Search Results

Search found 22139 results on 886 pages for 'security testing'.

Page 165/886 | < Previous Page | 161 162 163 164 165 166 167 168 169 170 171 172  | Next Page >

  • Local Password Management

    - by ultimazombie88
    In our office (and I am sure many others) we access various websites and tend to share one account with our team. For example, we share credentials to Ebay and change them every few weeks to maintain some sense of security. However, we know this does not allow for any type of accountability for major changes. After some discussion we want to try to manage how we distribute credentials for sites that may not offer child accounts. Is there any smart and safe way to do this? If so how do you do it?

    Read the article

  • How quickly do I need to complete the installation of Windows updates once they're available?

    - by DragonLord
    I know that Microsoft publishes most updates on the second Tuesday of each month. While I understand that it is important to install security updates as soon as possible, do I place my computer at a significant risk if I wait more than a few hours after the updates are available to install the updates and restart the computer to complete installation? I'm asking because 1) I can't always restart the computer immediately after the system prompts me to do so; and 2) the download process sometimes has to be manually started late in the day when I remember, much later than when they're released at 01:00 PM EST/EDT, because Windows Update only seems to check automatically once per day and does so as soon as I connect to the Internet. Ideally, answers should be detailed and objective, with citations to references as appropriate.

    Read the article

  • October 2012 Critical Patch Update and Critical Patch Update for Java SE Released

    - by Eric P. Maurice
    Hi, this is Eric Maurice. Oracle has just released the October 2012 Critical Patch Update and the October 2012 Critical Patch Update for Java SE.  As a reminder, the release of security patches for Java SE continues to be on a different schedule than for other Oracle products due to commitments made to customers prior to the Oracle acquisition of Sun Microsystems.  We do however expect to ultimately bring Java SE in line with the regular Critical Patch Update schedule, thus increasing the frequency of scheduled security releases for Java SE to 4 times a year (as opposed to the current 3 yearly releases).  The schedules for the “normal” Critical Patch Update and the Critical Patch Update for Java SE are posted online on the Critical Patch Updates and Security Alerts page. The October 2012 Critical Patch Update provides a total of 109 new security fixes across a number of product families including: Oracle Database Server, Oracle Fusion Middleware, Oracle E-Business Suite, Supply Chain Products Suite, Oracle PeopleSoft Enterprise, Oracle Customer Relationship Management (CRM), Oracle Industry Applications, Oracle FLEXCUBE, Oracle Sun products suite, Oracle Linux and Virtualization, and Oracle MySQL. Out of these 109 new vulnerabilities, 5 affect Oracle Database Server.  The most severe of these Database vulnerabilities has received a CVSS Base Score of 10.0 on Windows platforms and 7.5 on Linux and Unix platforms.  This vulnerability (CVE-2012-3137) is related to the “Cryptographic flaws in Oracle Database authentication protocol” disclosed at the Ekoparty Conference.  Because of timing considerations (proximity to the release date of the October 2012 Critical Patch Update) and the need to extensively test the fixes for this vulnerability to ensure compatibility across the products stack, the fixes for this vulnerability were not released through a Security Alert, but instead mitigation instructions were provided prior to the release of the fixes in this Critical Patch Update in My Oracle Support Note 1492721.1.  Because of the severity of these vulnerabilities, Oracle recommends that this Critical Patch Update be installed as soon as possible. Another 26 vulnerabilities fixed in this Critical Patch Update affect Oracle Fusion Middleware.  The most severe of these Fusion Middleware vulnerabilities has received a CVSS Base Score of 10.0; it affects Oracle JRockit and is related to Java vulnerabilities fixed in the Critical Patch Update for Java SE.  The Oracle Sun products suite gets 18 new security fixes with this Critical Patch Update.  Note also that Oracle MySQL has received 14 new security fixes; the most severe of these MySQL vulnerabilities has received a CVSS Base Score of 9.0. Today’s Critical Patch Update for Java SE provides 30 new security fixes.  The most severe CVSS Base Score for these Java SE vulnerabilities is 10.0 and this score affects 10 vulnerabilities.  As usual, Oracle reports the most severe CVSS Base Score, and these CVSS 10.0s assume that the user running a Java Applet or Java Web Start application has administrator privileges (as is typical on Windows XP). However, when the user does not run with administrator privileges (as is typical on Solaris and Linux), the corresponding CVSS impact scores for Confidentiality, Integrity, and Availability are "Partial" instead of "Complete", typically lowering the CVSS Base Score to 7.5 denoting that the compromise does not extend to the underlying Operating System.  Also, as is typical in the Critical Patch Update for Java SE, most of the vulnerabilities affect Java and Java FX client deployments only.  Only 2 of the Java SE vulnerabilities fixed in this Critical Patch Update affect client and server deployments of Java SE, and only one affects server deployments of JSSE.  This reflects the fact that Java running on servers operate in a more secure and controlled environment.  As discussed during a number of sessions at JavaOne, Oracle is considering security enhancements for Java in desktop and browser environments.  Finally, note that the Critical Patch Update for Java SE is cumulative, in other words it includes all previously released security fixes, including the fix provided through Security Alert CVE-2012-4681, which was released on August 30, 2012. For More Information: The October 2012 Critical Patch Update advisory is located at http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html The October 2012 Critical Patch Update for Java SE advisory is located at http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html.  An online video about the importance of keeping up with Java releases and the use of the Java auto update is located at http://medianetwork.oracle.com/video/player/1218969104001 More information about Oracle Software Security Assurance is located at http://www.oracle.com/us/support/assurance/index.html  

