Search Results

Search found 21719 results on 869 pages for 'password security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 165/869 | < Previous Page | 161 162 163 164 165 166 167 168 169 170 171 172  | Next Page >

  • Simple imeplementation of admin/staff panel?

    - by Michael Mao
    Hi all: A new project requires a simple panel(page) for admin and staff members that : Preferably will not use SSL or any digital ceritification stuff, a simple login from via http will just be fine. has basic authentication which allows only admin to login as admin, and any staff member as of the group "staff". Ideally, the "credentials(username-hashedpassword pair)" will be stored in MySQL. is simple to configure if there is a package, or the strategy is simple to code. somewhere (PHP session?) somehow (include a script at the beginning of each page to check user group before doing anything?), it will detect any invalid user attempt to access protected page and redirect him/her to the login form. while still keeps high quality in security, something I worry about the most. Frankly I am having little knowledge about Internet security, and how modern CMS such as WordPress/Joomla do with their implementation in this. I only have one thing in my mind that I need to use a salt to hash the password (SHA1?) to make sure any hacker gets the username and password pair across the net cannot use that to log into the system. And that is what the client wants to make sure. But I really not sure where to start, any ideas? Thanks a lot in advance.

    Read the article

  • What harm can javascript do?

    - by The King
    I just happen to read the joel's blog here... So for example if you have a web page that says “What is your name?” with an edit box and then submitting that page takes you to another page that says, Hello, Elmer! (assuming the user’s name is Elmer), well, that’s a security vulnerability, because the user could type in all kinds of weird HTML and JavaScript instead of “Elmer” and their weird JavaScript could do narsty things, and now those narsty things appear to come from you, so for example they can read cookies that you put there and forward them on to Dr. Evil’s evil site. Since javascript runs on client end. All it can access or do is only on the client end. It can read informations stored in hidden fields and change them. It can read, write or manipulate cookies... But I feel, these informations are anyway available to him. (if he is smart enough to pass javascript in a textbox. So we are not empowering him with new information or providing him undue access to our server... Just curious to know whether I miss something. Can you list the things that a malicious user can do with this security hole. Edit : Thanks to all for enlightening . As kizzx2 pointed out in one of the comments... I was overlooking the fact that a JavaScript written by User A may get executed in the browser of User B under numerous circumstances, in which case it becomes a great risk.

    Read the article

  • How to do a javascript redirection to a ClickOnce deployment URL?

    - by jerem
    I have a ClickOnce application used to view some documents on a website. When connected, the user sees a list of documents as links to http://server/myapp.application?document=docname. It worked fine until I had to integrate the website authentication/security system into my application. The website uses a ticketing system to grant access to its users. A ticket is generated by a web application and needs to be added to the deployment URL querystring, then I have to check at application startup that the ticket given in querystring was right by making another request to the web application. So the deployment URL becomes something like: h ttp://server/myapp.application?document=docname&ticket=ticketnumber. The problem is the ticket is valid only 10 seconds, so I have to get it only after the user has clicked a link. My first try was to have some javascript do the request to get the ticket, generate the proper deployment URL and then redirect the user to this URL with "window.location = deploymentUrl;". It works fine in Firefox, but IE does not prompt the user for installation. I guess it is a ClickOnce security constraints, but I am able to do the redirection when doing it on localhost, so I hope there is a workaround. I have also added the server on the "trusted sites" list in IE options. Is it possible to have that working in IE? What are my other options to do that?

    Read the article

  • SecurityManager StackOverflowError

    - by Tom Brito
    Running the following code, I get a StackOverflowError at the getPackage() line. How can I grant permission just to classes inside package I want, if I can't access the getPackage() to check the package? package myPkg.security; import java.security.Permission; import javax.swing.JOptionPane; public class SimpleSecurityManager extends SecurityManager { @Override public void checkPermission(Permission perm) { Class<?>[] contextArray = getClassContext(); for (Class<?> c : contextArray) { checkPermission(perm, c); } } @Override public void checkPermission(Permission perm, Object context) { if (context instanceof Class) { Class clazz = (Class) context; Package pkg = clazz.getPackage(); // StackOverflowError String name = pkg.getName(); if (name.startsWith("java.")) { // permission granted return; } if (name.startsWith("sun.")) { // permission granted return; } if (name.startsWith("myPkg.")) { // permission granted return; } } // permission denied throw new SecurityException("Permission denied for " + context); } public static void main(String[] args) { System.setSecurityManager(new SimpleSecurityManager()); JOptionPane.showMessageDialog(null, "test"); } }

    Read the article

  • What are the most time consuming checks performed by .NET when executing a managed appplication?

