Search Results

Search found 14784 results on 592 pages for 'spring security'.

Page 110/592 | < Previous Page | 106 107 108 109 110 111 112 113 114 115 116 117  | Next Page >

• Win 2008 Server & IIS7: ASP installed but displays 'FILE DOWNLOAD - SECURITY WARNING"

  - by AzC

  Hi Dudes, Installed Win 2008 server and IIS7. Enabled ASP Classic and ASP.NET on it. Can't get any ASP scripts to run e.g. desperate.asp containing following line: <% Response.Write "Hello Love, Fancy a Date?" % It just comes up with a "FILE DOWNLOAD - SECURITY WARNING" panel asking em to download. When I select anything it keeps looping. Found lots fo stuff on internet but nothing working. Also same for other ASP scripts HTML works no problem e.g. a file called reply.html containing: Get lost little boy. We only serve French Fries in Macdonalds Any ideas?

  Read the article

• UK Oracle User Group Event: Trends in Identity Management

  - by B Shashikumar

  As threat levels rise and new technologies such as cloud and mobile computing gain widespread acceptance, security is occupying more and more mindshare among IT executives. To help prepare for the rapidly changing security landscape, the Oracle UK User Group community and our partners at Enline/SENA have put together an User Group event in London on Apr 19 where you can learn more from your industry peers about upcoming trends in identity management. Here are some of the key trends in identity management and security that we predicted at the beginning of last year and look how they have turned out so far. You have to admit that we have a pretty good track record when it comes to forecasting trends in identity management and security. Threat levels will grow—and there will be more serious breaches:   We have since witnessed breaches of high value targets like RSA and Epsilon. Most organizations have not done enough to protect against insider threats. Organizations need to look for security solutions to stop user access to applications based on real-time patterns of fraud and for situations in which employees change roles or employment status within a company. Cloud computing will continue to grow—and require new security solutions: Cloud computing has since exploded into a dominant secular trend in the industry. Cloud computing continues to present many opportunities like low upfront costs, rapid deployment etc. But Cloud computing also increases policy fragmentation and reduces visibility and control. So organizations require solutions that bridge the security gap between the enterprise and cloud applications to reduce fragmentation and increase control. Mobile devices will challenge traditional security solutions: Since that time, we have witnessed proliferation of mobile devices—combined with increasing numbers of employees bringing their own devices to work (BYOD) — these trends continue to dissolve the traditional boundaries of the enterprise. This in turn, requires a holistic approach within an organization that combines strong authentication and fraud protection, externalization of entitlements, and centralized management across multiple applications—and open standards to make all that possible.  Security platforms will continue to converge: As organizations move increasingly toward vendor consolidation, security solutions are also evolving. Next-generation identity management platforms have best-of-breed features, and must also remain open and flexible to remain viable. As a result, developers need products such as the Oracle Access Management Suite in order to efficiently and reliably build identity and access management into applications—without requiring security experts. Organizations will increasingly pursue "business-centric compliance.": Privacy and security regulations have continued to increase. So businesses are increasingly look for solutions that combine strong security and compliance management tools with business ready experience for faster, lower-cost implementations.  If you'd like to hear more about the top trends in identity management and learn how to empower yourself, then join us for the Oracle UK User Group on Thu Apr 19 in London where Oracle and Enline/SENA product experts will come together to share security trends, best practices, and solutions for your business. Register Here.

  Read the article

• PowerShell Remoting: No credentials are available in the security package

  - by TheSciz

  I'm trying to use the following script: $password = ConvertTo-SecureString "xxxx" -AsPlainText -Force $cred = New-Object System.Management.Automation.PSCredential("domain\Administrator", $password) $session = New-PSSession 192.168.xxx.xxx -Credential $cred Invoke-Command -Session $session -ScriptBlock { New-Cluster -Name "ClusterTest" -Node HOSTNAME } To remotely create a cluster (it's for testing purposes) on a Windows Server 2012 VM. I'm getting the following error: An error occurred while performing the operation. An error occurred while creating the cluster 'ClusterTest'. An error occurred creating cluster 'ClusterTest'. No credentials are available in the security package + CategoryInfo : NotSpecified: (:) [New-Cluster], ClusterCmdletException + FullyQualifiedErrorId : New-Cluster,Microsoft.FailoverClusters.PowerShell.NewClusterCommand All of my other remote commands (installing/making changes to DNS, DHCP, NPAS, GP, etc) work without an issue. Why is this one any different? The only difference is in the -ScriptBlock tag. Help!

