Search Results

Search found 15350 results on 614 pages for 'integrated security'.

Page 13/614 | < Previous Page | 9 10 11 12 13 14 15 16 17 18 19 20  | Next Page >

  • Improving server security [closed]

    - by Vicenç Gascó
    I've been developing webapps for a while ... and I always had a sysadmin which made the environment perfect to run my apps with no worries. But now I am starting a project on myself, and I need to set up a server, knowing near to nothing about it. All I need to do is just have a Linux, with a webserver (I usually used Apache), PHP and MySQL. I'll also need SSH, SSL to run https:// and FTP to transfer files. I know how to install almost everything (need advice about SSL) with Ubuntu Server, but I am concerned about the security topic ... say: firewall, open/closed ports, php security, etc ... Where can I found a good guide covering this topics? Everything else in the server... I don't need it, and I wanna know how to remove it, to avoid resources consumption. Final note: I'll be running the webapp at amazon-ec2 or rackspace cloud servers. Thanks in advance!!

    Read the article

  • WCF fails to deserialize correct(?) response message security headers (Security header is empty)

    - by Soeteman
    I'm communicating with an OC4J webservice, using a WCF client. The client is configured as follows: <basicHttpBinding> <binding name="MyBinding"> <security mode="TransportWithMessageCredential"> <transport clientCredentialType="None" proxyCredentialType="None" realm=""/> <message clientCredentialType="UserName" algorithmSuite="Default"/> </security> </binding> My clientcode looks as follows: ServicePointManager.CertificatePolicy = new AcceptAllCertificatePolicy(); string username = ConfigurationManager.AppSettings["user"]; string password = ConfigurationManager.AppSettings["pass"]; // client instance maken WebserviceClient client = new WebserviceClient(); client.Endpoint.Binding = new BasicHttpBinding("MyBinding"); // credentials toevoegen client.ClientCredentials.UserName.UserName = username; client.ClientCredentials.UserName.Password = password; //uitvoeren request var response = client.Ping(); I've altered the CertificatePolicy to accept all certificates, because I need to insert Charles (ssl proxy) in between client and server to intercept the actual Xml that is sent across te wire. My request looks as follows: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <s:Header> <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <u:Timestamp u:Id="_0"> <u:Created>2010-04-01T09:47:01.161Z</u:Created> <u:Expires>2010-04-01T09:52:01.161Z</u:Expires> </u:Timestamp> <o:UsernameToken u:Id="uuid-9b39760f-d504-4e53-908d-6125a1827aea-21"> <o:Username>user</o:Username> <o:Password o:Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username- token-profile-1.0#PasswordText">pass</o:Password> </o:UsernameToken> </o:Security> </s:Header> <s:Body> <getPrdStatus xmlns="http://mynamespace.org/wsdl"> <request xmlns="" xmlns:a="http://mynamespace.org/wsdl" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"> <a:IsgrStsRequestTypeUser> <a:prdCode>LEPTO</a:prdCode> <a:sequenceNumber i:nil="true" /> <a:productionType i:nil="true" /> <a:statusDate>2010-04-01T11:47:01.1617641+02:00</a:statusDate> <a:ubn>123456</a:ubn> <a:animalSpeciesCode>RU</a:animalSpeciesCode> </a:IsgrStsRequestTypeUser> </request> </getPrdStatus> </s:Body> </s:Envelope> In return, I receive the following response: <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns0="http://mynamespace.org/wsdl"> <env:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" env:mustUnderstand="1" /> </env:Header> <env:Body> <ns0:getPrdStatusResponse> <result> <ns0:IsgrStsResponseTypeUser> <ns0:prdCode>LEPTO</ns0:prdCode> <ns0:color>green</ns0:color> <ns0:stsCode>LEP1</ns0:stsCode> <ns0:sequenceNumber xsi:nil="1" /> <ns0:productionType xsi:nil="1" /> <ns0:IAndRCode>00</ns0:IAndRCode> <ns0:statusDate>2010-04-01T00:00:00.000+02:00</ns0:statusDate> <ns0:description>Gecertificeerd vrij</ns0:description> <ns0:ubn>123456</ns0:ubn> <ns0:animalSpeciesCode>RU</ns0:animalSpeciesCode> <ns0:name>gecertificeerd vrij</ns0:name> <ns0:ranking>17</ns0:ranking> </ns0:IsgrStsResponseTypeUser> </result> </ns0:getPrdStatusResponse> </env:Body> </env:Envelope> Why can't WCF deserialize this response header? I'm getting a "Security header is empty" exception: Server stack trace: at System.ServiceModel.Security.ReceiveSecurityHeader.Process(TimeSpan timeout) at System.ServiceModel.Security.TransportSecurityProtocol.VerifyIncomingMessageCore(Message& message, TimeSpan timeout) at System.ServiceModel.Security.TransportSecurityProtocol.VerifyIncomingMessage(Message& message, TimeSpan timeout) at System.ServiceModel.Security.SecurityProtocol.VerifyIncomingMessage(Message& message, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates) at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.ProcessReply(Message reply, SecurityProtocolCorrelationState correlationState, TimeSpan timeout) at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout) at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message) Who knows what is going on here? I've already tried Rick Strahl's suggestion and removed the timestamp from the request header. Any help greatly appreciated!