    Read the article

  • Can /etc/hosts.deny/allow be overridden?

    - by Tar
    I have security measures put in place to keep unwanted users out of my server. I've changed the SSH port, disabled root login, have a software firewall to block portscans, and have entries in hosts.deny and hosts.allow. I have various services denied to all but another server of mine should my IP change, and two other administrators + my own IP address. My question is, can hosts.deny/allow configuration be overridden so that they can gain access to my server? Does using chroot jail for running things like an IRC server and Teamspeak server prevent people from gaining access to my server and screwing with it?

    Read the article

  • Is email encryption practical enough?

    - by Dimitri C.
    All emails I have ever sent were sent as plain text. Like postcards, everybody on the way to the addressee could easily read and store them. This worries me. I know privacy is something of the past, but encrypting email is possible, at least in theory. However, I wonder whether it is practical enough. Is there anybody who has experience with email security? Is it easy to set up? And can you still send and receive email from all you friends and acquaintances?

    Read the article

  • XML Schema For MBSA Reports

    - by Steve Hawkins
    I'm in the process of creating a script to run the command line version of Microsoft Baseline Security Analyzer (mbsacli.exe) against all of our servers. Since the MBSA reports are provided as XML documents, I should be able to write a script or small program to parse the XML looking for errors / issues. I'm wondering if anyone knows whether or not the XML schema for the MBSA reports is documented anywhere -- I have goggled this, and cant seem to find any trace of it. I've run across a few articles that address bits and pieces, but nothing that addresses the complete schema. Yes, I could just reverse engineer the XML, but I would like to understand a little more about the meaning of some of the tags. Thanks...

    Read the article

  • screensavergraceperiod not working

    - by Ralf
    Good Morning, in windows XP there is a registry setting called ScreenSaverGracePeriod which lets you set a time period between the activation of the screensaver and locking of the screen. As as result, as soon as you see the screensaver beeing activated, you have X seconds to press a key or move the mouse in order to avoid having to log in again. Unfortunately, this setting isn't working on my machine. I tried everything I could find on the net (setting the period as stirng or number), but it still does not work. Could it be that some kind of security suite (Symantec) or anything else is blocking this feature? Cheers, Ralf

    Read the article

  • What compatibility trade-offs do we need to make in order to use a hardened SSL config for Nginx?

