Search Results

Search found 19074 results on 763 pages for 'secure government government cloud security'.

Page 137/763 | < Previous Page | 133 134 135 136 137 138 139 140 141 142 143 144 | Next Page >

Secure web module for paid subscribtion

- by DarkJaff

Hello everyone, I'm building a website (a community web site like digg) but we will soon release a new feature that people will need to pay for. Right now, our website is in pure C# in .NET, very simple pages with some AJAX. When the member log in, there is no HTTPS. Everything is check with session and the internal validation that I do. What we need, is that when the people are logged in, they can click on a link a proceed to a payment (Paypal, credit card, etc). After the payment is done, the "billing module" will return a value to my site to validate that the payment is done so the account will be flagged as "paying member". I'm guessing this is the way to do, maybe I'm wrong! So my questions are: -What is the name of this kind of billing module? (I will do some research on that) -Do you know any ready to go module that does this kind of thing? -(I push my luck) Do you know any FREE module that do this kind of things. If something is not clear, don't hesitate to ask question :) Thanks a lot! DarkJaff

Read the article
Parsing secure entries XML file with jquery

- by user573131

Apologies if this is elementary. I'm primarily a front end designer/dev. I have webform through a form service called wufoo. Wufoo generates a lovely XML (or json) file that can be grabed and parsed. I'm trying to grab the entries xml feed that is associated with the form and parse it via jquery to show who has entered. Im using the following code (which works with a local xml file). http://bostonwebsitemakeover.com/2/test <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.js"></script> <script> $(document).ready(function () { $.ajax({ type: "GET", url: "people.xml", dataType: "xml", success: xmlParser }); }); function xmlParser(xml) { $('#load').fadeOut(); $(xml).find("Entry").each(function () { $(".main").append('<div class="entry">' + $(this).find("Field1").text() + ' ' + $(this).find("Field2").text() + ' http://twitter.com/' + $(this).find("Field17").text() + '</div>'); $(".entry").fadeIn(1000); }); } </script> My XML file contains the following: <?xml version="1.0"?> <Entries> <Entry> <EntryId>1</EntryId> <Field1>Meaghan</Field1> <Field2>Severson</Field2> <Field17/> </Entry> <Entry> <EntryId>2</EntryId> <Field1>Michael</Field1> <Field2>Flint</Field2> <Field17>michaelflint</Field17> </Entry> <Entry> <EntryId>3</EntryId> <Field1>Niki</Field1> <Field2>Brown</Field2> <Field17>nikibrown</Field17> </Entry> <Entry> <EntryId>4</EntryId> <Field1>Niki</Field1> <Field2>Brown</Field2> <Field17>nikibrown</Field17> </Entry> </Entries> I'm wondering how I would do this with the xml file hosted on the wufoo (which is https) So I guess Im asking how do I authenticate the feed via jquery? Or do i need to do this via json? Could someone explain how?

Read the article
2 New Resources Added to IT Strategies from Oracle Library

- by Bob Rhubart

IT Strategies from Oracle, an authorized library of guidelines and reference architectures, has just been updated to include two new documents: A Pragmatic Approach to Cloud Adoption For enterprises that seek to transform their own IT capabilities and avoid adverse disruption in the process, a structured and pragmatic approach to Cloud computing is required. This practitioner guide details a framework that can be used within any organization for developing such an approach to Cloud adoption. Oracle's Approach to Cloud Successful adoption of Cloud computing requires the definition of an approach that aligns with business drivers and operational capabilities. This is why Oracle has developed a pragmatic approach, based on experience with numerous companies, to help customers successfully adopt Cloud. This data sheet provides an executive overview of Oracle's proven approach to Cloud. These two new resources join a collection of dozens of documents covering Service-Oriented Architecture, Event-Driven Architecture, Business Process Management, and Cloud Computing. Registration is required to access the material, but it's all free.

Read the article
Stuck with luasec LUA secure socket

- by PeterMmm

This example code fails: require("socket") require("ssl") -- TLS/SSL server parameters local params = { mode = "server", protocol = "sslv23", key = "server.key", certificate = "server.crt", cafile = "server.key", password = "123456", verify = {"peer", "fail_if_no_peer_cert"}, options = {"all", "no_sslv2"}, ciphers = "ALL:!ADH:@STRENGTH", } local socket = require("socket") local server = socket.bind("*", 8888) local client = server:accept() client:settimeout(10) -- TLS/SSL initialization local conn,emsg = ssl.wrap(client, params) print(emsg) conn:dohandshake() -- conn:send("one line\n") conn:close() request https://localhost:8888/ output error loading CA locations ((null)) lua: a.lua:25: attempt to index local 'conn' (a nil value) stack traceback: a.lua:25: in main chunk [C]: ? Not very much info. Any idea how to trace down to the problem ?