    - by ltorje
    I've developed a .NET based Windows service that uses part managed (C#) and unmanaged code (C/C++ libraries). In some domain environments (e.g. Win 2k3 32bit server inside domain abc.com) sometimes the service takes more than 30 seconds to start (especially on OS restart), thus failing to start the service. I suspect that it has something to do with enterprise level security but I do not know for sure. http://msdn.microsoft.com/en-us/library/aa720255%28VS.71%29.aspx I've tried the following without success: - delay loading references by moving the using directives as far as possible from the servicebase implementation (especially the xml namespace - know to cause delays in loading) - delay loading and configuring log4net - precompiling the code by using ngen - delaying the start of the worker thread - add/remove manifest + decencies set inside - sign/unsign the binaries - use the configuration settings (there are a lot of settings and the scope level for all is set to application ) as later as possible - add all dependencies to GAC I didn't tried yet to add security demands for the class that has the Main method implemented. I didn't tries to implement my own configuration loader because after inspecting the autogenerated code, I've noticed that the setting class is a singletone and it gets its instance on call. By completely removing the log4net dependency it worked, but this is not an option. When the network card is disabled the service starts immediately. Any suggestions/comments/solution you have would be most welcomed.

    Read the article

  • How to process AJAX requests more securely in PHP?

    - by animuson
    Ok, so I want to send AJAX requests to my website from my Flash games to process data, but I don't want people downloading them, decompiling them, then sending fake requests to be processed, so I'm trying to figure out the most secure way to process in the PHP files. My first idea was to use Apache's built in Authorization module to require a username and password to access the pages on a separate subdomain of my website, but then you'd have to include that username and password in the AJAX request anyway so that seems kind of pointless to even try. My current option looks pretty promising but I want to make sure it will work. Basically it just checks the IP address being sent using REMOTE_ADDR to make sure it's the IP address that my server runs on. <? $allowed = new Array("64.120.211.89", "64.120.211.90"); if (!in_array($_SERVER['REMOTE_ADDR'], $allowed)) header("HTTP/1.1 403 Forbidden"); ?> Both of those IP addresses point to my server. Things I'm worried about: 1) If I send a request from Flash/ActionScript, will that affect the IP address in any way? 2) Is it possible for malicious users to change the IP address that is being sent with REMOTE_ADDR to one of my IP addresses? Any other ways you would suggest that might be more secure?

    Read the article

  • bin-deploying DLLs banned in leiu of GAC on shared IIS 6 servers

    - by craigmoliver
    I need to solicit feedback about a recent security policy change at an organization I work with. They have recently banned the bin-deployment of DLLs to shared IIS 6 application servers. These servers host many isolated web application pools. The new rules require all DLLs to be installed in GAC. The is a problem for me because I bin-deploy several dlls including the ASP.NET MVC Framework, HTML Agility Pack, ELMAH, and my own shared class libraries. I do this because: Eliminates web application server dependencies to the Global Assembly Cache. Allows me (the developer) to have control of what goes on inside my application. Enables the application to deployed as a "package". Removes application deployment burden from the server administrators. Now, here are my questions. From a security perspective what are the advantages to using the GAC vs. bin-deployment? Is it possible to host multiple versions of the same DLL in the GAC? Has anyone run into similar restrictions?