    - by nathan.f77
    I found some hardened SSL settings in github.com/ioerror/duraconf. Here is the header from the config: This is an example of a high security, somewhat compatible SSLv3 and TLSv1 enabled HTTPS proxy server. The server only allows modes that provide perfect forward secrecy; no other modes are offered. Anonymous cipher modes are disabled. This configuation does not include the HSTS header to ensure that users do not accidentally connect to an insecure HTTP service after their first visit. It only supports strong ciphers in PFS mode: ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; # Only strong ciphers in PFS mode ssl_ciphers ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA; ssl_protocols SSLv3 TLSv1; If we were to use these settings on our website, what does "somewhat compatible" mean? For example, would IE6 still be able to connect?

    Read the article

  • Why are Linux-based operating systems considered safer than Windows?

    - by echoblaze
    I hear that Linux-based systems are better for security. Apparently they don't have viruses and do not need antivirus software. Even my university claims this - they refuse to have Windows on their servers, which is a real shame because we wanted to use the .NET framework to create some websites. The only reason I can see Linux being safer is because it's open-source, so bugs theoretically would get caught and fixed sooner. I know a bit about how operating systems work, but haven't really delved into how Linux and Windows implement their OS. Can someone explain the difference that makes Linux-based systems more secure?

    Read the article

  • IOUG Webcast Series on Identity Management

    - by Tanu Sood
    Identity Management for Business Empowerment Identity Management has gone from the realm of IT tools to being a business solution. Security and Identity Management offer confidence in doing secure and compliant business. But more than that, Identity Management today contributes to business growth with secure social, cloud, mobile and internal & external ecosystem enablement. Cloud computing has heightened the interest in user access security, mobile computing brings access to information beyond the enterprise and a bring your own device culture in-house, social media has added a new dimension to user identity and increasing security compliance pressure has made organizations rethink their roles and entitlements strategy. To discuss the industry trends, maturity and framework for security, compliance and business empowerment with identity management, Oracle is proud to collaborate with IOUG to launch a series of live webcasts. Covering a span of topics from identity platform to entitlements managements, privilege access management and cloud, mobile and social security, these webcasts will provide direct access to subject matter experts and technology specialists. Hear first-hand about best practices, a pragmatic approach to security implementation, customer success stories and more. Register today for the individual webcasts or the series. And just a reminder that the conversation starts at COLLABORATE 12 in Las Vegas from April 22nd – 26th. In addition to our conference sessions, as an added value this year, we are offering a half-day deep dive session on Oracle Identity Management: Building a Security and Compliance Framework for Oracle Systems. The session is scheduled for Sunday, April 22nd from 9 am to 3 pm and will cover relevant topics such as: • A Primer on Identity Management • Security and Compliance with Oracle Identity Management • Security for Oracle Applications, Fusion Applications• Managing Identities in The Cloud and Mobile World • Best Practices: Building an Identity Roadmap and Getting Started To get a head start on your compliance and security program, pre-register for this session today.

    Read the article

  • Request bursting from web application Load Tests

    - by MaseBase
    I'm migrating our web and database hosting to a new environment on all new machines. I've recently performed a Load Test using WAPT to generate load from multiple distributed clients. The server has plenty of room to handle the traffic load, but I'm seeing an odd pattern of incoming traffic during the load tests. Here is the gist of our setup: Firewall server running MS Forefront TMG 2010 on Win 2k8 server Request routing done by IIS Application Request Routing on firewall machine Web server is a Hyper-V VM on the Database server (which is the host OS) These machines are hefty with dual-CPU's with six cores (12 total procs) Web server running IIS 7.5 Web applications built in ASP.NET 2.0, with 1 ISAPI filter (Url Rewrite) in front What I'm seeing during the load tests is that the requests all come through in bursts. Even though I have 7 different distributed clients sending traffic loads, the requests come through about 300-500 requests at a time. The performance monitor shows nearly all of the counters moving through this pattern, where a burst of requests comes in the req/sec jumps to 70, the queued requests jumps to 500, the current requests jumps up, the CPU jumps up, everything. Then once it's handled that group of requests, it has a lull for nearly 10 seconds where nearly nothing is happening. 0-5 req/sec, 0 queued requests, minimal CPU usage. Then after 10 seconds of inactivity, another burst comes through, spiking all of the counters once again. What I can't figure out is why the requests are coming through in bursts when I know that the load being generated is not sent that way, especially considering the various load-generating clients sending traffic all in different intervals with random think time's between each request. Is there something in the layers between Hyper-V or perhaps in the hardware which might cause this coalesce of requests together? Here is what i'm looking at, the highlighted metric is Requests/sec, but the others critical counter go with it: Requests Queued (which I'd obviously like to keep as close to 0 as possible). Any ideas on this?