Read the article
Tell Us Once–Final Phase goes live

- by BizTalk Visionary

Yesterday the final phase of ‘Tell Us Once’ went live. This completes the 4 1/2 year journey Solidsoft started on this cross government project with the addition of full electronic distribution of data and the most import piece – access for the citizen to use the service on-line. Tell Us Once (TUO) is the award-winning, cross-government programme that lets people inform central government and local authorities just once of a birth or death. In service in over 95% of councils in England, Scotland and Wales, it provides a permanent solution to the long-standing and frustrating issue of people having to notify the government multiple times. Several years ago, research showed that people had to make up to 44 contacts when reporting a death to government bodies and their local authority. The TUO service is offered as a face-to-face interview by the local authority or by telephone to a dedicated telephony service run by the Department for Work and Pensions (DWP). and a now a TUO online service for death. From the bereavement section of the Direct Gov web site the citizen is able to ‘enrich’ the standard death registration data to allow the ‘Tell Us Once’ system inform the various government departments about the death. These include the local council, DVLA, DWP, Passport service and HMRC. For the record this is an excellent example of how an SME working with a large SI partner can deliver success for government in a responsive and agile manner. For me personally it is a proud moment in which a vision I started with a very small team was followed through, extended and finally delivered by an excellent team at Solidsoft.

Read the article
jersey security and session management

- by Adhir

Hi, Is there a way for session management or security available programatically in Jersey specification. e.g. like a web-application session management. Or is transaction, session, security all handeled by the containor on which the jersey application is deployed. Adhir

Read the article
PowerShell Remoting: No credentials are available in the security package

- by TheSciz

I'm trying to use the following script: $password = ConvertTo-SecureString "xxxx" -AsPlainText -Force $cred = New-Object System.Management.Automation.PSCredential("domain\Administrator", $password) $session = New-PSSession 192.168.xxx.xxx -Credential $cred Invoke-Command -Session $session -ScriptBlock { New-Cluster -Name "ClusterTest" -Node HOSTNAME } To remotely create a cluster (it's for testing purposes) on a Windows Server 2012 VM. I'm getting the following error: An error occurred while performing the operation. An error occurred while creating the cluster 'ClusterTest'. An error occurred creating cluster 'ClusterTest'. No credentials are available in the security package + CategoryInfo : NotSpecified: (:) [New-Cluster], ClusterCmdletException + FullyQualifiedErrorId : New-Cluster,Microsoft.FailoverClusters.PowerShell.NewClusterCommand All of my other remote commands (installing/making changes to DNS, DHCP, NPAS, GP, etc) work without an issue. Why is this one any different? The only difference is in the -ScriptBlock tag. Help!

Read the article
Win 2008 Server & IIS7: ASP installed but displays 'FILE DOWNLOAD - SECURITY WARNING"

- by AzC

Hi Dudes, Installed Win 2008 server and IIS7. Enabled ASP Classic and ASP.NET on it. Can't get any ASP scripts to run e.g. desperate.asp containing following line: <% Response.Write "Hello Love, Fancy a Date?" % It just comes up with a "FILE DOWNLOAD - SECURITY WARNING" panel asking em to download. When I select anything it keeps looping. Found lots fo stuff on internet but nothing working. Also same for other ASP scripts HTML works no problem e.g. a file called reply.html containing: Get lost little boy. We only serve French Fries in Macdonalds Any ideas?

Read the article
java web start security warning

- by ria

I have a web application that downloads a jar file from the web server using java web start. The jar is signed using J2SE security tool. However, I get the security warning "The application digital signature cannot be verified. Do you want to run the application?" Am I missing something that is causing this??