  Read the article

• XP Missing AD in secuirity location

  - by Rodent43

  I have a few Window XP clients that are part of a domain, when trying to set the permissions on the security tab and pressing location to search the AD for users it only presents the local machine... So I follow this path Right click folder Properties Security Add in the locations field where I would normally see the windows domain, I am only seeing the local machine name??? So only users that have a local account can be added to the folders permissions... Any tips would be appreciated

  Read the article

• SQL2005 reporting server: intense security activity

  - by David Wimbush

  On my reporting server the Security log shows large numbers of Logon/Logoff events, often 10 or more, when you run pretty much any report in the Report Manager. Is this normal or is it a classic sign of having the wrong setup? Some system details: Windows Server 2003 R2 SP2, virtual server running under VMWare). SQL Server 2005 SP3 Standard Edition, running databases, Report Manager, and Ananlysis Services cubes. No other major services on the machine (i.e. it's not a domain controller, Exchange server or anything like that). Any ideas, please, guys?

  Read the article

• how to get rid of certificate error: navigation blocked in ie8

  - by Radek

  when I access our intranet via https I get this "certificate error: navigation blocked" error in IE8 on Windows XP SP3. I can click Continue to this website (not recommended). but I use IE for automation testing so I have to avoid these extra clicks. Any idea? I tried setting “Turn off the Security Settings Check feature” to enabled. setting "Display Mixed Content" to enabled lowering security levels to minimum adding the web server address to trusted zone

  Read the article

• immplementing security with session variables, how it is insecure

  - by haansi

  Hello, I am doing web based projects in dotnet. Currently I am implementing security using session variables. I keep current user id and user type in session and authenticate user from these session variables (say Session["UserId"],Session["UserName"] and Session["UserType"]) I do authentications. Please guide me how it is insecure ? I heard such security can be broken and applications can be hacked very easily, like it is possible to get session id and directly connect to that session id etc. Please guide me on this thanks

  Read the article

• sudoers security

  - by jetboy

  I've setup a script to do Subversion updates across two servers - the localhost and a remote server - called by a post-commit hook run by the www-data user. /srv/svn/mysite/hooks/post-commit contains: sudo -u cli /usr/local/bin/svn_deploy /usr/local/bin/svn_deploy is owned by the cli user, and contains: #!/bin/sh svn update /srv/www/mysite ssh cli@remotehost 'svn update /srv/www/mysite' To get this to work I've had to add the following to the sudoers file: www-data ALL = (cli) NOPASSWD: /usr/local/bin/svn_deploy cli ALL = NOEXEC:NOPASSWD: /usr/local/bin/svn_deploy Entries for both www-data and cli were necessary to avoid the error: post commit hook failed: no tty present and no askpass program specified I'm wary of giving any kind of elevated rights to www-data. Is there anything else I should be doing to reduce or eliminate any security risk?

  Read the article

• Sharepoint page level security

  - by ifunky

  Hi, Another SharePoint question from myself! I've created a subsite and from within Sharepoint designer I've created a new aspx page, all nice and simple so far. I can't seem to find where I can change the security on this new page, only site admins can view the page and everyone else gets access denied. It doesn't seem to inherit the permissions from the parent and I can't see where to change the security settings! Please help, I'm sure it's something simple! Thanks Dan