    Read the article

  • Oracle buys Secerno

    - by Paulo Folgado
    Adds Heterogeneous Database Firewall to Oracle's Industry-leading Database Security SolutionsRedwood Shores, CA - May 20, 2010News FactsOracle has agreed to acquire Secerno, a provider of database firewall solutions for Oracle and non-Oracle databases.Organizations require a comprehensive security solution which includes database firewall functionality to prevent sophisticated attacks from reaching databases.Secerno's solution adds a critical defensive layer of security around databases, which blocks unauthorized activity in real-time.Secerno's products are expected to augment Oracle's industry-leading portfolio of database security solutions, including Oracle Advanced Security, Oracle Database Vault and Oracle Audit Vault to further ensure data privacy, protect against threats, and enable regulatory compliance.The combination of Oracle and Secerno underscores Oracle's commitment to provide customers with the most comprehensive and advanced security offering that helps reduce the costs and complexity of securing their information throughout the enterprise.The transaction is expected to close before end of June 2010. Financial details of the transaction were not disclosed.Supporting Quote:"The Secerno acquisition is in direct response to increasing customer challenges around mitigating database security risk," said Andrew Mendelsohn, senior vice president, Oracle Database Server Technologies. "Secerno's database firewall product acts as a first line of defense against external threats and unauthorized internal access with a protective perimeter around Oracle and non-Oracle databases. Together, Oracle's complete set of database security solutions and Secerno's technology will provide customers with the ability to safeguard their critical business information.""As a provider of database firewall solutions that help customers safeguard their enterprise databases, Secerno is a natural addition to Oracle's industry-leading database security solutions," said Steve Hurn, CEO Secerno. "Secerno has been providing enterprises and their IT Security departments strong assurance that their databases are protected from attacks and breaches. We are excited to bring Secerno's domain expertise to Oracle, and ensure continuity and success for our current customers, partners and prospects."Support Resources:About Oracle and SecernoGeneral PresentationFAQCustomer LetterPartner Letter

    Read the article

  • If sudo is broken, what should be used instead?

    - by ivant
    I found the following answer to a FAQ question about a security problem in Oprofile: This "problem" only occurs if you actively, and mistakenly, configure access to OProfile via sudo. OProfile uses shell scripts which have not been audited (nor is it likely to happen) for use through the broken sudo facility (anything that lets you alter root's path arbitrarily counts as horribly broken). Do not use sudo! As I see it, the author of the answer suggests that sudo is broken, so that it should not be used not only with oprofile, but for other purposes as well. Are there better alternatives to sudo in Linux?

    Read the article

  • Mysterious login attempts to windows server

    - by Jim Balo
    I have a Windows 2008R2 server that is reporting failed login attempts from a number of workstations on our network. Some event log details: Event ID 4625, Status: 0xc000006d, Sub Status: 0xc0000064 Security ID: NULL SID, Account Name: joedoe, Account Domain: Acme Workstation Name: WINXP1, Source Network Address: 192.168.1.23, Source Port: 1904 Logon Process: NtLmSsp, Authentication Package: NTLM, Logon Type: 3 (network) I believe this is coming from some netbios service or similar (maybe the file explorer), keeping an inventory of its network neighborhood and also trying to authenticate. Is there a way to turn this off without having to turn off file sharing all together? In other words, clients authenticating against file servers that they use is of course no problem, but I want to eliminate clients trying to authenticate to servers that they are not using and have no business with. The above example is only one of thousands of log alerts for similar failed network authentications. What can I do to clean this up / handle this? Thanks.