Read the article
UK Oracle User Group Event: Trends in Identity Management

- by B Shashikumar

As threat levels rise and new technologies such as cloud and mobile computing gain widespread acceptance, security is occupying more and more mindshare among IT executives. To help prepare for the rapidly changing security landscape, the Oracle UK User Group community and our partners at Enline/SENA have put together an User Group event in London on Apr 19 where you can learn more from your industry peers about upcoming trends in identity management. Here are some of the key trends in identity management and security that we predicted at the beginning of last year and look how they have turned out so far. You have to admit that we have a pretty good track record when it comes to forecasting trends in identity management and security. Threat levels will grow—and there will be more serious breaches: We have since witnessed breaches of high value targets like RSA and Epsilon. Most organizations have not done enough to protect against insider threats. Organizations need to look for security solutions to stop user access to applications based on real-time patterns of fraud and for situations in which employees change roles or employment status within a company. Cloud computing will continue to grow—and require new security solutions: Cloud computing has since exploded into a dominant secular trend in the industry. Cloud computing continues to present many opportunities like low upfront costs, rapid deployment etc. But Cloud computing also increases policy fragmentation and reduces visibility and control. So organizations require solutions that bridge the security gap between the enterprise and cloud applications to reduce fragmentation and increase control. Mobile devices will challenge traditional security solutions: Since that time, we have witnessed proliferation of mobile devices—combined with increasing numbers of employees bringing their own devices to work (BYOD) — these trends continue to dissolve the traditional boundaries of the enterprise. This in turn, requires a holistic approach within an organization that combines strong authentication and fraud protection, externalization of entitlements, and centralized management across multiple applications—and open standards to make all that possible. Security platforms will continue to converge: As organizations move increasingly toward vendor consolidation, security solutions are also evolving. Next-generation identity management platforms have best-of-breed features, and must also remain open and flexible to remain viable. As a result, developers need products such as the Oracle Access Management Suite in order to efficiently and reliably build identity and access management into applications—without requiring security experts. Organizations will increasingly pursue "business-centric compliance.": Privacy and security regulations have continued to increase. So businesses are increasingly look for solutions that combine strong security and compliance management tools with business ready experience for faster, lower-cost implementations. If you'd like to hear more about the top trends in identity management and learn how to empower yourself, then join us for the Oracle UK User Group on Thu Apr 19 in London where Oracle and Enline/SENA product experts will come together to share security trends, best practices, and solutions for your business. Register Here.

Read the article
Creating secure .exe files in C#

- by George

Hi, I have heard some mutterings about C# being quite easy to "crack" and/or reverse engineer. Is this the case and if so, how can I go about preventing this, if possible ? Or at least making it more difficult ? Thanks, George.

Read the article
XP Missing AD in secuirity location

- by Rodent43

I have a few Window XP clients that are part of a domain, when trying to set the permissions on the security tab and pressing location to search the AD for users it only presents the local machine... So I follow this path Right click folder Properties Security Add in the locations field where I would normally see the windows domain, I am only seeing the local machine name??? So only users that have a local account can be added to the folders permissions... Any tips would be appreciated

Read the article
Secure web service works in Firefox but not in IE7

- by tridium

I am trying to call a C# web service from one data center to another. I am able to load the web service properly in Firefox 3.6.3 but it does not load at all in Internet Explorer 7. When I try to install the application which relies on this web service, it can't find the web service at all, just like IE7. Is there any setting or configuration that would allow one browser to load it properly but not the other? I suspect that there's no firewall or that sort of problem because the web service loads for at least one browser.

Read the article
SQL2005 reporting server: intense security activity

- by David Wimbush

On my reporting server the Security log shows large numbers of Logon/Logoff events, often 10 or more, when you run pretty much any report in the Report Manager. Is this normal or is it a classic sign of having the wrong setup? Some system details: Windows Server 2003 R2 SP2, virtual server running under VMWare). SQL Server 2005 SP3 Standard Edition, running databases, Report Manager, and Ananlysis Services cubes. No other major services on the machine (i.e. it's not a domain controller, Exchange server or anything like that). Any ideas, please, guys?

Read the article
how to get rid of certificate error: navigation blocked in ie8

- by Radek

when I access our intranet via https I get this "certificate error: navigation blocked" error in IE8 on Windows XP SP3. I can click Continue to this website (not recommended). but I use IE for automation testing so I have to avoid these extra clicks. Any idea? I tried setting “Turn off the Security Settings Check feature” to enabled. setting "Display Mixed Content" to enabled lowering security levels to minimum adding the web server address to trusted zone

Read the article
How secure is 7-zip?