    Read the article

  • Spring Security Issue: Controller, Anonymous Requests...

    - by Srirangan
    Hey guys, I have an app that uses Spring security and BlazeDS. Flex 3.2 is used for the client app. Generally client app makes service calls using RemoteObjects. However, for certain cases client app is sending a request to a URL. We're using Annotated Controllers for URL mapping. Here's where the "Access is denied" exception comes up: 2010-04-12 11:43:23,486 [qtp5138683-16] ERROR fr.plasticomnium.gpoc.utils.ServiceExceptionInterceptor - Unexpected RuntimeException : Access is denied org.springframework.security.access.AccessDeniedException: Access is denied at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:71) at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:203) at org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:64) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at fr.plasticomnium.gpoc.utils.ServiceExceptionInterceptor.invoke(ServiceExceptionInterceptor.java:15) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:110) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202) ... ...

    Read the article

  • Spring-security not processing pre/post annotations

    - by wuntee
    Trying to get pre/post annotations working with a web application, but for some reason nothing is happening with spring-security. Can anyone see what im missing? web.xml contextConfigLocation /WEB-INF/rvaContext-business.xml /WEB-INF/rvaContext-security.xml <context-param> <param-name>log4jConfigLocation</param-name> <param-value>/WEB-INF/log4j.properties</param-value> </context-param> <!-- Spring security filter --> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <!-- - Publishes events for session creation and destruction through the application - context. Optional unless concurrent session control is being used. --> <listener> <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class> </listener> <listener> <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class> </listener> <servlet> <servlet-name>rva</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>rva</servlet-name> <url-pattern>/rva/*</url-pattern> </servlet-mapping> rvaContext-secuity.xml: <?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"> <global-method-security pre-post-annotations="enabled"/> <http use-expressions="true"> <form-login /> <logout /> <remember-me /> <!-- Uncomment to limit the number of sessions a user can have --> <session-management invalid-session-url="/timeout.jsp"> <concurrency-control max-sessions="1" error-if-maximum-exceeded="true" /> </session-management> <form-login login-page="rva/login" /> </http> ... LoginController class: @Controller @RequestMapping("/login") public class LoginController { @RequestMapping(method = RequestMethod.GET) public String login(ModelMap map){ map.addAttribute("title", "Login: AD Credentials"); return("login"); } @RequestMapping("/secure") @PreAuthorize("hasRole('ROLE_USER')") public String secure(ModelMap map){ return("secure"); } } In the logs, there is nothing even related to spring-security: logs: INFO: Initializing Spring FrameworkServlet 'rva' INFO [org.springframework.web.servlet.DispatcherServlet] - FrameworkServlet 'rva': initialization started INFO [org.springframework.web.context.support.XmlWebApplicationContext] - Refreshing WebApplicationContext for namespace 'rva-servlet': startup date [Fri Mar 26 10:28:51 MDT 2010]; parent: Root WebApplicationContext INFO [org.springframework.beans.factory.xml.XmlBeanDefinitionReader] - Loading XML bean definitions from ServletContext resource [/WEB-INF/rva-servlet.xml] INFO [org.springframework.beans.factory.support.DefaultListableBeanFactory] - Pre-instantiating singletons in org.springframework.beans.factory.support.DefaultListableBeanFactory@a2fc31: defining beans [loginController,org.springframework.context.annotation.internalConfigurationAnnotationProcessor,org.springframework.context.annotation.internalAutowiredAnnotationProcessor,org.springframework.context.annotation.internalRequiredAnnotationProcessor,org.springframework.context.annotation.internalCommonAnnotationProcessor,freemarkerConfig,viewResolver]; parent: org.springframework.beans.factory.support.DefaultListableBeanFactory@cc74e7 INFO [org.springframework.web.servlet.view.freemarker.FreeMarkerConfigurer] - ClassTemplateLoader for Spring macros added to FreeMarker configuration INFO [org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping] - Mapped URL path [/login/secure] onto handler [com.cable.comcast.neto.nse.rva.controller.LoginController@79b32a] INFO [org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping] - Mapped URL path [/login/secure.*] onto handler [com.cable.comcast.neto.nse.rva.controller.LoginController@79b32a] INFO [org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping] - Mapped URL path [/login/secure/] onto handler [com.cable.comcast.neto.nse.rva.controller.LoginController@79b32a] INFO [org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping] - Mapped URL path [/login] onto handler [com.cable.comcast.neto.nse.rva.controller.LoginController@79b32a] INFO [org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping] - Mapped URL path [/login.*] onto handler [com.cable.comcast.neto.nse.rva.controller.LoginController@79b32a] INFO [org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping] - Mapped URL path [/login/] onto handler [com.cable.comcast.neto.nse.rva.controller.LoginController@79b32a] INFO [org.springframework.web.servlet.DispatcherServlet] - FrameworkServlet 'rva': initialization completed in 417 ms Mar 26, 2010 10:28:52 AM org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on http-8080 Mar 26, 2010 10:28:52 AM org.apache.jk.common.ChannelSocket init INFO: JK: ajp13 listening on /0.0.0.0:8009 Mar 26, 2010 10:28:52 AM org.apache.jk.server.JkMain start INFO: Jk running ID=0 time=0/31 config=null Mar 26, 2010 10:28:52 AM org.apache.catalina.startup.Catalina start INFO: Server startup in 1873 ms WARN [org.springframework.web.servlet.PageNotFound] - No mapping found for HTTP request with URI [/rva-web/] in DispatcherServlet with name 'rva'

