Search Results

Search found 13853 results on 555 pages for 'soa security'.

Page 138/555 | < Previous Page | 134 135 136 137 138 139 140 141 142 143 144 145 | Next Page >

Start multiple instances of Firefox; Xephyr rootless mode

- by Vi

How can I have multiple independent instances of Mozilla Firefox 3.5 on the same X server, but started from different user accounts (consequently, different profiles)? Limited success was only with Xephyr :1, DISPLAY=:1 /usr/local/bin/firefox, but Xephyr has no Cygwin/X's "rootless" mode so it's not comfortable. The idea is to have one Firefox instance for various "Serious Business" things and the other for regular browsing with dozens of add-ons securely isolated.

Read the article
A Firefox "master password" feature that's friendly to guest users?

- by Josh

I use the "master password" feature of Firefox and like it for a number of reasons. It does have it's drawbacks, though: anytime I hand my laptop over to my girlfriend so she can check her email on it, she's continually confronted with the prompt to enter my master password. I have since disabled the feature and am back to square one. Is there an addon or tweak that will help?

Read the article
Ways to use ClamWin Antivirus

- by Charles Gargent

I dont use on On Access AV scanner, I just use Clamwin. My download manager invokes a scan on any files I download, and I dont share files. Apart from scheduling a system scan every week (seems an awful waste of resources) what other ways can I use Clamwin to keep your PC virus free. Ideas such as: scan files in open folders, adaptive batch scripts that scan most frequently used folders / last used folders things like that

Read the article
How Ubuntu cloud version enforces the "no root login" over ssh ?

- by Maxim Veksler

Hello, I'm looking to tweak ubuntu cloud version default setup where is denies root login. Attempting to connect to such machine yields: maxim@maxim-desktop:~/workspace/integration/deployengine$ ssh [email protected] The authenticity of host 'ec2-204-236-252-95.compute-1.amazonaws.com (204.236.252.95)' can't be established. RSA key fingerprint is 3f:96:f4:b3:b9:4b:4f:21:5f:00:38:2a:bb:41:19:1a. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'ec2-204-236-252-95.compute-1.amazonaws.com' (RSA) to the list of known hosts. Please login as the ubuntu user rather than root user. Connection to ec2-204-236-252-95.compute-1.amazonaws.com closed. I would like to know where this is setup and how I can change the printed message? Thank you, Maxim.

Read the article
How to run a service as a user who can't delete or update or create a file

- by neeraj

Mongodb is a web based console to try out Mongodb. I have created something similar to try out nodejs. In nodejs I am accepting user input and then I am performing eval on that command. Given the power of nodejs , someone from web console can create a file, delete files on the system or could execute 'rm -rf '. I was thinking will it be okay if I run node as a user called node. This user node will not have any privilege to write anything, create anything or update anything. The only access this user will have is read access. Will that work or that is too much of risk. What is a good strategy to handle such a situation?

Read the article
Pros/cons to turning off cable modem

- by Jay

A little off the wall perhaps, but ... I have a cable modem and a router for a wireless home network. Is it a good or a bad idea to turn it off at night and during the day when we're all at work or school? Or should I leave it on 24/7. I was thinking that leaving it on constantly makes me more vulnerable to hackers, not to mention wasting electricity. (Though I'd guess the amount of electricity used by a cable modem and a router is probably pretty trivial. Still, every little bit helps.) When I have turned it off and turned it on again, it takes several minutes for it to go through its little dialog with the cable company and get me connected to the Internet again, which is annoying but not a big deal. Anyone know any good reasons one way or the other?

Read the article
How safe is locking the screen?

- by D Connors

So, both windows and linux have a pretty useful feature that allows you to leave everything running on the PC while also keeping invaders away by locking the screen. My question is: Say I leave my laptop with the screen locked while I go get a donnut, and then it gets stolen. Assuming the thief has access to whatever software he needs, how easy/hard would it be for him to access my (currently logged-in) account? Now let me be clear. I'm not asking if he can access the data on the harddrive. I know he can, and that issue would go under data encryption, which is not my question here. I'm focusing on how hard would it be to get around the "Insert Password" screen, and have full access to my account. I'm looking for answers regarding both OS's; but, if needed, assume Ubuntu. Thank you.

Read the article
Allow Single IP to access ASP.NET Web Service (ASMX) using Firewall

- by Suresh Agrawal

I have one asp.net web service (asmx) in separate project that is hosted on windows server having other asp.net web applications running on it. How can I restrict asp.net web service to be accessed by single IP address? I want that my web service must be accessed by one IP configured by me. If requests comes from any other IP, it must not reach to my web service and discarded by windows firewall itself. I know that this is something to do with windows firewall. I did it for SQL Server previously, but I don't know how to configure single asp.net web service project to do so.