    Read the article

  • sudo apt-get update does not work for 12.10

    - by Brian Hawi
    hey i recently installed ubuntu 12.10 but the software center does not work i tried the sudo apt-get update because that worked when i was using ubuntu 11.04.... these are the errors hawi@hawi-HP-G62-Notebook-PC:~$ sudo apt-get update [sudo] password for hawi: Err http:ke.archive.ubuntu.com quantal InRelease Err http:ke.archive.ubuntu.com quantal-updates InRelease Err http:ke.archive.ubuntu.com quantal-backports InRelease Err http:ke.archive.ubuntu.com quantal Release.gpg Unable to connect to ke.archive.ubuntu.com:http: Err http:ke.archive.ubuntu.com quantal-updates Release.gpg Unable to connect to ke.archive.ubuntu.com:http: Err http:ke.archive.ubuntu.com quantal-backports Release.gpg Unable to connect to ke.archive.ubuntu.com:http: Err http:security.ubuntu.com quantal-security InRelease Err http:security.ubuntu.com quantal-security Release.gpg Unable to connect to security.ubuntu.com:http: [IP: 91.189.92.190 80] Err http:extras.ubuntu.com quantal InRelease Err http:extras.ubuntu.com quantal Release.gpg Unable to connect to extras.ubuntu.com:http: Reading package lists... Done W: Failed to fetch http:ke.archive.ubuntu.com/ubuntu/dists/quantal/InRelease W: Failed to fetch http:ke.archive.ubuntu.com/ubuntu/dists/quantal-updates/InRelease W: Failed to fetch http:ke.archive.ubuntu.com/ubuntu/dists/quantal-backports/InRelease W: Failed to fetch http:security.ubuntu.com/ubuntu/dists/quantal-security/InRelease W: Failed to fetch http:extras.ubuntu.com/ubuntu/dists/quantal/InRelease W: Failed to fetch http:ke.archive.ubuntu.com/ubuntu/dists/quantal/Release.gpg Unable to connect to ke.archive.ubuntu.com:http: W: Failed to fetch http:ke.archive.ubuntu.com/ubuntu/dists/quantal-updates/Release.gpg Unable to connect to ke.archive.ubuntu.com:http: W: Failed to fetch http:ke.archive.ubuntu.com/ubuntu/dists/quantal-backports/Release.gpg Unable to connect to ke.archive.ubuntu.com:http: W: Failed to fetch http:security.ubuntu.com/ubuntu/dists/quantal-security/Release.gpg Unable to connect to security.ubuntu.com:http: [IP: 91.189.92.190 80] W: Failed to fetch http:extras.ubuntu.com/ubuntu/dists/quantal/Release.gpg Unable to connect to extras.ubuntu.com:http: W: Some index files failed to download. They have been ignored, or old ones used instead. (note i have removed the // after http because the site does not allow me to post more than two links) what could be the issue?

    Read the article

  • IIS reveals internal IP address in content-location field - fix

    - by saille
    Referring: http://support.microsoft.com/kb/q218180/, there is a known issue in IIS4/5/6 whereby it will reveal the internal IP of a web server in the content-location field of the HTTP header. We have IIS 6. I have tried the fix suggested, but it has not worked. The website is configured to send all requests to ASP.NET, and I am wondering if this is why the fix, which addresses IIS configuration, has not worked for us. If this is the case, how would we fix this in ASP.NET? We need to fix this issue in order to pass a security audit.