    Read the article

  • Spring security access with multiple roles

    - by Evgeny Makarov
    I want to define access for some pages for user who has one of following roles (ROLE1 or ROLE2) I'm trying to configure this in my spring security xml file as following: <security:http entry-point-ref="restAuthenticationEntryPoint" access-decision-manager-ref="accessDecisionManager" xmlns="http://www.springframework.org/schema/security" use-expressions="true"> <!-- skipped configuration --> <security:intercept-url pattern="/rest/api/myUrl*" access="hasRole('ROLE1') or hasRole('ROLE2')" /> <!-- skipped configuration --> </security:http> I've tried various ways like: access="hasRole('ROLE1, ROLE2')" access="hasRole('ROLE1', 'ROLE2')" access="hasAnyRole('[ROLE1', 'ROLE2]')" etc but nothing seems to be working. I'm keep getting exception java.lang.IllegalArgumentException: Unsupported configuration attributes: or java.lang.IllegalArgumentException: Failed to parse expression 'hasAnyRole(['ROLE1', 'ROLE2'])' how should it be configured? Thanks

    Read the article

  • Enabling SSL Requests on Jdev's Integrated Weblogic

    - by Christian David Straub
    Often times you will want to enable SSL access for such things as secure login or secure signup. By default, the integrated WLS that ships with JDev does not listen to SSL requests. However, this is easily fixed.Just navigate to http://127.0.0.1:7101/console. This will deploy the console app where you can configure WLS. By default the login credentials are:username: weblogicpassword: weblogic1Then go to Environment -> Servers -> DefaultServer. Check the "SSL Listen Port Enabled" box and your server will now listen to SSL requests (just make sure to use the listen port that is specified).For added security, you can always check while processing your request that it is going through an SSL connection by first checking HttpServletRequest.isSecure().

    Read the article

  • ubuntu integrated graphics suspend + hybrid graphics

    - by kapad
    My laptop uses a hybrid graphics hardware. Using the vgaswitcheroo I am able to power off either card and switch between them correctly. The issue is that the system wakes up/resumes from suspend correctly only when using the discrete graphics, or atleast the discrete graphics must be powered on even if the display is connected to the onboard intel card. Has anyone faced this issues? Is there any workaround? I only want to use the integrated card and not the discrete amd card. System Info Intel HD 3000 ATI mobility radeon HD 7600M Ubuntu 12.10

    Read the article

  • Better drivers for SiS 650/740 integrated video?

    - by Bart van Heukelom
    I installed Xubuntu 10.10 on an old box today and the graphical performance is horrid. According to lspci, the video card is this: 01:00.0 VGA compatible controller: Silicon Integrated Systems [SiS] 65x/M650/740 PCI/AGP VGA Display Adapter (prog-if 00 [VGA controller]) Subsystem: ASUSTeK Computer Inc. Device 8081 Flags: 66MHz, medium devsel, IRQ 11 BIST result: 00 Memory at f0000000 (32-bit, prefetchable) [size=128M] Memory at e7800000 (32-bit, non-prefetchable) [size=128K] I/O ports at d800 [size=128] Expansion ROM at <unassigned> [disabled] Capabilities: <access denied> Kernel modules: sisfb Is there a way to make it faster? Alternative drivers? The additional drivers tool shows nothing. I'm specifically interested in improving Java's Java2D rendering speed, because I'll be running a "stat screen" written in that language on it.