    Read the article

  • Flash doesn't connect to socket even though policy allows it

    - by Bart van Heukelom
    In my Flash app, I'm connecting to my server like this: Security.loadPolicyFile("xmlsocket://example.com:12860"); socket = new Socket("example.com", 12869); socket.writeByte(...); ... socket.flush(); At port 12860 I'm running a socket policy server, which (according to this document) correctly serves up my policy like this: 00000000 3c 70 6f 6c 69 63 79 2d 66 69 6c 65 2d 72 65 71 <policy- file-req 00000010 75 65 73 74 2f 3e 00 uest/>. 00000000 3c 63 72 6f 73 73 2d 64 6f 6d 61 69 6e 2d 70 6f <cross-d omain-po 00000010 6c 69 63 79 3e 3c 73 69 74 65 2d 63 6f 6e 74 72 licy><si te-contr 00000020 6f 6c 20 70 65 72 6d 69 74 74 65 64 2d 63 72 6f ol permi tted-cro 00000030 73 73 2d 64 6f 6d 61 69 6e 2d 70 6f 6c 69 63 69 ss-domai n-polici 00000040 65 73 3d 22 6d 61 73 74 65 72 2d 6f 6e 6c 79 22 es="mast er-only" 00000050 20 2f 3e 3c 61 6c 6c 6f 77 2d 61 63 63 65 73 73 /><allo w-access 00000060 2d 66 72 6f 6d 20 64 6f 6d 61 69 6e 3d 22 2a 22 -from do main="*" 00000070 20 74 6f 2d 70 6f 72 74 73 3d 22 31 32 38 36 39 to-port s="12869 00000080 22 20 2f 3e 3c 2f 63 72 6f 73 73 2d 64 6f 6d 61 " /></cr oss-doma 00000090 69 6e 2d 70 6f 6c 69 63 79 3e 00 in-polic y>. I get no security warnings, which I used to get before the policy server was in place. Still, the connection to port 12869 doesn't work. It's made (I can see with Wireshark and on the server), but no data is sent by Flash. It might be worth knowing that the SWF itself is served from example.com as well.

    Read the article

  • What are the common compliance standards for software products?

    - by Jay
    This is a very generic question about software products. I would like to know what compliance standards are applicable to any software product. I know that question gives away nothing. So, here is an example to what I am referring to. CiSecurity Security Certification/Compliance lists out products ceritified by them to be compliant to the standards published at their website, i.e, cisecurity.org. Compliance could be as simple as answering a questionnaire for your product and approved by a thirdparty like cisecurity or it could apply to your whole organization, for instance, PCI-DSS compliance. I would be very interested in knowing the standards that products you know/designed/created, comply to. To give you the context behind this question: I am the developer of a data-masking tool. The said tool helps mask onscreen html text in a banking web application using filters. So, for instance, if the bank application lists out user information with ssn, my product when integrated with the banking product, automatically identifies ssn pattern and masks it into a pre-defined format.So, I have my product marketing team wanting more buzz words like compliance to be able to sell it to more banking clients. Hence, understanding "compliances that apply to products" is a key research item for me at this point. By which I meant, security compliances. Appreciate all your help and suggestions.

    Read the article

  • Still don't understand file upload-folder permissions

    - by Camran
    I have checked out articles and tutorials. I don't know what to do about the security of my picture upload-folder. It is pictures for classifieds which should be uploaded to the folder. This is what I want: Anybody may upload images to the folder. The images will be moved to another folder, by another php-code later on (automatic). Only I may manually remove them, as well as another php file on the server which automatically empties the folder after x-days. What should I do here? The images are uploaded via a php-upload script. This script checks to see if the extension of the file is actually a valid image-file. When I try this: chmod 755 images the images wont be uploaded. But like this it works: chmod 777 images But 777 is a security risk right? Please give me detailed information... The Q is, what to do to solve this problem, not info about what permissions there are etc etc... Thanks If you need more info let me know...

    Read the article

  • How to avoid hard-coded credentials in Sharepoint webpart?

    - by Bryan
    I am building a Sharepoint web part that will be used by all users, but can only be modified by admins. The web part connects to a web service which needs credentials. I hard coded credentials in the web part's code. query.Credentials = new System.Net.NetworkCredential("username", "password", "domain"); query is an instance of the web service class This may not be a good approach. In regard with security, the source code of the web apart is available to people who are not allowed to see the credentials. In normal ASP.net applications, credentials can be written into web.config and encrypted. A web part doesn't have a .config file associated. There is a application-level .config file for the whole sharepoint site, but I don't want to modify it for a single webpart. I wonder if there is a webpart-specific way to solve the credential problem? Say we provide a WebBrowsable property of that web part so that privileged users can modify credentials. If this is desirable, how should I make the property displayed in a password ("*") rather than in plain text? Thanks.