Read the article
Web Application Vulnerability Scanner suggestions?

- by Chris_K

I'm looking for a new tool for the ol' admin toolkit and would value some suggestions. I would like to do some "automated" testing of handful of websites for XSS (cross site scripting) vulns, along with checking for SQL injection opportunities. I realize that an automated tool approach isn't necessarily the only or best solution, but I'm hoping it would give me a nice start. The sites I need to scan cover the range in stacks from PHP / MySQL to Coldfusion, with some classic ASP and ASP.NET mixed in for good measure. What tools would you use to scan for Web application vulns? (Please note I'm focusing on the web apps directly, not the servers themselves).

Read the article
Accessing my Rails webrick behind proxy?

- by Eki Eqbal

In my mackbook, when I try to connect to my rails application in office I can't , in the office there are some http proxy , and when I run my rails like this : sudo rails s -p8080 => Booting WEBrick => Rails 3.0.5 application starting in development on http://0.0.0.0:8080 => Call with -d to detach => Ctrl-C to shutdown server [2012-03-20 12:49:34] INFO WEBrick 1.3.1 [2012-03-20 12:49:34] INFO ruby 1.8.7 (2010-01-10) [universal-darwin11.0] [2012-03-20 12:49:34] INFO WEBrick::HTTPServer#start: pid=17439 port=8080 The local IP is : en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 ether f8:1e:df:d8:8c:25 inet6 fe80::fa1e:dfff:fed8:8c25%en1 prefixlen 64 scopeid 0x5 inet 10.21.21.240 netmask 0xffffff00 broadcast 10.21.21.255 media: autoselect status: active so when I try in the browser to trigger localhost:8080 or 10.21.21.240:8080 , it seems that I can't trigger my application as for the proxy check out the following : Any Ideas ?

Read the article
Strategy to allow emergency access to colocation crew

- by itsadok

I'm setting up a server at a new colocation center half way around the world. They installed the OS for me and sent me the root password, so there's obviously a great amount of trust in them. However, I'm pretty sure I don't want them to have my root password on a regular basis. And anyway, I intend to only allow key-based login. On some cases, though, it might be useful to let their technical support log in through a physical terminal. For example, if I somehow mess up the firewall settings. Should I even bother worrying about that? Should I set up a sudoer account with a one-time password that will change if I ever use it? Is there a common strategy for handling something like this?

Read the article
Blacklisting: IP's or domains?

- by johnnietheblack

I am implementing a blacklisting system on my website that monitors contact forms for suspicious usage (both spam content and excessive frequency). When I find somebody / robot that meets my criteria for blacklisting, I want to send them to my DB as a blacklisted entity. My question is, should I blacklist them as an IP or as a domain? As far as I can see, blacklisting an IP is going to be far more effective, because I allow people to enter their email address in the form, and they can easily just change their domain on a regular basis. However, the downside is that if I blacklist an IP, I could potentially be blacklisting a large group of people who share an IP, when only one person is bad (ie - college campuses, coffee shops, etc). Is there a solution I'm missing?

Read the article
How do I protect my company from my IT guy?

- by Jesse

I'm going to hire an IT guy to help manage my office's computers and network. We're a small shop, so he'll be the only one doing IT. Of course, I'll interview carefully, check references, and run a background check. But you never know how things will work out. How do I limit my company's exposure if the guy I hire turns out to be evil? How do I avoid making him the single most powerful person in the organization?

Read the article
this operation has been canceled due to restrictions in effect on this computer

- by Dan

I have this HUGELY irritating problem on Windows 7 (x64). Whenever I click on ANY link (that exists on a Word document, excel or Outlook), I get an alert box with the message: "This operation has been canceled due to restrictions in effect on this computer" I have been scouring my settings and the internet for a solution, but to no avail. Has anybody else encounted this problem? It even happens when I click anchors in word documents i.e. I can't even click on an entry in a Table of Contents to go to the appropriate page - I get this same error then. Is this a Windows 7 thing? Anyway to turn this off?

Read the article
tacacs+ integrated with LDAP or database. Which is better?

- by chingupt

We are setting up TACACS+ in our network which is a mix of Cisco AP's and other brands. However we have a centralized managemnet system which allows our customers to configure services. Hence we would like to setup a tacacs+ server integrated with some central system. We have two options: Integrate with a central Database server which stores the user configuration. OR Integrate with a LDAP Server. Which is a better solution? Can you please suggest the pros and cons of using LDAP or Database? TIA Sachin

Read the article
What is the difference between an Audit Log and a regular Log (In the context of mod_security)?

- by Josh

I am using mod_security: http://www.modsecurity.org/documentation/modsecurity-apache/2.5.12/modsecurity2-apache-reference.pdf What is the difference between and audit log (audit trail) and a normal log? I read on wikipedia that an audit log is a log of user activity, if this is the case what would you need another log for - is it for system based issues?