    Read the article

  • DbNetSuite 4.2 released with integrated database charting

    DbNetLink is pleased to announce the release of DbNetSuite 4.2. DbNetSuite is a set of lightweight integrated AJAX enabled ASP.NET components for creating web applications that interface with the database and file systems. New in 4.2 "Out of the box" integration with MS Chart Control Save runtime user configuration with User Profiles Improved performance   Visit the web site for further information, online demos and a fully functional evaluation download. http://www.dbnetsuite.com...Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

    Read the article

  • Just installed Ubuntu 12.04 - integrated speakers aren't working but headphones are

    - by Mat Elkan
    I've just installed Ubuntu 12.04 alongside Windows Vista. There were no previous versions of Ubuntu installed. My computer is a Sony Vaio all in one, with integrated sound card and speakers. I can't get any sound coming from the speakers, but if I plug headphones into the jack on the side of the computer and select "headphones" under "sound" in "system settings" I can get sound through them. I have been searching all day trying to find a fix but haven't had any luck. Any advice would be greatly appreciated. Thanks! Mat :-)

    Read the article

  • Switching between Discrete and Integrated GPUs

    - by void-pointer
    Hello everyone, I develop CUDA applications on my Alienware M17x portable back-breaker, which has two discrete GTX 285M GPUs and one integrated GeForce 9400M GPU. I can currently switch between them using NVIDIA's software, but I would like the ability to do so within my applications for purposes of benchmarking and general convenience. Apparently this requires the "NDA version" of NVIDIA's Driver API, which I know not how to obtain. Would using this API be the only way to accomplish what I seek, and if so, how would I obtain it? A solution using Windows APIs would also be acceptable, though less preferable to one which would leverage a cross-platform API. I have created a similar thread concerning the matter on NVIDIA's forum, which is down at the time of this writing. Thanks for reading my question; it is much appreciated!

    Read the article

  • DbNetSuite 4.2 with integrated charting

    DbNetLink is please to announce the release of DbNetSuite 4.2 DbNetSuite is a set of lightweight integrated AJAX enabled ASP.NET components for creating web applications that interface with the database and file systems. New in 4.2 "Out of the box" integration with MS Chart Control Save runtime user configuration with User Profiles Improved performance Visit the web site for further information, online demos and a free fully functional download. http://www.dbnetsuite.com &n...Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

    Read the article

  • Kernel Mode Rootkit

    - by Pajarito
    On the other 3 computers in my family, I believe that we have a kernel-mode rootkit for windows. It appears that the same rootkit is on all of them. We think. We changed all the important passwords from my computer, running linux right now. On all of the infected computers is Symantic Endpoint Protection, because it's free from the university where my mom and dad work. In my opinion symantec is a piece of crap, seeing as it didn't even manager to delete the tracking cookies it found when I tried it on my own computer. The Computers and their set-ups: Computer A: Vista Business; symantec antivirus. runs it as admin, no password. IE8. no other security software other than what comes with windows. IE8 security settings the default Computer B: XP Home Premium; symantec antivirus. runs as normal user, no password, admin account with weak password, spybot, uses IE8 with default settings, sometimes Firefox Computer C: XP Home Premium; symantec antivirus. runs as normal user, no password, admin account with weak password, uses IE8 with default settings, no other security programs except what came with windows This is what's happening. Cut and pasted from my dad's forum post. -- When I scanned my laptop (Dell XPS M1330 with Windows Vista Small Business), Symantec Endpoint Protection hangs for a while, perhaps 10 seconds or so, on some of the following files 9129837.exe, hide_evr2.sys, VirusRemoval.vbs, NewVirusRemoval.vbs, dll.dll, alsmt.ext, and _epnt.sys. It does this if a run a scan that I set up to run on a new thumbnail drive and it does this even if the thumbnail is not plugged in. It doesn't seem to do this if I scan only the C: drive. I've check for problems with symantec endpoint protection and also with Microsoft Security Essentials and Malwarebytes Anti-Malware. They found nothing and I can't find anything by searching for hidden files. Next I tried microsoft's rootkitrevealer. It (rootkitrevealer) finds 279660 (or so) discrepancies and the interface is so glitchy after that I can't really figure out what is going on. The screen is squirrely. The rootkitrevealer pulls up many files in the folder \programdata\applicationdata and there are numberous appended \applicationdata on the end of that as well. -- As you can see, what we did was install MSE and MBAM and scan with both of them. Nothing but a tracking cookie. Then I took over and ran rootkitrevealer.exe from MicroSoft from a flash drive. It found a bunch of discrepancies, but only about 20 or so where security related, the rest being files that you just couldn't see from Windows Explorer. I couldn't see whether of not the files list above, the ones that the scan was hanging on, where in the list. The other thing is, I have no idea what to do about the things the scan comes up with. Then we checked the other computers and they do the same thing when you scan with Symantec. The people at the university seen to think that dad might not have a virus, but 2 of the computers slowed down noticably AND IE8 started acting all funny. None of my family is very computer oriented, and 2 of the possible causes for the rootkit are: -My dad bought a new flash drive, which shipped with a data security executable on it -My dad has to download lots of articles for his work Those are the only things that stand out, but it could have been anything. We are currently backing up our data, and I'll post again after trying IceSword 1.22. I just looked at my dad's forum topic, and someone recommended GMER. I'll try that too.