    Read the article

  • c# Sending emails with authentication. standard approach not working

    - by Ready Cent
    I am trying to send an email using the following very standard code. However, I get the error that follow... MailMessage message = new MailMessage(); message.Sender = new MailAddress("[email protected]"); message.To.Add("[email protected]"); message.Subject = "test subject"; message.Body = "test body"; SmtpClient client = new SmtpClient(); client.Host = "mail.myhost.com"; //client.Port = 587; NetworkCredential cred = new NetworkCredential(); cred.UserName = "[email protected]"; cred.Password = "correct password"; cred.Domain = "mail.myhost.com"; client.Credentials = cred; client.UseDefaultCredentials = false; client.Send(message); Mailbox unavailable. The server response was: No such user here. This recipient email address definitely works. To make this account work I had to do some special steps in outlook. Specifically, I had to do change account settings - more settings - outgoing server - my outgoing server requires authentication & use same settings. I am wondering if there is some other strategy. I think the key here is that my host is Server Intellect and I know that some people on here use them so hopefully someone else has been able to get through this. I did talk to support but they said with coding issues I am on my own :o

    Read the article

  • Dangers when deploying Flash/Flex UI test automation hooks to production?

    - by Merlyn Morgan-Graham
    I am interested in doing automated testing against a Flex based UI. I have found out that my best options for UI automation (due to being C# controllable, good licensing conditions, etc) all seem to require that I compile test hooks into my application. Because of this, I am thinking of recommending that these hooks be compiled into our build. I have found a few places on the net that recommend not deploying bits with this instrumentation enabled, and I'd like to know why. Is it a performance drain, or a security risk? If it is a security risk, can you explain how the attack surface is increased? I am not a Flash or Flex developer, though I have some experience with threat modeling. For reference, here's the tools I'm specifically considering: QTP Selenium-Flex API I am having problems finding all the warnings/suggestions I found last night, but here's an example that I can find: http://www.riatest.com/products/getting-started.html Warning! Automation enabled applications expose all properties of all GUI components. This makes them vulnerable to malicious use. Never make automation enabled application publicly available. Always restrict access to such applications and to RIATest Loader to trusted users only. Related question (how to do conditional compilation to insert/remove those hooks): Conditionally including Flex libraries (SWCs) in mxmlc/compc ant tasks

    Read the article

  • Is encrypting session id (or other authenticate value) in cookie useful at all?

    - by Ji
    In web development, when session state is enabled, a session id is stored in cookie(in cookieless mode, query string will be used instead). In asp.net, the session id is encrypted automatically. There are plenty of topics on the internet regarding how you should encrypt your cookie, including session id. I can understand why you want to encrypt private info such as DOB, but any private info should not be stored in cookie at first place. So for other cookie values such as session id, what is the purpose encryption? Does it add security at all? no matter how you secure it, it will be sent back to server for decryption. Be be more specific, For authentication purpose, turn off session, i don't want to deal with session time out any more store some sort of id value in the cookie, on the server side, check if the id value exists and matches, if it is, authenticate user. let the cookie value expire when browser session is ended, this way. vs Asp.net form authentication mechanism (it relies on session or session id, i think) does latter one offer better security?

    Read the article

  • What are some arguments to support the position that the Dojo JavasScript library is secure, accessi

    - by LES2
    We have developed a small web application for a client. We decided on the Dojo framework to develop the app (requirements included were full i18n and a11y). Originally, the web app we developed was to be a "prototype", but we made the prototype production quality anyway, just in case. It turns out that the app we developed (or a variant of it) is going to production (many months hence), but it's so awesome that the enterprise architecture group is a little afraid. 508c compliant is a concern, as is security for this group. I now need to justify the use of Dojo to this architecture group, explicitly making the case that Dojo does not pose a security risk and that Dojo will not hurt accessibility (and that Dojo is there to help meet core requirements). Note: the web app currently requires JavaScript to be turned on and a stylesheet to work. We use a relatively minor subset of Dojo: of course, dojo core, and dijit.form.Form, ValidationTextBox and a few others. We do use dojox.grid.DataGrid (but no drag N drop or editable cells, which are not fully a11y). I have done some research of my own, of course, but I any information or advice you have would be most helpful. Regards, LES2

    Read the article

  • How to design authentication in a thick client, to be fail safe?