  Read the article

• Security review of an authenticated Diffie Hellman variant

  - by mtraut

  EDIT I'm still hoping for some advice on this, i tried to clarify my intentions... When i came upon device pairing in my mobile communication framework i studied a lot of papers on this topic and and also got some input from previous questions here. But, i didn't find a ready to implement protocol solution - so i invented a derivate and as i'm no crypto geek i'm not sure about the security caveats of the final solution: The main questions are Is SHA256 sufficient as a commit function? Is the addition of the shared secret as an authentication info in the commit string safe? What is the overall security of the 1024 bit group DH I assume at most 2^-24 bit probability of succesful MITM attack (because of 24 bit challenge). Is this plausible? What may be the most promising attack (besides ripping the device out off my numb, cold hands) This is the algorithm sketch For first time pairing, a solution proposed in "Key agreement in peer-to-peer wireless networks" (DH-SC) is implemented. I based it on a commitment derived from: A fix "UUID" for the communicating entity/role (128 bit, sent at protocol start, before commitment) The public DH key (192 bit private key, based on the 1024 bit Oakley group) A 24 bit random challenge Commit is computed using SHA256 c = sha256( UUID || DH pub || Chall) Both parties exchange this commitment, open and transfer the plain content of the above values. The 24 bit random is displayed to the user for manual authentication DH session key (128 bytes, see above) is computed When the user opts for persistent pairing, the session key is stored with the remote UUID as a shared secret Next time devices connect, commit is computed by additionally hashing the previous DH session key before the random challenge. For sure it is not transfered when opening. c = sha256( UUID || DH pub || DH sess || Chall) Now the user is not bothered authenticating when the local party can derive the same commitment using his own, stored previous DH session key. After succesful connection the new DH session key becomes the new shared secret. As this does not exactly fit the protocols i found so far (and as such their security proofs), i'd be very interested to get an opinion from some more crypto enabled guys here. BTW. i did read about the "EKE" protocol, but i'm not sure what the extra security level is.

  Read the article

• How do I update Safari on Windows?

  - by James A. Rosen

  I'd like to update Safari to 4.0.5 for security reasons, but I can't figure out how to run the Apple updater manually. On Mac there's usually a "Check for Updates" menu item, but I don't see one on the Windows version. I tried downloading the latest version from http://www.apple.com/safari/download/, but Windows won't let me open the file, saying it is a security risk.

  Read the article

• Is this iptables NAT exploitable from the external side?

  - by Karma Fusebox

  Could you please have a short look on this simple iptables/NAT-Setup, I believe it has a fairly serious security issue (due to being too simple). On this network there is one internet-connected machine (running Debian Squeeze/2.6.32-5 with iptables 1.4.8) acting as NAT/Gateway for the handful of clients in 192.168/24. The machine has two NICs: eth0: internet-faced eth1: LAN-faced, 192.168.0.1, the default GW for 192.168/24 Routing table is two-NICs-default without manual changes: Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 (externalNet) 0.0.0.0 255.255.252.0 U 0 0 0 eth0 0.0.0.0 (externalGW) 0.0.0.0 UG 0 0 0 eth0 The NAT is then enabled only and merely by these actions, there are no more iptables rules: echo 1 > /proc/sys/net/ipv4/ip_forward /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # (all iptables policies are ACCEPT) This does the job, but I miss several things here which I believe could be a security issue: there is no restriction about allowed source interfaces or source networks at all there is no firewalling part such as: (set policies to DROP) /sbin/iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT /sbin/iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT And thus, the questions of my sleepless nights are: Is this NAT-service available to anyone in the world who sets this machine as his default gateway? I'd say yes it is, because there is nothing indicating that an incoming external connection (via eth0) should be handled any different than an incoming internal connection (via eth1) as long as the output-interface is eth0 - and routing-wise that holds true for both external und internal clients that want to access the internet. So if I am right, anyone could use this machine as open proxy by having his packets NATted here. So please tell me if that's right or why it is not. As a "hotfix" I have added a "-s 192.168.0.0/24" option to the NAT-starting command. I would like to know if not using this option was indeed a security issue or just irrelevant thanks to some mechanism I am not aware of. As the policies are all ACCEPT, there is currently no restriction on forwarding eth1 to eth0 (internal to external). But what are the effective implications of currently NOT having the restriction that only RELATED and ESTABLISHED states are forwarded from eth0 to eth1 (external to internal)? In other words, should I rather change the policies to DROP and apply the two "firewalling" rules I mentioned above or is the lack of them not affecting security? Thanks for clarification!