    Read the article

  • apt-get update cannot find ubuntu servers

    - by Phrogz
    Running sudo apt-get update fails on my server (that has a 'net connection). Are the servers temporarily broken, or is my apt misconfigured and using old servers? In short, how do I fix this? Here's the output: ~$ uname -a Linux nematode 2.6.28-19-server #66-Ubuntu SMP Sat Oct 16 18:41:24 UTC 2010 i686 GNU/Linux ~$ sudo apt-get update Err http://us.archive.ubuntu.com jaunty Release.gpg Could not resolve 'us.archive.ubuntu.com' Err http://us.archive.ubuntu.com jaunty/main Translation-en_US Could not resolve 'us.archive.ubuntu.com' Err http://us.archive.ubuntu.com jaunty/restricted Translation-en_US Could not resolve 'us.archive.ubuntu.com' Err http://us.archive.ubuntu.com jaunty/universe Translation-en_US Could not resolve 'us.archive.ubuntu.com' Err http://us.archive.ubuntu.com jaunty/multiverse Translation-en_US Could not resolve 'us.archive.ubuntu.com' Err http://us.archive.ubuntu.com jaunty-updates Release.gpg Could not resolve 'us.archive.ubuntu.com' Err http://us.archive.ubuntu.com jaunty-updates/main Translation-en_US Could not resolve 'us.archive.ubuntu.com' Err http://us.archive.ubuntu.com jaunty-updates/restricted Translation-en_US Could not resolve 'us.archive.ubuntu.com' Err http://us.archive.ubuntu.com jaunty-updates/universe Translation-en_US Could not resolve 'us.archive.ubuntu.com' Err http://us.archive.ubuntu.com jaunty-updates/multiverse Translation-en_US Could not resolve 'us.archive.ubuntu.com' Err http://security.ubuntu.com jaunty-security Release.gpg Could not resolve 'security.ubuntu.com' Err http://security.ubuntu.com jaunty-security/main Translation-en_US Could not resolve 'security.ubuntu.com' Err http://security.ubuntu.com jaunty-security/restricted Translation-en_US Could not resolve 'security.ubuntu.com' Err http://security.ubuntu.com jaunty-security/universe Translation-en_US Could not resolve 'security.ubuntu.com' Err http://security.ubuntu.com jaunty-security/multiverse Translation-en_US Could not resolve 'security.ubuntu.com' Reading package lists... Done W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/jaunty/Release.gpg Could not resolve 'us.archive.ubuntu.com' W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/jaunty/main/i18n/Translation-en_US.bz2 Could not resolve 'us.archive.ubuntu.com' W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/jaunty/restricted/i18n/Translation-en_US.bz2 Could not resolve 'us.archive.ubuntu.com' W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/jaunty/universe/i18n/Translation-en_US.bz2 Could not resolve 'us.archive.ubuntu.com' W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/jaunty/multiverse/i18n/Translation-en_US.bz2 Could not resolve 'us.archive.ubuntu.com' W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/jaunty-updates/Release.gpg Could not resolve 'us.archive.ubuntu.com' W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/jaunty-updates/main/i18n/Translation-en_US.bz2 Could not resolve 'us.archive.ubuntu.com' W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/jaunty-updates/restricted/i18n/Translation-en_US.bz2 Could not resolve 'us.archive.ubuntu.com' W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/jaunty-updates/universe/i18n/Translation-en_US.bz2 Could not resolve 'us.archive.ubuntu.com' W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/jaunty-updates/multiverse/i18n/Translation-en_US.bz2 Could not resolve 'us.archive.ubuntu.com' W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/jaunty-security/Release.gpg Could not resolve 'security.ubuntu.com' W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/jaunty-security/main/i18n/Translation-en_US.bz2 Could not resolve 'security.ubuntu.com' W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/jaunty-security/restricted/i18n/Translation-en_US.bz2 Could not resolve 'security.ubuntu.com' W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/jaunty-security/universe/i18n/Translation-en_US.bz2 Could not resolve 'security.ubuntu.com' W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/jaunty-security/multiverse/i18n/Translation-en_US.bz2 Could not resolve 'security.ubuntu.com' W: Some index files failed to download, they have been ignored, or old ones used instead. W: You may want to run apt-get update to correct these problems