    - by Jay
    Here's a use case: I have a desktop application (built using Eclipse RCP) which on start, pops open a dialog box with 'UserName' and 'Password' fields in it. Once the end user, inputs his UserName and Password, a server is contacted (a spring remote-servlet, with the client side being a spring httpclient: similar to the approaches here.), and authentication is performed on the server side. A few questions related to the above mentioned scenario: If said this authentication service were to go down, what would be the best way to handle further proceedings? Authentication is something that I cannot do away with. Would running the desktop client in a "limited" mode be a good idea? For instance, important features/menus/views will be disabled, rest of the application will be accessible? Should I have a back up authentication service running on a different machine, working as a backup? What are the general best-practices in this scenario? I remember reading about google gears and how it would let you edit and do stuff offline - should something like this be designed? Please let me know your design/architectural comments/suggestions. Appreciate your help.

    Read the article

  • PHP shell_exec() - Run directly, or perform a cron (bash/php) and include MySQL layer?

    - by Jimbo
    Sorry if the title is vague - I wasn't quite sure how to word it! What I'm Doing I'm running a Linux command to output data into a variable, parse the data, and output it as an array. Array values will be displayed on a page using PHP, and this PHP page output is requested via AJAX every 10 seconds so, in effect, the data will be retrieved and displayed/updated every 10 seconds. There could be as many as 10,000 characters being parsed on every request, although this is usually much lower. Alternative Idea I want to know if there is a better* alternative method of retrieving this data every 10 seconds, as multiple users (<10) will be having this command executed automatically for them. A cronjob running on the server could execute either bash or php (which is faster?) to grab the data and store it in a MySQL database. Then, any AJAX calls to the PHP output would return values in the MySQL database rather than making a direct call to execute server code every 10 seconds. Why? I know there are security concerns with running execs directly from PHP, and (I hope this isn't micro-optimisation) I'm worried about CPU usage on the server. The server is running a sempron processor. Yes, they do still exist. Having this only execute when the user is on the page (idea #1) means that the server isn't running code that doesn't need to be run. However, is this slow and insecure? Just in case the type of linux command may be of assistance in determining it's efficiency: shell_exec("transmission-remote $host:$port --auth $username:$password -l"); I'm hoping that there are differences in efficiency and level of security with the two methods I have outlined above, and that this isn't just micro-micro-optimisation. If there are alternative methods that are better*, I'd love to learn about these! :)

    Read the article

  • Replacing mysql user authentication with openid

    - by David
    So, I'm working with a really old system which uses a person's mysql database credentials to authenticate to a web site (the database was originally only accessed from the command line, but is now accessed from a php frontend). Because of some internal reasons (and to preserve the user's history), I have to leave the old authentication intact. I've been charged with adding openid authentication to this system. Somehow I need to be able to retrieve a users mysql username and password upon logging into the site through openid (using the Zend framework, by the way). I've thought of simply requiring registration at the first login, where the user must provide their mysql credentials, but I'd rather not store the password plain text. I've also considered blanking everyone's mysql passwords, and just setting the user's mysql username manually (rather than having the user provide this, since they could provide any username). This is turning into a security nightmare. Does anyone have any suggestions for alternatives? This is running on a Linux server, by the way. Also, I can't use mysql pluggable authentication because the mysql version is 5.0 (pluggable authentication requires mysql 5.5), and no, I can't update it.

    Read the article

  • Why doesn't the highlighted part of the JavaScript work?

