 1 server, or part of a server. Each website will be managed by its own, naive owner who will have be able to access the Joomla or Wordpress backend of the website. I am concerned about security and isolation as my users will periodically get into trouble by not protecting their sites properly. Two alternatives I know of exist: Run one Linux system with multiple websites under Apache. Follow current Joomla and WordPress security tips. Increase the isolation of the individual sites by using mpm-itk, which will allow each website to run as its own user. The alternative to this is to run virtualization software such as the Xen hypervisor. Each site would have its own, virtual Linux system. I lack the experience needed to make this decision and I am asking which path to take. Obviously, there may be other alternatives that I haven't considered.

    Read the article

  • Windows Identity Foundation: How to get new security token in ASP.net

    - by Rising Star
    I'm writing an ASP.net application that uses Windows Identity Foundation. My ASP.net application uses claims-based authentication with passive redirection to a security token service. This means that when a user accesses the application, they are automatically redirected to the Security Token Service where they receive a security token which identifies them to the application. In ASP.net, security tokens are stored as cookies. I want to have something the user can click on in my application that will delete the cookie and redirect them to the Security Token Service to get a new token. In short, make it easy to log out and log in as another user. I try to delete the token-containing cookie in code, but it persists somehow. How do I remove the token so that the user can log in again and get a new token?

    Read the article

  • Adding custom filter in spring framework problem?

    - by user298768
    hello there iam trying to make a custom AuthenticationProcessingFilter to save some user data in the session after successful login here's my filter: Code: package projects.internal; import java.io.IOException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.springframework.security.Authentication; import org.springframework.security.ui.webapp.AuthenticationProcessingFilter; public class MyAuthenticationProcessingFilter extends AuthenticationProcessingFilter { protected void onSuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, Authentication authResult) throws IOException { super.onSuccessfulAuthentication(request, response, authResult); request.getSession().setAttribute("myValue", "My value is set"); } } and here's my security.xml file Code: <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"> <global-method-security pre-post-annotations="enabled"> </global-method-security> <http use-expressions="true" auto-config="false" entry-point-ref="authenticationProcessingFilterEntryPoint"> <intercept-url pattern="/" access="permitAll" /> <intercept-url pattern="/images/**" filters="none" /> <intercept-url pattern="/scripts/**" filters="none" /> <intercept-url pattern="/styles/**" filters="none" /> <intercept-url pattern="/p/login.jsp" filters="none" /> <intercept-url pattern="/p/register" filters="none" /> <intercept-url pattern="/p/**" access="isAuthenticated()" /> <form-login login-processing-url="/j_spring_security_check" login-page="/p/login.jsp" authentication-failure-url="/p/login_error.jsp" /> <logout /> </http> <authentication-manager alias="authenticationManager"> <authentication-provider> <jdbc-user-service data-source-ref="dataSource"/> </authentication-provider> </authentication-manager> <beans:bean id="authenticationProcessingFilter" class="projects.internal.MyAuthenticationProcessingFilter"> <custom-filter position="AUTHENTICATION_PROCESSING_FILTER" /> </beans:bean> <beans:bean id="authenticationProcessingFilterEntryPoint" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint"> </beans:bean> </beans:beans> it gives an error here: Code: <custom-filter position="AUTHENTICATION_PROCESSING_FILTER" /> multiple annotation found at this line:cvc-attribute.3 cvc-complex-type.4 cvc-enumeration-vaild what is the problem? thanks in advance

    Read the article

  • How does WCF RIA Services handle authentication/authorization/security?

    - by Edward Tanguay
    Since no one answered this question: What issues to consider when rolling your own data-backend for Silverlight / AJAX on non-ASP.NET server? Let me ask it another way: How does WCF RIA Services handle authentication/authorization/security at a low level? e.g. how does the application on the server determine that the incoming http request to change data is coming from a valid client and not from non-desirable source, e.g. a denial-of-service bot?

    Read the article

  • Why should I Use ASP.NET Membership security model?

    - by ListenToRick
    I'm updating my website at the moment and figure that if I am to update my login/security mode, now is a good time. I have looked through the Membership model which is included in ASP.NET but I'm convinced that it will provide any benefit apart from being familiar to other .NET deevlopers. There seems to be quite a lot of documentation for it, but little discussion for why its worth the effort. Can anybody shed some light upon this?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 104 105 106 107 108 109 110 111 112 113 114 115  | Next Page >