    Read the article

  • smartctl -t long isn't finishing

    - by xenoterracide
    I been running smartctl -t long on a drive for about 2 days now and it seems to be stalled at 10%. short and conveyance both passed. I have to send 1 of 2 drives purchased back I found badblocks with badblocks (none on this drive and I'ts made over a pass already). I'm just wondering if I should be concerned about this. smartctl 5.39.1 2010-01-28 r3054 [x86_64-unknown-linux-gnu] (local build) Copyright (C) 2002-10 by Bruce Allen, http://smartmontools.sourceforge.net === START OF INFORMATION SECTION === Device Model: WDC WD10EARS-00Y5B1 Serial Number: WD-WMAV51582123 Firmware Version: 80.00A80 User Capacity: 1,000,204,886,016 bytes Device is: Not in smartctl database [for details use: -P showall] ATA Version is: 8 ATA Standard is: Exact ATA specification draft version not indicated Local Time is: Mon May 10 22:19:52 2010 EDT SMART support is: Available - device has SMART capability. SMART support is: Enabled === START OF READ SMART DATA SECTION === SMART overall-health self-assessment test result: PASSED General SMART Values: Offline data collection status: (0x82) Offline data collection activity was completed without error. Auto Offline Data Collection: Enabled. Self-test execution status: ( 241) Self-test routine in progress... 10% of test remaining. Total time to complete Offline data collection: (20100) seconds. Offline data collection capabilities: (0x7b) SMART execute Offline immediate. Auto Offline data collection on/off support. Suspend Offline collection upon new command. Offline surface scan supported. Self-test supported. Conveyance Self-test supported. Selective Self-test supported. SMART capabilities: (0x0003) Saves SMART data before entering power-saving mode. Supports SMART auto save timer. Error logging capability: (0x01) Error logging supported. General Purpose Logging supported. Short self-test routine recommended polling time: ( 2) minutes. Extended self-test routine recommended polling time: ( 231) minutes. Conveyance self-test routine recommended polling time: ( 5) minutes. SCT capabilities: (0x3031) SCT Status supported. SCT Feature Control supported. SCT Data Table supported. SMART Attributes Data Structure revision number: 16 Vendor Specific SMART Attributes with Thresholds: ID# ATTRIBUTE_NAME FLAG VALUE WORST THRESH TYPE UPDATED WHEN_FAILED RAW_VALUE 1 Raw_Read_Error_Rate 0x002f 200 200 051 Pre-fail Always - 2 3 Spin_Up_Time 0x0027 131 131 021 Pre-fail Always - 6408 4 Start_Stop_Count 0x0032 100 100 000 Old_age Always - 12 5 Reallocated_Sector_Ct 0x0033 200 200 140 Pre-fail Always - 0 7 Seek_Error_Rate 0x002e 200 200 000 Old_age Always - 0 9 Power_On_Hours 0x0032 100 100 000 Old_age Always - 148 10 Spin_Retry_Count 0x0032 100 253 000 Old_age Always - 0 11 Calibration_Retry_Count 0x0032 100 253 000 Old_age Always - 0 12 Power_Cycle_Count 0x0032 100 100 000 Old_age Always - 10 192 Power-Off_Retract_Count 0x0032 200 200 000 Old_age Always - 7 193 Load_Cycle_Count 0x0032 200 200 000 Old_age Always - 174 194 Temperature_Celsius 0x0022 106 102 000 Old_age Always - 41 196 Reallocated_Event_Count 0x0032 200 200 000 Old_age Always - 0 197 Current_Pending_Sector 0x0032 200 200 000 Old_age Always - 0 198 Offline_Uncorrectable 0x0030 200 200 000 Old_age Offline - 0 199 UDMA_CRC_Error_Count 0x0032 200 200 000 Old_age Always - 0 200 Multi_Zone_Error_Rate 0x0008 200 200 000 Old_age Offline - 0 SMART Error Log Version: 1 No Errors Logged SMART Self-test log structure revision number 1 Num Test_Description Status Remaining LifeTime(hours) LBA_of_first_error # 1 Conveyance offline Completed without error 00% 99 - # 2 Extended offline Interrupted (host reset) 10% 30 - # 3 Short offline Completed without error 00% 0 - SMART Selective self-test log data structure revision number 1 SPAN MIN_LBA MAX_LBA CURRENT_TEST_STATUS 1 0 0 Not_testing 2 0 0 Not_testing 3 0 0 Not_testing 4 0 0 Not_testing 5 0 0 Not_testing Selective self-test flags (0x0): After scanning selected spans, do NOT read-scan remainder of disk. If Selective self-test is pending on power-up, resume after 0 minute delay.