    - by Dor Cohen
    Why isn't the 'confirm password and password the same' part working? Meaning, the part that uses the 'getElementById' to adress the password and confirmpassword. Every part works but that particular part. It doesn't show a red box around the text fields. Can anyone help me? <html> <head> </head> <script> function submitinfo() { var firstname = document.getElementById("firstname").value; var lastname = document.getElementById("lastname").value; var username = document.getElementById("username").value; var password = document.getElementById("password").value; var confirmpassword = document.getElementById("confirmpassword").value; var email = document.getElementById("email").value; if(firstname !== "" && document.getElementById("firstname").style.borderColor == "red")     {     document.getElementById("firstname").style.border = "none"     } if(lastname !== "" && document.getElementById("lastname").style.borderColor == "red") { document.getElementById("lastname").style.border = "none" } if(username !== "" && document.getElementById("username").style.borderColor == "red") { document.getElementById("username").style.border = "none" } if(password !== "" && document.getElementById("password").style.borderColor == "red") { document.getElementById("password").style.border = "none" } if(confirmpassword !== "" && document.getElementById("confirmpassword").style.borderColor == "red") { document.getElementById("confirmpassword").style.border = "none" } if(email !== "" && document.getElementById("email").style.borderColor == "red") { document.getElementById("email").style.border = "none" } if(firstname == "") { document.getElementById("firstname").style.borderColor = "red"; document.getElementById("firstname").style.borderStyle = "solid"; } if(lastname == "") { document.getElementById("lastname").style.borderColor = "red"; document.getElementById("lastname").style.borderStyle = "solid"; } if(username == "") { document.getElementById("username").style.borderColor = "red"; document.getElementById("username").style.borderStyle = "solid"; } if(password == "") { document.getElementById("password").style.borderColor = "red"; document.getElementById("password").style.borderStyle = "solid"; } if(confirmpassword == "") { document.getElementById("confirmpassword").style.borderColor = "red"; document.getElementById("confirmpassword").style.borderStyle = "solid"; } if(email == "") { document.getElementById("email").style.borderColor = "red"; document.getElementById("email").style.borderStyle = "solid"; } if(password !== "" && confirmpassword !== "" && document.getElementById("password").style.border == "none" && document.getElementById("confirmpassword").style.border == "none" && password !== confirmpassword) { document.getElementById("password").style.border = "red"; document.getElementById("confirmpassword").style.border = "red"; } if(firstname && lastname && username && password && confirmpassword && email !== "") { window.open() } } </script> <h><font size=4 color=3BCCBE><b>Full Name</b></font><h/> <br> <input type="text" id="firstname" size="15px" placeholder="First"> <input type="text" id="lastname" size="15px" placeholder="Last"> <br> <br> <br> <br> <h><font size=4 color=3BCCBE><b>Choose your username</b></font></h> <br> <input type="text" id="username" size="37px"> <br> <p><font size=3 color="grey">atleast 6 characters long</font></p> <br> <h><font size=4 color=3BCCBE><b>Create a password</b></font></h> <br> <input type="password" id="password" size="37px"> <br> <br> <br> <br> <h><font size=4 color=3BCCBE><b>Confirm your password</b></font><h/> <br> <input type="password" id="confirmpassword" size="37px"> <br> <br> <br> <br> <h><font size=4 color=3BCCBE><b>Email address</b></font><h/> <br> <input type="text" id="email" size="37px"> <br> <br> <br> <br> <input type="button" value="Submit" onclick="submitinfo()" style="height:50px; width:85px; font-size:22px;> <br> </body> </html>

    Read the article

  • Indian government department have more unsecure website then others.

    - by Anirudha
    Originally posted on: http://geekswithblogs.net/anirugu/archive/2013/10/26/indian-government-department-have-more-unsecure-website-then-others.aspxOne of my friend share his college experience with me. He is not related with computer science. One day he told me that Ankia Fadia come to their college. In front of many student he show how to hack BSNL website by tricks. he break the flow how BSNL site work. I have told them BSNL is one of the most unsecure website of India   If you logged-in to website maybe it’s run in few seconds but sometime it run in 58 minute. OK this is not grammar mistake 58 minute is less then 1 hour. This means open a tab and put the link to open. it will open in hours. If you are using IE8, Chrome and Firefox you will be forced to use IE7 or downgrade. I simply use Ie7 mode in IE for make it work. This happen because they use something that is called DynaTrace. This site is most unsecure. now guess how !   Suppose my username is xyz and password is abc. How I can reset the password I simply go to website and in their site when I do reset my password he told me to fill password and password will not worked here.you can use here password here to reset my password. Remember that username are different then broadband username and password. Suppose if I want to reset your password I simply need to know your broadband username and I can reset it myself. I just logged in with my username and when I open the page for reset password I can fill your bb username and password will work here. I have not tried this. the broadband username can easily guess. this is depend on same way how people’s broandband username made. IS this Safe ? Nope, There are many thing on the site which make me feel that is 1900 century website. They still lived in popup life.  These site are nothing but a crap. not work most of time and when work it’s run too slowly.