Read the article
Noob proftpd questions

- by Camran

I have setup my VPS pretty much now, and want to upload some basic files to the server. How is this done in Ubuntu 9.10? I have PuTTY and use the terminal there... Is there any ftp program, like in regular managed hostings, to just upload files with? I was thinking about proftpd, but don't have a clue how to get it to work. I am using my home-laptop with windows xp to command the VPS. Thanks

Read the article
Noob proftpd questions

- by Camran

I have setup my VPS pretty much now, and want to upload some basic files to the server. How is this done in Ubuntu 9.10? I have PuTTY and use the terminal there... Is there any ftp program, like in regular managed hostings, to just upload files with? I was thinking about proftpd, but don't have a clue how to get it to work. I am using my home-laptop with windows xp to command the VPS. Thanks

Read the article
Webserver logs: "Morfeus F***ing Scanner"

- by Patrick

I've just found these accesses in my web server log files: ::ffff:218.38.136.38 109.72.95.175 - [10/Jan/2011:02:54:12 +0100] "GET /user/soapCaller.bs HTTP/1.1" 404 345 "-" "Morfeus Fucking Scanner" ::ffff:218.38.136.38 109.72.95.174 - [10/Jan/2011:02:54:12 +0100] "GET /user/soapCaller.bs HTTP/1.1" 404 345 "-" "Morfeus Fucking Scanner" Should I start to worry ? Or is it just a normal attempt to hack my server ? thanks

Read the article
about crusher in stone,building

- by sbmxuancao1221

SBM has formed a whole production chain with main products: crushing machinery, grinding machinery, and auxiliary products: vibrating screen, vibrating feeder and other associated equipments. Products cover more than 20 models of 3 major series: mill series, crushing series, and sand making series.

Read the article
Start multiple Firefoxes; Xephyr rootless mode

- by Vi

How to have multiple independent instances of Mozilla Firefox 3.5 on the same X server, but started from different user accounts (consequently, different profiles)? Limited success was only with Xephyr :1, DISPLAY=:1 /usr/local/bin/firefox, but Xephyr has no Cygwin/X's "rootless" mode so it not comfortable. The idea is to have one Firefox instance for various "Serious Business" things and the other for regular browsing with dozens of add-ons securely isolated. /* Requested tags: xephyr rootless */

Read the article
Applocker custom extension (Java, CPL, MSC etc.)

- by test1839

We have a Terminal server and want to prevent users from running inappropriate software. Previously we used Software Restriction Policies for this purpose. Now, Microsoft seems to recommend Applocker instead. However we found no possibilities to add custom extensions like JAR, CPL, MSC etc. which was possible in Software Restriction Policies. Do you know how to add custom extensions to the Applocker policies in Windows 2008? Or how can we block custom script interpreters like Perl etc.?

Read the article
What does this strange network/subnet mask mean?

- by dunxd

I'm configuring a new ASA 5505 for deployment as a VPN endpoint in a remote office. After configuring it and connecting the VPN, I get the following messages: WARNING: Pool (10.6.89.200) overlap with existing pool. ERROR: IP address,mask <10.10.0.0,93.137.70.9> doesn't pair 10.6.89.200 is the address I configured for the ASA. It has the subnet mask 255.255.255.0. The ip address 10.10.0.0 corresponds to one of our subnets, but it certainly wouldn't have a subnet mask of 93.137.70.9. That looks more like a public IP address (and resolves to an ADSL connection somewhere). I am sure if we had such a subnet configured, that it would indeed overlap with 10.6.89.200. There is no reference to 93.137.70.9 in the config of this ASA or our head office ASA. Can anyone shed light on what is going on here? The sudden appearance of a strange subnet mask is a bit alarming.

Read the article
linux/unix filesystem permissions hack/feature

- by selden

Can linux or other unix create a file that no user, including root, can modify unless they have the secret key? By "have the secret key" I mean they are using some crypto scheme. Here's a scenario if you aren't already downvoting: Bob encrypts something about file /foo (maybe inode?) using secret key K Alice tries "sudo rm /foo" and gets permission denied, so she decrypts something about file /foo using secret key K and then "sudo rm /foo" succeeds.

Read the article
XP Suddenly asking for password

- by ProfKaos

Is there any sane explanation for a client's Acer Aspire 1 netbook, running XP Home SP 2, suddenly starting to ask for a login password at boot? He has a strict policy of not using passwords, and I removed his login password weeks ago. The story is that suddenly this morning, for the first time, it is asking for a login password.

Read the article

< Previous Page | 134 135 136 137 138 139 140 141 142 143 144 145 | Next Page >