  Read the article

• Performance & Security Factors of Symbolic Links

  - by Stoosh

  I am thinking about rolling out a very stripped down version of release management for some PHP apps I have running. Essentially the plan is to store each release in /home/release/1.x etc (exported from a tag in SVN) and then do a symlink to /live_folder and change the document root in the apache config. I don't have a problem with setting all this up (I've actually got it working at the moment), however I'm a developer with just basic knowledge of the server admin side of things. Is there anything I need to be aware of from a security or performance perspective when using this method of release management? Thanks

  Read the article

• Windows Security popup window pops up each time any connection is made

  - by MC Emperor

  I have a problem with the Windows Security popup below. It pops up every time the system tries to make connection with any internet source. It's very annoying, and I don't know how to resolve the problem. (The popup window below is in Dutch, but says something like Connect to somedomain.com. Then it expects you to give your credentials.) I am running on a Windows 7 x64 OS. Now how do I solve this problem? Is it a Windows Firewall problem?

  Read the article

• Security considerations when giving access to SQL Server db for a web application

  - by rem

  I need to expose our SQL Server 2008 database for an access from a asp.net web application. This is a new task for me, so I would like to know what basic security requirements are there for configuring software and hardware components of web server and DB Server. Is it OK to have both Web Server (Windows Server 2008) with IIS holding ASP.NET application and SQL Server 2008 on the same machine? Should I have to install additional firewall, like Forefront TMG? Should it be on separate computer? In case a web application is hosted on an external web hosting privider server and SQL Server DB on a our internal server what are "pro's" and "con's" of such configuration?

  Read the article

• Best password practices?

  - by sansenya

  for sensitive data, would it be better to have a somewhat long, but memorable password (and hence not totally random) or use a program like keepass to make a super long, random password with the highest possible entropy, and then just write down the password on a piece of paper kept in ones pocket. If that bang on the door comes, then swallow the paper. Which is a better security practice? I'm not in any way a criminal, i just am curious about topics concerning security. Thanks.

  Read the article

• Running a groovy script created in STS(Spring Tool Suite) using the command line

  - by user1811107

  I have used the STS(Spring Tool Suite) to create a compiled groovy script which exists as a file on windows called Test.class. I am able to right click on the file in STS and execute it which works well. However - I want to be able to execute the script on the windows command line, so far I have tried various ways but have not been successful. I have tried the following... java -cp C:\Users\MyName\springsource\sts- 3.1.0.RELEASE\plugins\org.codehaus.grails.bundle_2.1.1\content\lib\ org.codehaus.groovy\groovy-all\jars\groovy-all-1.8.8.jar Test.class But that does not work it gives me an error -- Error: Could not find or load main class Test.class Any Pointers?

  Read the article

• Grails Warnings/Errors during run-app

  - by Taylor L

  I'm currently seeing the warnings below when trying to run my Google App Engine/Grails test app in Eclipse. Warning, target causing name overwriting of name startLogging Warning: C:\Users\Some Person.grails\1.2.0\projects\test-grails\plugins\app-engine-0.8.8\grails-app\conf\spring not found. Warning: C:\Users\Some Person.grails\1.2.0\projects\test-grails\plugins\app-engine-0.8.8\grails-app\conf not found. Warning: C:\Users\Some Person.grails\1.2.0\projects\test-grails\plugins\app-engine-0.8.8\grails-app\conf\hibernate not found. Here is the output from the console: Base Directory: C:\Users\Some Person\workspace\test-grails Resolving dependencies... Dependencies resolved in 1160ms. Running script C:\grails-1.2.0\scripts\RunApp.groovy Environment set to development Warning, target causing name overwriting of name startLogging [groovyc] Compiling 1 source file to C:\Users\Some Person\workspace\test-grails\web-app\WEB-INF\classes [copy] Copying 1 file to C:\Users\Some Person\.grails\1.2.0\projects\test-grails [copy] Copying 1 file to C:\Users\Some Person\workspace\test-grails\web-app\WEB-INF Configuring persistence for AppEngine [copy] Warning: C:\Users\Some Person\.grails\1.2.0\projects\test-grails\plugins\app-engine-0.8.8\grails-app\conf\spring not found. [copy] Warning: C:\Users\Some Person\.grails\1.2.0\projects\test-grails\plugins\app-engine-0.8.8\grails-app\conf not found. [copy] Warning: C:\Users\Some Person\.grails\1.2.0\projects\test-grails\plugins\app-engine-0.8.8\grails-app\conf\hibernate not found. I get this error after creating a Grails project with Spring Tools Suite (STS) and then installing the app-engine plugin "grails install-plugin app-engine". Before, I install the app-engine plugin the Grails project runs correctly. Any ideas how to resolve these warnings?