    Read the article

  • I am receiving a message saying I have duplicate sources but I can't seem to find a duplicate of the line described, any ideas?

    - by David Griffiths
    I receive this meassage when I run sudo apt-get update in the terminal:- Duplicate sources.list entry http://archive.canonical.com/ubuntu/ precise/partner i386 Packages (/var/lib/apt/lists/archive.canonical.com_ubuntu_dists_precise_partner_binary-i386_Packages) So i ran the command gksu gedit /etc/apt/sources.list and checked the source to find there was no duplicate, not that I can see anyway. Here is the source:- # deb cdrom:[Ubuntu 12.04 LTS _Precise Pangolin_ - Release i386 (20120423)]/ precise main restricted deb-src http://archive.ubuntu.com/ubuntu precise main restricted #Added by software-properties # See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to # newer versions of the distribution. deb http://gb.archive.ubuntu.com/ubuntu/ precise main restricted deb-src http://gb.archive.ubuntu.com/ubuntu/ precise restricted main multiverse universe #Added by software-properties ## Major bug fix updates produced after the final release of the ## distribution. deb http://gb.archive.ubuntu.com/ubuntu/ precise-updates main restricted deb-src http://gb.archive.ubuntu.com/ubuntu/ precise-updates restricted main multiverse universe #Added by software-properties ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu ## team. Also, please note that software in universe WILL NOT receive any ## review or updates from the Ubuntu security team. deb http://gb.archive.ubuntu.com/ubuntu/ precise universe deb http://gb.archive.ubuntu.com/ubuntu/ precise-updates universe ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu ## team, and may not be under a free licence. Please satisfy yourself as to ## your rights to use the software. Also, please note that software in ## multiverse WILL NOT receive any review or updates from the Ubuntu ## security team. deb http://gb.archive.ubuntu.com/ubuntu/ precise multiverse deb http://gb.archive.ubuntu.com/ubuntu/ precise-updates multiverse ## N.B. software from this repository may not have been tested as ## extensively as that contained in the main release, although it includes ## newer versions of some applications which may provide useful features. ## Also, please note that software in backports WILL NOT receive any review ## or updates from the Ubuntu security team. deb http://gb.archive.ubuntu.com/ubuntu/ precise-backports main restricted universe multiverse deb-src http://gb.archive.ubuntu.com/ubuntu/ precise-backports main restricted universe multiverse #Added by software-properties deb http://security.ubuntu.com/ubuntu precise-security main restricted deb-src http://security.ubuntu.com/ubuntu precise-security restricted main multiverse universe #Added by software-properties deb http://security.ubuntu.com/ubuntu precise-security universe deb http://security.ubuntu.com/ubuntu precise-security multiverse ## Uncomment the following two lines to add software from Canonical's ## 'partner' repository. ## This software is not part of Ubuntu, but is offered by Canonical and the ## respective vendors as a service to Ubuntu users. deb http://archive.canonical.com/ubuntu precise partner # deb-src http://archive.canonical.com/ubuntu precise partner ## Uncomment the following two lines to add software from Ubuntu's ## 'extras' repository. ## This software is not part of Ubuntu, but is offered by third-party ## developers who want to ship their latest software. # deb http://extras.ubuntu.com/ubuntu precise main # deb-src http://extras.ubuntu.com/ubuntu precise main deb http://repository.spotify.com stable non-free I can see there are two lines of deb http://archive.canonical.com/ubuntu precise partner but one has #deb-src at the beginning of it. Hashed out no? I'm quite new to linux OS and have little to none sourced editing skills so any help would be most appreciated. Thank you:)

    Read the article

  • Public EC Meeting Today at 15:00; new WebEx password

    - by Heather VanCura
    Update:  Public EC Meeting is today at 15:00 PST; note new WebEx meeting password is 12345; login from https://jcp.webex.com. Audio remains the same: +1 (866) 682-4770 (US) Conference code: 627-9803 Security code: 52732 ("JCPEC" on your phone handset) For global access numbers see http://www.intercall.com/oracle/access_numbers.htm Or +1 (408) 774-4073

    Read the article

  • How can I permanently save a password-protected SSH key?