    Read the article

  • IIS reveals internal IP address in content-location field

    - by saille
    Referring: http://support.microsoft.com/kb/q218180/, there is a known issue in IIS4/5/6 whereby it will reveal the internal IP of a web server in the content-location field of the HTTP header. We have IIS 6. I have tried the fix suggested, but it has not worked. The website is configured to send all requests to ASP.NET, and I am wondering if this is why the fix, which addresses IIS configuration, has not worked for us. If this is the case, how would we fix this in ASP.NET? We need to fix this issue in order to pass a security audit.

    Read the article

  • Shibboleth: found encrypted assertions, but no CredentialResolver was available

    - by HorusKol
    I've gotten a Shibboleth Server Provider (SP) up and running, and I'm using the TestShib Identity Provider (IdP) for testing. The configuration appears to be all correct, and when I requested my secured directory I was sent to the IdP where I logged in and then was sent back to https://example.org/Shibboleth.sso/SAML2/POST where I am getting a generic error message. Checking the logs, I am told: found encrypted assertions, but no CredentialResolver was available I have rechecked the configuration, and there I have: <CredentialResolver type="File" key="/etc/shibboleth/sp-key.pem" certificate="/etc/shibboleth/sp-cert.pem"/> Both of these files are present at those locations. I've restarted apache and retried, but still get the same error. I don't know if it makes a difference - but only a subdirectory of the site has been secured - the documentroot is publicly available.

    Read the article

  • How to list all my packages from command line which can show package name, license, source url, etc?

    - by YumYumYum
    How to get all the installed package list with there license, source url? Such as following only shows name of the package only. $ dpkg --get-selections acpi-support install acpid install adduser install adium-theme-ubuntu install aisleriot install alacarte install For example in Fedora/CentOS (RED HAT LINUX BRANCH), you can see that: $ yum info busybox Loaded plugins: auto-update-debuginfo, langpacks, presto, refresh-packagekit Available Packages Name : busybox Arch : i686 Epoch : 1 Version : 1.18.2 Release : 5.fc15 Size : 615 k Repo : updates Summary : Statically linked binary providing simplified versions of system commands URL : http://www.busybox.net License : GPLv2 Description : Busybox is a single binary which includes versions of a large number : of system commands, including a shell. This package can be very : useful for recovering from certain types of system failures, : particularly those involving broken shared libraries. Follow up: /var/lib/apt/lists$ ls extras.ubuntu.com_ubuntu_dists_natty_main_binary-amd64_Packages extras.ubuntu.com_ubuntu_dists_natty_main_source_Sources extras.ubuntu.com_ubuntu_dists_natty_Release extras.ubuntu.com_ubuntu_dists_natty_Release.gpg lock partial security.ubuntu.com_ubuntu_dists_natty-security_main_binary-amd64_Packages security.ubuntu.com_ubuntu_dists_natty-security_main_source_Sources security.ubuntu.com_ubuntu_dists_natty-security_multiverse_binary-amd64_Packages security.ubuntu.com_ubuntu_dists_natty-security_multiverse_source_Sources security.ubuntu.com_ubuntu_dists_natty-security_Release security.ubuntu.com_ubuntu_dists_natty-security_Release.gpg security.ubuntu.com_ubuntu_dists_natty-security_restricted_binary-amd64_Packages security.ubuntu.com_ubuntu_dists_natty-security_restricted_source_Sources security.ubuntu.com_ubuntu_dists_natty-security_universe_binary-amd64_Packages security.ubuntu.com_ubuntu_dists_natty-security_universe_source_Sources us.archive.ubuntu.com_ubuntu_dists_natty_main_binary-amd64_Packages us.archive.ubuntu.com_ubuntu_dists_natty_main_source_Sources us.archive.ubuntu.com_ubuntu_dists_natty_multiverse_binary-amd64_Packages us.archive.ubuntu.com_ubuntu_dists_natty_multiverse_source_Sources us.archive.ubuntu.com_ubuntu_dists_natty_Release us.archive.ubuntu.com_ubuntu_dists_natty_Release.gpg us.archive.ubuntu.com_ubuntu_dists_natty_restricted_binary-amd64_Packages us.archive.ubuntu.com_ubuntu_dists_natty_restricted_source_Sources us.archive.ubuntu.com_ubuntu_dists_natty_universe_binary-amd64_Packages us.archive.ubuntu.com_ubuntu_dists_natty_universe_source_Sources us.archive.ubuntu.com_ubuntu_dists_natty-updates_main_binary-amd64_Packages us.archive.ubuntu.com_ubuntu_dists_natty-updates_main_source_Sources us.archive.ubuntu.com_ubuntu_dists_natty-updates_multiverse_binary-amd64_Packages us.archive.ubuntu.com_ubuntu_dists_natty-updates_multiverse_source_Sources us.archive.ubuntu.com_ubuntu_dists_natty-updates_Release us.archive.ubuntu.com_ubuntu_dists_natty-updates_Release.gpg us.archive.ubuntu.com_ubuntu_dists_natty-updates_restricted_binary-amd64_Packages us.archive.ubuntu.com_ubuntu_dists_natty-updates_restricted_source_Sources us.archive.ubuntu.com_ubuntu_dists_natty-updates_universe_binary-amd64_Packages us.archive.ubuntu.com_ubuntu_dists_natty-updates_universe_source_Sources