  Read the article

• OJB Reference Descriptor 1:0 relationship? Should I set auto-retrieve to false?

  - by godzillasdm

  Hi, I am having an issue while using Apache OJB with Spring 2 inside my web app. I'm using OJB reference-descriptor with 2 foreign key properties. I have an object A (parent) and object B (referenced object). The thing is, for an object A, there may or may not be an object B. In the case where there is no object B to go with Object A, the object B seems to be instantiated (through Spring?) anyways. However, I am unable to access object B's members. Whenever I test if Object B == null, it always returns false even though there is no matching value in the database. Since this Object is never null, I figured I can test the object's member like so: if( objectb.getDocumentNumber == null) { return false; } However, I get an exception in the jsp: javax.servlet.jsp.el.ELException: An error occurred while getting property "documentNumber" from an instance class org.sample.pojo.Objectb$$EnhancerByCGLIB$$78022a2 and this exception in the debugger when it's creating the objectB: com.sun.jdi.InvocationException occurred invoking method. I am guessing that the reference-descriptor must be a 1:1+ relationship, instead of a 1:0+ relationship. I was wondering if I should set the property 'auto-retrieve' to false, and then use the PersistenceBroker.retrieveAllReferences(Object obj); method as directed. However, this method's return value is 'void', so I am guessing that Spring somehow creates, and sets the reference class for me. (Returning me back to the same issue I'm having.) I will need a way to test whether the reference object exists first. If not, don't call this retrieveAllReferences method, but I don't see how. Am I going about this all wrong? Does reference-descriptor not allow 1:0 relations? Any work around to my problem? Your suggestions are greatly appreciated!

  Read the article

• Jasper Reports- Error instantiating extensions registry for chart.theme

  - by X-Pippes

  I'm trying to generate a jasper PDF. At the first time I try, I get this error: ERROR [net.sf.jasperreports.extensions.DefaultExtensionsRegistry] Error instantiating extensions registry for chart.theme from vfszip:My-App.ear/lib/jasperreports-chart-themes-4.7.0.jar/jasperreports_extension.properties org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Failed to import bean definitions from relative location [defaultChartPropertiesBean.xml] Offending resource: URL [My-App.ear/lib/jasperreports-chart-themes-4.7.0.jar/net/sf/jasperreports/chartthemes/spring/beans/chartThemesBeans.xml]; nested exception is org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Failed to import bean definitions from relative location [chartConstantsBean.xml] Offending resource: URL [My-App.ear/lib/jasperreports-chart-themes-4.7.0.jar/net/sf/jasperreports/chartthemes/spring/beans/defaultChartPropertiesBean.xml]; nested exception is org.springframework.beans.factory.BeanDefinitionStoreException: Unexpected exception parsing XML document from URL [My-App.ear/lib/jasperreports-chart-themes-4.7.0.jar/net/sf/jasperreports/chartthemes/spring/beans/chartConstantsBean.xml]; nested exception is org.springframework.beans.FatalBeanException: Class [org.springframework.beans.factory.xml.UtilNamespaceHandler] for namespace [http://www.springframework.org/schema/util] does not implement the [org.springframework.beans.factory.xml.NamespaceHandler] interface at org.springframework.beans.factory.parsing.FailFastProblemReporter.error(FailFastProblemReporter.java:68) However, the PDF is generated without any problem. Plus, the next time I try to generate one PDF, no more errors. this only occurs on the first generation.