- by danmine

Has its password protection system ever been broken into? Can it be trusted to hold extremely sensitive information?

Read the article
immplementing security with session variables, how it is insecure

- by haansi

Hello, I am doing web based projects in dotnet. Currently I am implementing security using session variables. I keep current user id and user type in session and authenticate user from these session variables (say Session["UserId"],Session["UserName"] and Session["UserType"]) I do authentications. Please guide me how it is insecure ? I heard such security can be broken and applications can be hacked very easily, like it is possible to get session id and directly connect to that session id etc. Please guide me on this thanks

Read the article
Captcha Alternative, how secure?

- by aslum

I do the web page for my local library, and I was thinking it might be kind of appealing to have a "custom" captcha based on book covers. So serve up one of several dozen book covers, and have the patron filling out the form type the book title to prove they're human. Assuming I stripped the title/author info from the image and filename, would that be enough? Would the fact that it was a unique system on a fairly small website be enough to make it effective? Just how tricky are the spam bots these days? Would having the image name be the ISBN # be too obvious?

Read the article
Secure Copy File from remote server via scp and os module in Python

- by user1063572

I'm pretty new to Python and programming. I'm trying to copy a file between two computers via a python script. However the code os.system("ssh " + hostname + " scp " + filepath + " " + user + "@" + localhost + ":" cwd) won't work. I think it needs a password, as descriped in How do I copy a file to a remote server in python using scp or ssh?. I didn't get any error logs, the file just won't show in my current working directory. However every other command with os.system("ssh " + hostname + "command") or os.popen("ssh " + hostname + "command") does work. - command = e.g. ls When I try ssh hostname scp file user@local:directory in the commandline it works without entering a password. I tried to combine os.popen commands with getpass and pxssh module to establish a ssh connection to the remote server and use it to send commands directly (I only tested it for an easy command): import pxssh import getpass ssh = pxssh.pxssh() ssh.force_password = True hostname = raw_input("Hostname: ") user = raw_input("Username: ") password = getpass.getpass("Password: ") ssh.login(hostname, user, password) test = os.popen("hostname") print test But I'm not able to put commands through to the remote server (print test shows, that hostname = local and not the remote server), however I'm sure, the conection is established. I thought it would be easier to establish a connection than always use "ssh " + hostname in the bash commands. I also tried some of the workarounds in How do I copy a file to a remote server in python using scp or ssh?, but I must admit due to lack of expirience I didn't get them to work. Thanks a lot for helping me.

Read the article
Sharepoint page level security

- by ifunky

Hi, Another SharePoint question from myself! I've created a subsite and from within Sharepoint designer I've created a new aspx page, all nice and simple so far. I can't seem to find where I can change the security on this new page, only site admins can view the page and everyone else gets access denied. It doesn't seem to inherit the permissions from the parent and I can't see where to change the security settings! Please help, I'm sure it's something simple! Thanks Dan

Read the article
Is there a secure p2p distributed database?

- by p2pgirl

I'm looking for a distributed hash table to store and retrieve values securely. These are my requirements: It must use an existing popular p2p network (I must guarantee my key/value will be stored and kept in multiple peers). None but myself should be able to edit or delete the key/value. Ideally an encryption key that only I have access to would be required to edit my key value. All peers would be able to read the key value (read-only access, only the key holder would be able to edit the value) Is there such p2p distributed hash table? Would the bittorrent distributed hash table meet my requirements?' Where could I find documentation?

Read the article
sudoers security

- by jetboy

I've setup a script to do Subversion updates across two servers - the localhost and a remote server - called by a post-commit hook run by the www-data user. /srv/svn/mysite/hooks/post-commit contains: sudo -u cli /usr/local/bin/svn_deploy /usr/local/bin/svn_deploy is owned by the cli user, and contains: #!/bin/sh svn update /srv/www/mysite ssh cli@remotehost 'svn update /srv/www/mysite' To get this to work I've had to add the following to the sudoers file: www-data ALL = (cli) NOPASSWD: /usr/local/bin/svn_deploy cli ALL = NOEXEC:NOPASSWD: /usr/local/bin/svn_deploy Entries for both www-data and cli were necessary to avoid the error: post commit hook failed: no tty present and no askpass program specified I'm wary of giving any kind of elevated rights to www-data. Is there anything else I should be doing to reduce or eliminate any security risk?