    Read the article

  • apt-get update cannot find ubuntu servers

    - by Phrogz
    Running sudo apt-get update fails on my server (that has a 'net connection). Are the servers temporarily broken, or is my apt misconfigured and using old servers? In short, how do I fix this? Here's the output: ~$ uname -a Linux nematode 2.6.28-19-server #66-Ubuntu SMP Sat Oct 16 18:41:24 UTC 2010 i686 GNU/Linux ~$ sudo apt-get update Err http://us.archive.ubuntu.com jaunty Release.gpg Could not resolve 'us.archive.ubuntu.com' Err http://us.archive.ubuntu.com jaunty/main Translation-en_US Could not resolve 'us.archive.ubuntu.com' Err http://us.archive.ubuntu.com jaunty/restricted Translation-en_US Could not resolve 'us.archive.ubuntu.com' Err http://us.archive.ubuntu.com jaunty/universe Translation-en_US Could not resolve 'us.archive.ubuntu.com' Err http://us.archive.ubuntu.com jaunty/multiverse Translation-en_US Could not resolve 'us.archive.ubuntu.com' Err http://us.archive.ubuntu.com jaunty-updates Release.gpg Could not resolve 'us.archive.ubuntu.com' Err http://us.archive.ubuntu.com jaunty-updates/main Translation-en_US Could not resolve 'us.archive.ubuntu.com' Err http://us.archive.ubuntu.com jaunty-updates/restricted Translation-en_US Could not resolve 'us.archive.ubuntu.com' Err http://us.archive.ubuntu.com jaunty-updates/universe Translation-en_US Could not resolve 'us.archive.ubuntu.com' Err http://us.archive.ubuntu.com jaunty-updates/multiverse Translation-en_US Could not resolve 'us.archive.ubuntu.com' Err http://security.ubuntu.com jaunty-security Release.gpg Could not resolve 'security.ubuntu.com' Err http://security.ubuntu.com jaunty-security/main Translation-en_US Could not resolve 'security.ubuntu.com' Err http://security.ubuntu.com jaunty-security/restricted Translation-en_US Could not resolve 'security.ubuntu.com' Err http://security.ubuntu.com jaunty-security/universe Translation-en_US Could not resolve 'security.ubuntu.com' Err http://security.ubuntu.com jaunty-security/multiverse Translation-en_US Could not resolve 'security.ubuntu.com' Reading package lists... Done W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/jaunty/Release.gpg Could not resolve 'us.archive.ubuntu.com' W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/jaunty/main/i18n/Translation-en_US.bz2 Could not resolve 'us.archive.ubuntu.com' W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/jaunty/restricted/i18n/Translation-en_US.bz2 Could not resolve 'us.archive.ubuntu.com' W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/jaunty/universe/i18n/Translation-en_US.bz2 Could not resolve 'us.archive.ubuntu.com' W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/jaunty/multiverse/i18n/Translation-en_US.bz2 Could not resolve 'us.archive.ubuntu.com' W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/jaunty-updates/Release.gpg Could not resolve 'us.archive.ubuntu.com' W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/jaunty-updates/main/i18n/Translation-en_US.bz2 Could not resolve 'us.archive.ubuntu.com' W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/jaunty-updates/restricted/i18n/Translation-en_US.bz2 Could not resolve 'us.archive.ubuntu.com' W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/jaunty-updates/universe/i18n/Translation-en_US.bz2 Could not resolve 'us.archive.ubuntu.com' W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/jaunty-updates/multiverse/i18n/Translation-en_US.bz2 Could not resolve 'us.archive.ubuntu.com' W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/jaunty-security/Release.gpg Could not resolve 'security.ubuntu.com' W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/jaunty-security/main/i18n/Translation-en_US.bz2 Could not resolve 'security.ubuntu.com' W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/jaunty-security/restricted/i18n/Translation-en_US.bz2 Could not resolve 'security.ubuntu.com' W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/jaunty-security/universe/i18n/Translation-en_US.bz2 Could not resolve 'security.ubuntu.com' W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/jaunty-security/multiverse/i18n/Translation-en_US.bz2 Could not resolve 'security.ubuntu.com' W: Some index files failed to download, they have been ignored, or old ones used instead. W: You may want to run apt-get update to correct these problems

    Read the article

  • Spring security custom ldap authentication provider

    - by wuntee
    I currently have my ldap authentication context set up like this: <ldap-server url="ldap://host/dn" manager-dn="cn=someuser" manager-password="somepass" /> <authentication-manager> <ldap-authentication-provider user-search-filter="(samaccountname={0})"/> </authentication-manager> Now, I need to be able to set up a custom authorities mapper (it uses a different ldap server) - so I am assuming I need to set up my ldap-server similar to (http://static.springsource.org/spring-security/site/docs/2.0.x/reference/ldap.html): <bean id="ldapAuthProvider" class="org.springframework.security.providers.ldap.LdapAuthenticationProvider"> <constructor-arg> <bean class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator"> <constructor-arg ref="contextSource"/> <property name="userDnPatterns"> <list><value>uid={0},ou=people</value></list> </property> </bean> </constructor-arg> <constructor-arg> <bean class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator"> <constructor-arg ref="contextSource"/> <constructor-arg value="ou=groups"/> <property name="groupRoleAttribute" value="ou"/> </bean> </constructor-arg> </bean> But, how do I reference that 'ldapAuthProvider' to the ldap-server in the security context? I am also using spring-security 3, so '' does not exist...