  Read the article

• Application connection with database persist after sucessfull transaction also.

  - by anupam3m

  Hi , I am using Spring.Data.NHibernate12 on my database level.my application connection with database is not getting released. Underneath given is Dataconfiguration.xml < ?xml version="1.0" encoding="utf-8" ? < objects xmlns="http://www.springframework.net" xmlns:db="http://www.springframework.net/database" < object id="AuditLogger" type="Risco.Rsp.Ac.Audit.AuditLogger, Risco.Rsp.Ac.Audit" singleton="false" < property name="CacheSettings" ref="CacheSettings"/ < /object < object id="CacheSettings" type="Risco.Rsp.Ac.AMAC.CacheMgmt.Utilities.UpdateEntityCacheHelper, Risco.Rsp.Ac.AMAC.CacheMgmt.Utilities" singleton="false"/ < object type="Spring.Objects.Factory.Config.PropertyPlaceholderConfigurer, Spring.Core" < <property name="ConfigSections" value="databaseSettings"/> < < db:provider id="AMACDbProvider" provider="OracleClient-2.0" connectionString="Data Source=RISCODEVDB;User ID=amsbvt; Password=amsuser1234;"/ Risco.Rsp.Ac.AMAC.Mapping Risco.Rsp.Ac.Logging.Appenders Risco.Rsp.Ac.AMAC.CacheMappings --

  Read the article

• Logging exceptions during bean injection

  - by Marc W

  I think this is a pretty basic question, but after Googling around I can't seem to find the answer. What I need is a way to log some custom output with log4j during Spring bean construction. I have a factory class called ResponderFactory (being used as an instance factory in Spring) with a factory method that can throw 2 different types of exception. public CollectorResponder collectorResponder(String inputQueueName) throws ConfigurationException, BrokerConnectionException {} Now, normally I could wrap a call to this method in a try-catch block with 2 catch clauses to handle the logging situations for each of the exceptions. However, if I'm using Spring to inject this CollectorResponder, created with the factory, into another class I don't see how this is possible. <bean id="responderFactory" class="com.package.ResponderFactory"> <constructor-arg index="0" ref="basicDispatcher" /> <constructor-arg index="1" value="http://localhost:9000" /> </bean> <bean id="collectorResponder" class="com.package.CollectorResponder" factory-bean="responderFactory" factory-method="collectorResponder"> <constructor-arg value="collector.in" /> </bean> <bean id="collectorConsumer" class="com.package.CollectorConsumer"> <constructor-arg ref="collectorResponder" /> </bean> Again, I want to catch these exceptions when the collectorResponder bean is instantiated. Right now I'm dealing with this is CollectorConsumer when I instantiate using new CollectorResponder(...). Is there any way I can do this?

  Read the article

• JMS template credentials default value

  - by Gandalf StormCrow

  Hello everyone I'm trying to work with jboss messaging, does anyone knows the default value for these java.naming.security.principal and java.naming.security.credentials or how can I set them? <bean id="jndiTemplate" class="org.springframework.jndi.JndiTemplate"> <property name="environment"> <props> <prop key="java.naming.factory.initial">org.jnp.interfaces.NamingContextFactory</prop> <prop key="java.naming.provider.url">jnp://localhost:8080</prop> <prop key="java.naming.factory.url.pkgs">org.jboss.naming:org.jnp.interfaces</prop> <prop key="java.naming.security.principal">value</prop> <prop key="java.naming.security.credentials">value</prop> </props> </property> </bean> I'm trying to instansiate the <bean id="connectionFactory" class="org.springframework.jndi.JndiObjectFactoryBean"> I'm guessing that this is the cause why jboss timeouts when starts

  Read the article

• "Cannot find the declaration of element 'beans'. at mvc-dispatcher-servlet.xml", but can when I copy, delete and re-paste?