    Read the article

  • Application to test a cluster/grid

    - by Mystic
    Is anyone aware of any application (computation + data) that I can download to test an in-house grid middleware that will run on a local cluster. I hope to compare the performance with other available grid systems.

    Read the article

  • How difficult is it to setup a mailserver?

    - by Jacob R
    I want a secure mail solution, as I am looking to move away from Google and other parties looking into my private data. How much of a PITA is it to setup my own mailserver? Should I go for an external provider with a good privacy policy and encrypted data instead? I have a VPS running Debian (with a dedicated IP + reverse DNS), and I'm a fairly capable Linux administrator, having setup a couple of webservers, home networks, and looking over the shoulder of sysadmins at work. The security I currently have on the VPS is limited to iptables and installing/running the bare minimum of what I need (currently basically irssi and lighttpd). When setting up a mail server, is there a lot of stuff to take into consideration? Will my outgoing mail be marked as spam on other servers if I don't implement a number of solutions? Will reliable spam filtering be difficult to setup? Can I easily encrypt the stored mail?

    Read the article

  • secure synchronization of large amount of data

    - by goncalopp
    I need to automatically mirror a large amount (terabytes) of files in two unix machines over a slow link (1 Mbps). This needs to be done frequently, but the data doesn't change too much (delta transmission doesn't saturate the link). The usual solution would be rsync, but there's an additional requirement: it's undesirable, from a security standpoint, that either the source or destination machines have (keyless) ssh keys to each other, or any kind of filesystem access. All communication between the two machines should thus be initialized (and mediated) through a third machine. I've asked a separate question about rsync in particular here. Are there other obvious solutions I'm missing?

    Read the article

  • Running .net application over a network

    - by Marlon
    Hello, I need some advice please. I need to enable a .Net application to run over a network share, the problem is that this will be on clients network shares and so the path will not be identical. I've had a quick look at ClickOnce and the publish options in VS2008 but it wants a specific network share location - and I'm assuming this location gets stored somewhere when it does its thing. At the moment the job is being done with a old VB6 application and so gets around all these security issues, but that application is poorly written and almost impossible to maintain so it really needs to go. Is it possible for the domain controller to be set up to allow this specific .Net application to execute? Any other options would be welcomed as I want to get this little application is very business critical. I aught to say that the client networks are schools, and thus are often quite locked down as are the client machines, so manually adding exceptions to each client machine is a big no no. Marlon

    Read the article

  • Good Lambda Probe Alternative

    - by joel_gil
    hello everyone i was just wondering of a good Lambda Probe alternative for monitoring MySQL server with GLassfish The cath is that we dont want just a current monitor but sth that will keep a history since i am going to stress test some servers and i would like sth that outputs the data either in tables or graphic so i can then run some statistical analysis I hope my question was understood, thanks in advanced

    Read the article

< Previous Page | 161 162 163 164 165 166 167 168 169 170 171 172  | Next Page >