    Read the article

  • WCF Security in a Windows Service

    - by Alphonso
    I have a WCF service which can run as Console App and a Windows Service. I have recently copied the console app up to a W2K3 server with the following security settings: <wsHttpBinding> <binding name="ServiceBinding_Security" transactionFlow="true" > <security mode="TransportWithMessageCredential" > <message clientCredentialType="UserName" /> </security> </binding> </wsHttpBinding> <serviceCredentials> <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="Common.CustomUserNameValidator, Common" /> </serviceCredentials> Security works fine with no problems. I have exactly the same code, but running in a windows service and I get the following error when I try to call any of the methods from a client: System.ServiceModel.Security.MessageSecurityException was unhandled Message="An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail." Source="mscorlib" StackTrace: Server stack trace: at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.ProcessReply(Message reply, SecurityProtocolCorrelationState correlationState, TimeSpan timeout) ...... (lots of stacktrace info - not very useful) InnerException: System.ServiceModel.FaultException Message="An error occurred when verifying security for the message." The exception tells me nothing. I'm assuming that it has something to do with acces to system resources from the Windows Service. I've tried running it under the same account as the console app, but no luck. Does anyone have any ideas?

    Read the article

  • Open Source Web Frameworks : Security

    - by trappedIntoCode
    How secure are popular open source web frameworks? I am particularly interested in popular frameworks like Rails and DJango. If I am building a site which is going to do heavy e-commerce, is it Ok to use frameworks like DJango and Satchmo? Is security compromised because their open architecture ? I know being OS does not mean being down right open to hackers, Linux uses superb authentication mechanism, but web is a different game. What can be done in this regard? UPDATE: Thanks for answers guys. I understand that I will have to find a suitable hosting service for a secure e-commerce application and that additional layers of security will be needed. I understand that Django and Rails have been designed keeping security aspects in mind, the most common form attacks like XSS, Injections etc. (Django book has a ch on Security) I was expecting comments from security Gurus. If you are a security Guru, would you recommend an important site, which is likely going to be popular, to be built on DJango or Rails?

    Read the article

  • Exclude css & image resources in web.xml Security Constraint

    - by Tiggles
    I am using JSF2.1 and Glassfish 3.1.2. I specify a security constraint to block everything: <security-constraint> <web-resource-collection> <web-resource-name>Secured Content</web-resource-name> <!-- Block all --> <url-pattern>/*</url-pattern> </web-resource-collection> <!-- only users with at least one of these roles are allowed to access the secured content --> <auth-constraint> <role-name>ADMINISTRATOR</role-name> </auth-constraint> </security-constraint> and have another to allow access a subset of pages and the resources: <security-constraint> <web-resource-collection> <web-resource-name>Open Content</web-resource-name> <!-- Allow subscribe --> <url-pattern>/subscribe/*</url-pattern> <url-pattern>/javax.faces.resource/*</url-pattern> </web-resource-collection> <!-- No Auth Contraint! --> </security-constraint> This works fine. However, is the following <url-pattern>/javax.faces.resource/*</url-pattern> the correct way to allow all resources? I only did this by looking at the url that Facelets injects into the xhtml. Is there security holes with this approach? Thanks.

    Read the article

  • WCF Security in a Windows Service

    - by Alphonso
    I have a WCF service which can run as Console App and a Windows Service. I have recently copied the console app up to a W2K3 server with the following security settings: <wsHttpBinding> <binding name="ServiceBinding_Security" transactionFlow="true" > <security mode="TransportWithMessageCredential" > <message clientCredentialType="UserName" /> </security> </binding> </wsHttpBinding> <serviceCredentials> <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="Common.CustomUserNameValidator, Common" /> </serviceCredentials> Security works fine with no problems. I have exactly the same code, but running in a windows service and I get the following error when I try to call any of the methods from a client: System.ServiceModel.Security.MessageSecurityException was unhandled Message="An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail." Source="mscorlib" StackTrace: Server stack trace: at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.ProcessReply(Message reply, SecurityProtocolCorrelationState correlationState, TimeSpan timeout) ...... (lots of stacktrace info - not very useful) InnerException: System.ServiceModel.FaultException Message="An error occurred when verifying security for the message." The exception tells me nothing. I'm assuming that it has something to do with acces to system resources from the Windows Service. I've tried running it under the same account as the console app, but no luck. Does anyone have any ideas?

    Read the article

  • Java SE 7u10: Enhanced Security Features and Support for New Platforms

    - by Tori Wieldt
    On December 11, 2012 Oracle released Java SE 7 Update 10 (Java SE 7u10). This release includes enhanced security features and support for new platforms. Enhanced Security Features The JDK 7u10 release includes the following security enhancements: The ability to disable any Java application from running in the browser. This mode can be set in the Java Control Panel or (on Microsoft Windows platform only) using a command-line install argument. The ability to select the desired level of security for unsigned applets, Java Web Start applications, and embedded JavaFX applications that run in a browser. Four levels of security are supported. This feature can be set in the Java Control Panel or (on Microsoft Windows platform only) using a command-line install argument. New dialogs to warn you when the JRE is insecure (either expired or below the security baseline) and needs to be updated. For more information, read Henrik Stahl's blog Oracle JDK 7u10 Released with New Security and the documentation Setting the Level of Security for the Java Client. New Supported Platforms Java SE 7 Update 10 (Java SE 7u10) supports Windows 8 Desktop Mode1 with IE 10, and Mac OS 10.8.? For more information, refer to the Oracle Certified System Configurations page.  Download and Release Notes Java SE 7u10 is available on OTN Download Page. To learn more about the release, please see the Java SE 7u10 Release Notes. For information about the other Java releases last week, read the Java Source blog "Java SE Updates." 