  - by stevendao

  Running Maven, Eclipse, and Weblogic, when I try to Run As Server onto my local server, I get this error: "Cannot find the declaration of element 'beans'. at mvc-dispatcher-servlet.xml" Then, when I go back into the xml, select all, copy, delete, and paste, error goes away and I'm able to run the web app just fine on the server. Can anyone explain why? <beans xmlns="http://www.springframework.org/schema/beans" xmlns:context="http://www.springframework.org/schema/context" xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd"> <context:component-scan base-package="src.srcc.sndao" /> <mvc:annotation-driven /> <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver"> <property name="prefix"> <value>/WEB-INF/view/</value> </property> <property name="suffix"> <value>.jsp</value> </property> </bean> </beans>

  Read the article

• Most secure way to access my home Linux server while I am on the road? Specialized solution wanted

  - by Ace Paus

  I think many people may be in my situation. I travel on business with a laptop. And I need secure access to files from the office (which in my case is my home). The short version of my question: How can I make SSH/SFTP really secure when only one person needs to connect to the server from one laptop? In this situation, what special steps would make it almost impossible for anyone else to get online access to the server? A lot more details: I use Ubuntu Linux on both my laptop (KDE) and my home/office server. Connectivity is not a problem. I can tether to my phone's connection if needed. I need access to a large number of files (around 300 GB). I don't need all of them at once, but I don't know in advance which files I might need. These files contain confidential client info and personal info such as credit card numbers, so they must be secure. Given this, I don't want store all these files on Dropbox or Amazon AWS, or similar. I couldn't justify that cost anyway (Dropbox don't even publish prices for plans above 100 GB, and security is a concern). However, I am willing to spend some money on a proper solution. A VPN service, for example, might be part of the solution? Or other commercial services? I've heard about PogoPlug, but I don't know if there is a similar service that might address my security concerns? I could copy all my files to my laptop because it has the space. But then I have to sync between my home computer and my laptop and I found in the past that I'm not very good about doing this. And if my laptop is lost or stolen, my data would be on it. The laptop drive is an SSD and encryption solutions for SSD drives are not good. Therefore, it seems best to keep all my data on my Linux file server (which is safe at home). Is that a reasonable conclusion, or is anything connected to the Internet such a risk that I should just copy the data to the laptop (and maybe replace the SSD with an HDD, which reduces battery life and performance)? I view the risks of losing a laptop to be higher. I am not an obvious hacking target online. My home broadband is cable Internet, and it seems very reliable. So I want to know the best (reasonable) way to securely access my data (from my laptop) while on the road. I only need to access it from this one computer, although I may connect from either my phone's 3G/4G or via WiFi or some client's broadband, etc. So I won't know in advance which IP address I'll have. I am leaning toward a solution based on SSH and SFTP (or similar). SSH/SFTP would provided about all the functionality I anticipate needing. I would like to use SFTP and Dolphin to browse and download files. I'll use SSH and the terminal for anything else. My Linux file server is set up with OpenSSH. I think I have SSH relatively secured. I'm using Denyhosts too. But I want to go several steps further. I want to get the chances that anyone can get into my server as close to zero as possible while still allowing me to get access from the road. I'm not a sysadmin or programmer or real "superuser". I have to spend most of my time doing other things. I've heard about "port knocking" but I have never used it and I don't know how to implement it (although I'm willing to learn). I have already read a number of articles with titles such as: Top 20 OpenSSH Server Best Security Practices 20 Linux Server Hardening Security Tips Debian Linux Stop SSH User Hacking / Cracking Attacks with DenyHosts Software more... I have not implemented every single thing I've read about. I probably can't do that. But maybe there is something even better I can do in my situation because I only need access from a single laptop. I'm just one user. My server does not need to be accessible to the general public. Given all these facts, I'm hoping I can get some suggestions here that are within my capability to implement and that leverage these facts to create a great deal better security than general purpose suggestions in the articles above.

  Read the article

< Previous Page | 106 107 108 109 110 111 112 113 114 115 116 117  | Next Page >