    - by pl1nk
    I am using Awesome Window Manager How can I permanently add private keys with password? Inspired by the answer here I have added the private keys in ~/.ssh/config Contents of ~/.ssh/config: IdentityFile 'private key full path' Permissions of ~/.ssh/config: 0700 But it doesn't work for me. If I manually add the key in every session, it works but I'm looking for a more elegant way (not in .bashrc)

    Read the article

  • passwordless ssh not working

    - by kuurious
    I've tried to setup a password-less ssh b/w A to B and B to A as well. Generated the public and private key using ssh-keygen -trsa on both the machines. Used the ssh-copy-id utility to copy the public-keys from A to B as well as B to A. The passwordless ssh works from A to B but not from B to A. I've checked the permissions of the ~/ssh/ folder and seems to be normal. A's .ssh folder permissions: -rw------- 1 root root 13530 2011-07-26 23:00 known_hosts -rw------- 1 root root 403 2011-07-27 00:35 id_rsa.pub -rw------- 1 root root 1675 2011-07-27 00:35 id_rsa -rw------- 1 root root 799 2011-07-27 00:37 authorized_keys drwxrwx--- 70 root root 4096 2011-07-27 00:37 .. drwx------ 2 root root 4096 2011-07-27 00:38 . B's .ssh folder permissions: -rw------- 1 root root 884 2011-07-07 13:15 known_hosts -rw-r--r-- 1 root root 396 2011-07-27 00:15 id_rsa.pub -rw------- 1 root root 1675 2011-07-27 00:15 id_rsa -rw------- 1 root root 2545 2011-07-27 00:36 authorized_keys drwxr-xr-x 8 root root 4096 2011-07-06 19:44 .. drwx------ 2 root root 4096 2011-07-27 00:15 . A is an ubuntu 10.04 (OpenSSH_5.3p1 Debian-3ubuntu4, OpenSSL 0.9.8k 25 Mar 2009) B is a debian machine (OpenSSH_5.1p1 Debian-5, OpenSSL 0.9.8g 19 Oct 2007) From A: #ssh B works fine. From B: #ssh -vvv A ... ... debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /root/.ssh/identity ((nil)) debug2: key: /root/.ssh/id_rsa (0x7f1581f23a50) debug2: key: /root/.ssh/id_dsa ((nil)) debug3: Wrote 64 bytes for a total of 1127 debug1: Authentications that can continue: publickey,password debug3: start over, passed a different list publickey,password debug3: preferred gssapi-keyex,gssapi-with-mic,gssapi,publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Trying private key: /root/.ssh/identity debug3: no such identity: /root/.ssh/identity debug1: Offering public key: /root/.ssh/id_rsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug3: Wrote 368 bytes for a total of 1495 debug1: Authentications that can continue: publickey,password debug1: Trying private key: /root/.ssh/id_dsa debug3: no such identity: /root/.ssh/id_dsa debug2: we did not send a packet, disable method debug3: authmethod_lookup password debug3: remaining preferred: ,password debug3: authmethod_is_enabled password debug1: Next authentication method: password [email protected]'s password: Which essentially means it's not authenticating using the file /root/id_rsa. I ran the ssh-add command in both the machines as well. The authentication part of /etc/ssh/sshd_config file is # Authentication: LoginGraceTime 120 PermitRootLogin yes StrictModes yes RSAAuthentication yes PubkeyAuthentication yes #AuthorizedKeysFile %h/.ssh/authorized_keys # Don't read the user's ~/.rhosts and ~/.shosts files I'm running out of ideas. Any help would be appreciated.

    Read the article

  • Does not documenting code result in job security? [closed]

    - by Barry Brown
    Possible Duplicate: Should you write good documentation and clean code to increase the “Bus Factor”? I often ask young programmers why they are not documenting their code. Their responses, perhaps jokingly, frequently include "job security." I hear this from experienced professionals, too. And not just in programming; network engineers and system administrators widely subscribe to this belief. Can you really ensure job security by holding the details of your work in your head rather than on paper (or in files)? What's your experience?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 161 162 163 164 165 166 167 168 169 170 171 172  | Next Page >