Read the article
Gathering entropy in web apps to create (more) secure random numbers

- by H M

after several days of research and discussion i came up with this method to gather entropy from visitors (u can see the history of my research here) when a user visits i run this code: $entropy=sha1(microtime().$pepper.$_SERVER['REMOTE_ADDR'].$_SERVER['REMOTE_PORT']. $_SERVER['HTTP_USER_AGENT'].serialize($_POST).serialize($_GET).serialize($_COOKIE)); note: pepper is a per site/setup random string set by hand. then i execute the following (My)SQL query: $query="update `crypto` set `value`=sha1(concat(`value`, '$entropy')) where name='entropy'"; that means we combine the entropy of the visitor's request with the others' gathered already. that's all. then when we want to generate random numbers we combine the gathered entropy with the output: $query="select `value` from `crypto` where `name`='entropy'"; //... extract(unpack('Nrandom', pack('H*', sha1(mt_rand(0, 0x7FFFFFFF).$entropy.microtime())))); note: the last line is a part of a modified version of the crypt_rand function of the phpseclib. please tell me your opinion about the scheme and other ideas/info regarding entropy gathering/random number generation. ps: i know about randomness sources like /dev/urandom. this system is just an auxiliary system or (when we don't have (access to) these sources) a fallback scheme.

Read the article
Where to place web.xml outside WAR file for secure redirect?

- by Silverhalide

I am running Tomcat 7 and am deploying a bunch of applications delivered to me by a third party as WAR files. I'd like to force some of those apps to always use SSL. (All the "SSL" apps are in one service; other apps outside this discussion are in another service.) I've figured out how to use conf\web.xml to redirect apps from HTTP to HTTPS, but that applies to all applications hosted by Tomcat. I've also figured out how to put web.xml in an unpacked app's web-inf directory; that does the trick for that specific app, but runs the risk of being overwritten if our vendor gives us a new war file to deploy. I've also tried placing the web.xml file in various places under conf\service\host, or under appbase, but none seem to work. Is it possible to redirect some apps to SSL without forcing all apps to redirect, or to put the web.xml file inside the extracted WAR file? Here's my server.xml: <Service name="secure"> <Connector port="80" connectionTimeout="20000" redirectPort="443" URIEncoding="UTF-8" enableLookups="false" compression="on" protocol="org.apache.coyote.http11.Http11Protocol" compressableMimeType="text/html,text/xml,text/plain,text/javascript,application/json,text/css"/> <Connector port="443" URIEncoding="UTF-8" enableLookups="false" compression="on" protocol="org.apache.coyote.http11.Http11Protocol" compressableMimeType="text/html,text/xml,text/plain,text/javascript,application/json,text/css" scheme="https" secure="true" SSLEnabled="true" sslProtocol="TLS" keystoreFile="..." keystorePass="..." keystoreType="PKCS12" truststoreFile="..." truststorePass="..." truststoreType="JKS" clientAuth="false" ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_AES_128_CBC_SHA"/> <Engine name="secure" defaultHost="localhost"> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/> <Host name="localhost" appBase="webapps" unpackWARs="false" autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false"> </Host> </Engine> </Service> <Service name="mutual-secure"> ... </Service> The content of the web.xml files I'm playing with is: <web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0" metadata-complete="true"> <security-constraint> <web-resource-collection> <web-resource-name>All applications</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <description>Redirect all requests to HTTPS</description> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> </web-app> (For conf\web.xml the security-constraint is added just before the end of the existing file, rather than create a new file.) My webapps directory (currently) contains only the WAR files.

Read the article
Does HTML5 make Javascript gaming safer (more secure)?

- by Sean Madigan

I know that Javascript is an incredibly unsecure way of programming a persistent game, where for instance you are doing battle calculations in an RPG and then award XP through linking to a PHP page when they win that adds XP to a database (since the player could make their own javascript to always win or just look at the PHP page that you get sent to when you win and just go there anyway). So with that said, I'm wondering if HTML5 makes multiplayer/persistent games any safer in this regard, since I know it still uses Javascript. Or am I still doomed to rely entirely on server-side scripting for doing any calculations that award the player?

Read the article

< Previous Page | 133 134 135 136 137 138 139 140 141 142 143 144 | Next Page >