    Read the article

  • Pyramid.security: Is getting user info from a database with unauthenticated_userid(request) really secure?

    - by yourfriendzak
    I'm trying to make an accesible cache of user data using Pyramid doc's "Making A “User Object” Available as a Request Attribute" example. They're using this code to return a user object to set_request_property: from pyramid.security import unauthenticated_userid def get_user(request): # the below line is just an example, use your own method of # accessing a database connection here (this could even be another # request property such as request.db, implemented using this same # pattern). dbconn = request.registry.settings['dbconn'] userid = unauthenticated_userid(request) if userid is not None: # this should return None if the user doesn't exist # in the database return dbconn['users'].query({'id':userid}) I don't understand why they're using unauthenticated_userid(request) to lookup user info from the database...isn't that insecure? That means that user might not be logged in, so why are you using that ID to get there private info from the database? Shouldn't userid = authenticated_userid(request) be used instead to make sure the user is logged in? What's the advantage of using unauthenticated_userid(request)? Please help me understand what's going on here.

    Read the article

  • Gmail: security warning icon

    - by Notetaker
    Hello, I just enabled some Gmail Labs programs in my Gmail account, and then I noticed the orange triangle icon with an exclamation mark in it at the end of the address bar of my Google Chrome browser. Clicking on it brought forth a "Security Information' dialog box, with the following messages: "--mail.google.com The identity of website has been verified by Thawlte SGC CA. --Your connection to mail.google.com is encrypted with 128-bit encryption. However, this page includes other resources which are not secure. These resources can be viewed by others while in transit, and can be modified by an attacker to change the look or behavior of the page." I then logged into two of my other Gmail accounts, one of which has no Gmail Labs programs enabled, and the other with 1 program enabled quite some time ago, both with the same result as above (i.e., with the appearance of the orange triangle warning sign in the address bar). I don't remember seeing the orange triangle before, but I'm not sure if it has ever appeared or not. I have "Always use https" enabled for my Gmail accounts. My questions are: Is there a way to identify and remove these un-secure "resources"? (Could enabling Gmail Labs programs have brought these on?) Meanwhile, are my Gmail accounts compromised and unsafe to use? If so, what should I being doing about that now? After this problem is solved, would I need to reset the password to my Gmail accounts, and/or take any other measures to restore their security? Many thanks for answering my questions!

    Read the article

  • Windows Server 2008 Create Symbolic Link, updated Security Policy still gives privilege error

    - by Matt
    Windows Server 2008, RC2. I am trying to create a symbolic/soft link using the mklink command: mklink /D LinkName TargetDir e.g. c:\temp\>mklink /D foo bar This works fine if I run the command line as Administrator. However, I need it to work for regular users as well, because ultimately I need another program (executing as a user) to be able to do this. So, I updated the Local Security Policy via secpol.msc. Under "Local Policies" "User Rights Management" "Create symbolic links", I added "Users" to the security setting. I rebooted the machine. It still didn't work. So I added "Everyone" to the policy. Rebooted. And STILL it didn't work. What on earth am I doing wrong here? I think my user is even an Administrator on this box, and running plain command line even with this updated policy in place still gives me: You do not have sufficient privilege to perform this operation.

    Read the article

  • Transparent Data Encryption Helps Customers Address Regulatory Compliance

    - by Troy Kitch
    Regulations such as the Payment Card Industry Data Security Standards (PCI DSS), U.S. state security breach notification laws, HIPAA HITECH and more, call for the use of data encryption or redaction to protect sensitive personally identifiable information (PII). From the outset, Oracle has delivered the industry's most advanced technology to safeguard data where it lives—in the database. Oracle provides a comprehensive portfolio of security solutions to ensure data privacy, protect against insider threats, and enable regulatory compliance for both Oracle and non-Oracle Databases. Organizations worldwide rely on Oracle Database Security solutions to help address industry and government regulatory compliance. Specifically, Oracle Advanced Security helps organizations like Educational Testing Service, TransUnion Interactive, Orbitz, and the National Marrow Donor Program comply with privacy and regulatory mandates by transparently encrypting sensitive information such as credit cards, social security numbers, and personally identifiable information (PII). By encrypting data at rest and whenever it leaves the database over the network or via backups, Oracle Advanced Security provides organizations the most cost-effective solution for comprehensive data protection. Watch the video and learn why organizations choose Oracle Advanced Security with transparent data encryption.

    Read the article

< Previous Page | 9 10 11 12 13 14 15 16 17 18 19 20  | Next Page >